Security Sales & Integration April 2021 - 44

Video
Better Cyber Standards,
Better Security

legislation marks a pivotal step toward securing
the Internet. The bill enjoyed widespread bipartisan support, and was also endorsed by several
tech companies, including BSA (The Software
Alliance), Cloudflare, CTIA, Mozilla, Rapid7,
Symantec and Tenable.
The new law stipulates the creation of " standards and guidelines for the federal government
on the appropriate use and management by
agencies of Internet of Things devices owned
or controlled by an agency and connected to
information systems owned or controlled by
an agency, including minimum information
security requirements for managing cybersecurity risks associated with such devices. " The
National Institute of Standards and Technology
(NIST) was tasked with creating the standard
and guidelines, which include secure development, identity management, patching and configuration management and more.
The law gives the U.S. Office of Management and Budget (OMB) six months to come
up with recommendations based on the NIST
standards and guidelines. Wisely, the law requires OMB to consult with cybersecurity researchers and private sector industry experts as
it puts together its recommendations.
States are getting into the action as well. In
the past two years, California and Oregon passed
IoT security laws, while Illinois, Kentucky, Massachusetts, Maryland, New York, Rhode Island,

Vermont and Virginia are considering similar legislation, according to BTB Security. The consideration and passage of legislation signals growing
awareness of the threat unsecured IoT devices pose
to the Internet and to our collective digital security.

Next Steps for the Security Industry
While the security industry has made some
great advances in cybersecurity over the past
four years, there is a lot more to be done. In
addition to standards and laws, the industry as
a whole, needs more cybersecurity education
and awareness. There needs to be vendor-neutral cybersecurity courses and certifications for
the security industry. Companies need to hire
experts to build cybersecurity into their products and services, educate their employees and
help to educate the industry. Thankfully, there
is evidence of a lot of this work starting already.
We will hopefully see some rapid advances
in the next few years. Some of it will be driven
by customer demand, some by legislation and
some by companies working together to defend
against a common foe. The true enemy of any
computing devices is criminal hackers, and we
all need to work together as allies to create a
safer cyberspace. SSI
CHUCK DAVIS, MSIA, CISSP-ISSAP, is Senior
Director of Global Cybersecurity for video
surveillance provider Hikvision.

SECURING A VMS: 3 THINGS TO REMEMBER
▶ Securing a video manage-

ment software (VMS) system is
not much different than securing any other computer. If you
manage to apply some of the
basic cybersecurity controls,
you will greatly reduce the risk
of your customer's VMS being
compromised by an attacker.
Here are three tips to securing
a client's VMS:
1. VPN Firewall: If the VMS
has access to the Internet, it
will be vulnerable to Internet
attacks. A firewall between
the Internet and VMS system
should be put in place. Do not
port-forward any device that

was not built to withstand the
constant attacks that occur
to every system that is directly connected to the Internet.
Instead of port-forwarding, a
firewall with a VPN server can
allow for remote access to
the VMS from the Internet in
a secure, encrypted manner.
2. Network Segmentation: Large enterprise organizations fully understand and
implement network segmentation strategies, but many
small and medium-sized
businesses do not. Be sure
that video surveillance
equipment is on a separate

44  Security Sales & Integration APRIL 2021	

SS2104 pp42-44 Standards CyberSecurity.indd 44

network from other computing devices. This way, if a
computer is compromised,
the attackers won't be able
to get to the VMS system. If
video surveillance equipment
becomes compromised, the
attackers won't be able to get
to other computers.
3. Passwords: We all hate
passwords but have to deal
with them every day. Most
people know that passwords
should be long (12 characters
or more) and with mixed
characters (uppercase, lowercase, numbers and special
characters). What many

people don't know is that you
should never use a password
for more than one account.
Many account compromises
happen because the victim
reused a password. Ensure
that passwords are long and
recommend using a password
manager. That way, the user
will never have to remember
any of them.
The VMS is a critical part
of physical security solutions,
so be sure to apply these basic cybersecurity controls to
greatly reduce the risk of your
customer's VMS becoming
compromised.

securitysales.com

3/22/21 10:31 AM


http://www.securitysales.com

Security Sales & Integration April 2021

Table of Contents for the Digital Edition of Security Sales & Integration April 2021

Security Sales & Integration April 2021 - Bellyband1
Security Sales & Integration April 2021 - Bellyband2
Security Sales & Integration April 2021 - Cover1
Security Sales & Integration April 2021 - Cover2
Security Sales & Integration April 2021 - 1
Security Sales & Integration April 2021 - 2
Security Sales & Integration April 2021 - 3
Security Sales & Integration April 2021 - 4
Security Sales & Integration April 2021 - 5
Security Sales & Integration April 2021 - 6
Security Sales & Integration April 2021 - 7
Security Sales & Integration April 2021 - 8
Security Sales & Integration April 2021 - 9
Security Sales & Integration April 2021 - 10
Security Sales & Integration April 2021 - 11
Security Sales & Integration April 2021 - 12
Security Sales & Integration April 2021 - 13
Security Sales & Integration April 2021 - 14
Security Sales & Integration April 2021 - 15
Security Sales & Integration April 2021 - 16
Security Sales & Integration April 2021 - 17
Security Sales & Integration April 2021 - 18
Security Sales & Integration April 2021 - 19
Security Sales & Integration April 2021 - 20
Security Sales & Integration April 2021 - 21
Security Sales & Integration April 2021 - 22
Security Sales & Integration April 2021 - 23
Security Sales & Integration April 2021 - 24
Security Sales & Integration April 2021 - 25
Security Sales & Integration April 2021 - 26
Security Sales & Integration April 2021 - 27
Security Sales & Integration April 2021 - 28
Security Sales & Integration April 2021 - 29
Security Sales & Integration April 2021 - 30
Security Sales & Integration April 2021 - 31
Security Sales & Integration April 2021 - 32
Security Sales & Integration April 2021 - 33
Security Sales & Integration April 2021 - 34
Security Sales & Integration April 2021 - 35
Security Sales & Integration April 2021 - 36
Security Sales & Integration April 2021 - 37
Security Sales & Integration April 2021 - 38
Security Sales & Integration April 2021 - 39
Security Sales & Integration April 2021 - 40
Security Sales & Integration April 2021 - 42
Security Sales & Integration April 2021 - 42
Security Sales & Integration April 2021 - 43
Security Sales & Integration April 2021 - 44
Security Sales & Integration April 2021 - 45
Security Sales & Integration April 2021 - 46
Security Sales & Integration April 2021 - 47
Security Sales & Integration April 2021 - 48
Security Sales & Integration April 2021 - 49
Security Sales & Integration April 2021 - 50
Security Sales & Integration April 2021 - 51
Security Sales & Integration April 2021 - 52
Security Sales & Integration April 2021 - 53
Security Sales & Integration April 2021 - 54
Security Sales & Integration April 2021 - 55
Security Sales & Integration April 2021 - 56
Security Sales & Integration April 2021 - 57
Security Sales & Integration April 2021 - 58
Security Sales & Integration April 2021 - 59
Security Sales & Integration April 2021 - 60
Security Sales & Integration April 2021 - 61
Security Sales & Integration April 2021 - 62
Security Sales & Integration April 2021 - 63
Security Sales & Integration April 2021 - 64
Security Sales & Integration April 2021 - Cover3
Security Sales & Integration April 2021 - Cover4
https://www.nxtbook.com/emerald/securitysales/august_2023
https://www.nxtbook.com/emerald/securitysales/july_2023
https://www.nxtbook.com/emerald/securitysales/june_2023
https://www.nxtbook.com/emerald/securitysales/may_2023
https://www.nxtbook.com/emerald/securitysales/april_2023
https://www.nxtbook.com/emerald/securitysales/march_2023
https://www.nxtbook.com/emerald/securitysales/february_2023
https://www.nxtbook.com/emerald/securitysales/january_2023
https://www.nxtbook.com/emerald/securitysales/december_2022
https://www.nxtbook.com/emerald/securitysales/november_2022
https://www.nxtbook.com/emerald/securitysales/october_2022
https://www.nxtbook.com/emerald/securitysales/september_2022
https://www.nxtbook.com/emerald/securitysales/august_2022
https://www.nxtbook.com/emerald/securitysales/july_2022
https://www.nxtbook.com/emerald/securitysales/june_2022
https://www.nxtbook.com/emerald/securitysales/may_2022
https://www.nxtbook.com/emerald/securitysales/april_2022
https://www.nxtbook.com/emerald/securitysales/march_2022
https://www.nxtbook.com/emerald/securitysales/february_2022
https://www.nxtbook.com/emerald/securitysales/january_2022
https://www.nxtbook.com/emerald/securitysales/december_2021
https://www.nxtbook.com/emerald/securitysales/november_2021
https://www.nxtbook.com/emerald/securitysales/october_2021
https://www.nxtbook.com/emerald/securitysales/september_2021
https://www.nxtbook.com/emerald/securitysales/august_2021
https://www.nxtbook.com/emerald/securitysales/july_2021
https://www.nxtbook.com/emerald/securitysales/june_2021
https://www.nxtbook.com/emerald/securitysales/may_2021
https://www.nxtbook.com/emerald/securitysales/apr_2021
https://www.nxtbookmedia.com