CIS Logo
tagline: Confidence in the Connected World
 

A Guide for Ensuring Security in Election Technology Procurements

Part 4: IT Product & Service Lifecycle

Poor IT procurement can undermine other positive efforts to manage cybersecurity risk. Cybersecurity outcomes are driven by the details of IT systems and their implementation at each stage of the IT product’s or service’s life. The normal lifecycle for IT products involves hardware and software development, integration, patching, service and maintenance, and end-of-life transition. Security vulnerabilities can emerge at any point in the IT lifecycle and may be difficult to detect and eliminate later. When planning a procurement, you must think about this full lifecycle that begins before the procurement and ends well after it. Each of these items has implications for the IT procurement process. Only through quality hardware, software, and services procurements can you expect to have success managing cybersecurity risk throughout the election process. Any deficiencies in design, implementation, integration, or configuration can lead to vulnerabilities that can be identified and exploited by malicious actors.


Information Hub : Elections Resources


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0

Pencil Blog post 18 Jul 2019
CONTROL: 4 --- ADVISORY CONTROL: 0