The third in a four-part series outlines the path to secure radio frequency identification.
On our journey to better RFID security, we’ve learned what the major threats are, and the potential effects they can have. To get our organizations to a better place, we need to look at one overarching step we all need to take, the risk assessment and five key processes that will change as part of the results of it. This will result in a good first step of knowing what we have, and using the results of that to drive change in those five areas. This is very important because we need to make sure that we have these core processes in place to support the organizational change that RFID can bring.
The risk assessment is the first and most important key step to take and is something that needs to be ongoing. We need to understand what the issues are, and need to have a prioritized plan to address them. The best way to do so is to assess them using a comprehensive standard security framework such as NIST or HITRUST with quantitative scoring, not just low, medium, or high. Make sure the framework addresses technical, physical and logical controls.