SMARTER HOMES BIGGER SALES
HOW CAN SMART PRODUCTS BE SAFE IN A CYBER-CRIME WORLD?
In addition to product-focused security stan- dards, there are standards and guidelines that exist for the management of risk and information security. These standards generally do not focus on product-speci c requirements, rather they focus on organizational processes for information secu- rity controls. Some examples are:
NIST Cybersecurity Framework. Published in February 2014 and updated in April 2018, this framework provides voluntary guidance – based on existing industry standards, guidelines, and practices – with the goal of helping organizations manage and reduce cybersecurity risks. Because it functions as guidance, it is not simply a checklist of requirements. It must be customized by each orga- nization based on risks, situations, and needs.
ISO/IEC27000 family of standards for in- formation security management systems. These standards provide a structure for imple- menting an information security management system, safeguarding information assets while making the process easier to manage, measure, and improve. It helps address three dimensions of information security: Con dentiality, Integrity, and Availability and is a good standard for organizations wishing to assess security risks at an organizational – not product – level. As such, it requires a mature
“The safety of connected lighting products goes beyond electrical safety standards and testing as these products are connected to a network of other devices and data.”
understanding of security at an organizational level, as well as policy and procedure-based se- curity, touching every aspect of a company from so ware development to human resources. It will not address technical vulnerabilities within a spe- ci c product.
As lighting designers and manufacturers look to ful ll consumer demand for connected lighting products, cyber-security remains a critical consid- eration. The safety of connected lighting products goes beyond electrical safety standards and test- ing as these products are connected to a network of other devices and data. Ensuring the device is safe – while keeping information and data within a network secure – is important to a product’s success, brand value, and company reputation. Make sure these threats are considered and miti- gated throughout the product design cycle to get in-demand products to market more quickly and e ectively. 
Wayne Stewart is Director of Intertek EWA- Canada (an international assurance, inspection, product testing, and certi cation company) and is a renowned speaker and expert on cyber-security including intrusion detection, cryptography, vulnerability assessment, penetration testing, static code analysis, payment technologies, and product reviews.
66 enLIGHTenment Magazine | March 2019
www.enlightenmentmag.com