- Security TWENTY
- Women in Security Awards
The security systems manufacturer Inner Range reports what it calls a new strategic focus on cyber, after auditing and formalising several of its cyber security measures. The firm, which has not had a single reported cyber security breach in its 30-year history, has been working with a software service company to develop cyber security governance. Included are:
– A dedicated cross-functional cyber security governance team
– Coordinated penetration testing of all networked products by independent accredited laboratories
– Product development process that includes cyber threat assessment
– Deployment of hardened cybersecurity technologies; and
– Supply of cyber hardening installation guidelines for Inner Range products
Tim Northwood, general manager of Inner Range, said: “Cyber security is one of the major challenges facing organisations today and it’s critical that networked security and access control systems provide customers with the safest possible solution.
“Our new programme shows our absolute commitment to cyber security, not as a ‘extra’ level of security but as a core element running through every stage of the design, manufacture, installation and management of our security systems.”
The company has released a formal statement outlining its cyber measures. A cross functional cyber security governance committee brings together senior representatives from research and development, production, technical support and IT as well as executive leaders. They now manage and update cyber security policies and procedures.
The statement notes how all networked products undergo penetration testing by independent accredited laboratories to assess security and probe for vulnerabilities. Penetration testing has been applied to the manufacturer’s IP network-connected products, including Integriti, Inception, Multipath and SkyCommand. Test results form part of the product development process.
Cyber threat assessment is included at every stage of the product development process. Aside from pen-testing, strict access control permissions are allocated to source code to ensure only relevant staff have access to code repositories.
The company says it only deploys hardened cyber security technologies. For example, cloud services Multipath and SkyCommand are hosted in cloud hosting that offer redundancy and load-balancing across multiple locations and come with certifications from ISO/IEC, CSA, ITAR, CJIS, HPIAA and IRS 1075. The manufacturer’s devices use cryptographic implementations, including AES encryption, while its architecture is designed to minimise risk, such as with resilient LAN networks and lightweight real-time operating systems.
The company is now offering cyber hardening installation guidelines to integrators and end users to ensure systems are installed and managed securely. The guides include recommendations around security, network access control, firewalls, identity management and vulnerability management. Visit innerrange.co.uk.