As part of the NAFTA discussions it looks like the US is looking to add a cyber security component in the mix. Finally a great idea in a trade agreement! The basis for this is quite clear given the interconnected world we live in and the fact that all Canadian Internet traffic is routed to the US. We have to ensure that one country is not in a position to bring the downfall of another due to weak security practices.
Given the current state of cyber security practices in Canada by most SMB’s this will serve as a good wake up call to get your security house in order if you want to sell to the US. Based on the current wording companies would have to demonstrate the implementation of an accepted cyber security framework within the organization.
What does these mean? From the top down, executives are responsible enough to have implemented the necessary security management system to measure and mitigate cyber risk within their respective organizations. I am not going to provide all the nuts and bolts to how to do this but would “highly” recommend you get a copy of ISO/IEC 27001/27002 and build your plan to implement a Information Security Management System (ISMS). Don’t let the information part of the name fool you, this standard has been written to fully consider the cyber elements of any organization regardless of sector.
The best place to buy this is from our friends at CSA Group in Canada. They actually offer a Security bundle that contains all the base standards to get you started at a very reason price.
When you initiate your cyber program focus on conducting your risk assessments, your action/mitigation plan and getting those policies and processes nailed down, and most of all education and awareness will be a key element of your success.
Keep in mind that this will not be easy but the benefits will help you sell your solutions to the US and will help protect your digital assets. What else could you ask for?