Your organization’s PBX has been end-of-support. The Original Equipment Manufacturer (OEM) offered a costly newer model as a replacement. However, secondary market suppliers can provide the same model with lower prices. Which of the following is the most concern if the replacement from a secondary market supplier is selected? (Wentz QOTD)
A. The clause of End-of-Life (EOL)
B. The new clause of End-of-Support (EOS)
C. Product counterfeits
D. Non-compliance with Common Criteria (CC)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Product counterfeits.
End-of-Life (EOL) and End-of-Support (EOS) are crucial concerns only if a genuine product is purchased. The OEM or provider won’t support counterfeits. A product that complies with the Common Criteria (CC) is good to have, but it’s not mandatory in most organizations. Moreover, it makes no sense to a counterfeit either.
The following are common risks to the ICT supply chain from NIST:
- Insertion of counterfeits
- Unauthorized production
- Insertion of malicious software and hardware
- Poor manufacturing and development practices
These ICT supply chain risks may include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices in the ICT supply chain. These risks are associated with an organization’s decreased visibility into, and understanding of, how the technology that they acquire is developed, integrated, and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services.
Source: NIST SP 800-161
Product Sales and Support
The policy for the end of product sales and support varies from vendor to vendor. The following diagram is an example of product EOL and EOS.
- What is End of Life (EOL) vs. End of Service/Support Life (EOSL)?
- Product Lifecycle and Support Management – Evolis Corporate Policy
- EVOLIS CATALOG PRODUCTS: DISCONTINUATION DATES
- Cisco Product End-of-Life Policy
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您組織的PBX已終止支持(end-of-support)。 原始設備製造商(OEM)提供了昂貴的新款機型來替代。 但是，二級市場供應商可以用較低的價格提供相同的機型。 如果選擇了二級市場供應商的替代產品，那麼以下哪一項是最值得關注的？ (Wentz QOTD)