The Security Week That Was: A Recap - Aug. 19-25, 2006

SIW Editor Geoff Kohl gives a weekly surveillance of news shaping your profession


Earlier this week we published an interview with Steve Collen of Cisco, and judging by the number of your fellow readers who have loaded this article, we really struck a chord. Interestingly enough, just a day after we published that, we got wind that IBM had acquired Internet Security Systems. Now while the ISS acquisition may seem a bit unrelated to those of you selling and working with physical security systems, a side note to the whole IBM acquisition story was that about a month ago, IBM slipped under the radar of the news media and acquired a company called MRO Software.

Now, don't be puzzled if you haven't heard much about MRO Software; neither had many in the industry. A little research into MRO explains that they are a company that creates enterprise asset management software which works for both physical assets and IT assets. IBM obviously isn't brand new to security. As IBM's Val Rahmani, general manager of infrastructure management services, the acquisition of ISS was an IBM security expansion, not a new initiative. However, now that IBM has pulled together an asset management company and a full-fledged IT security managed security services company, it's pretty clear that IBM could be well positioned to be a player in converged security. That convergence may be focused on network security and risk management and compliance, but it's interesting to see similarities to Cisco, which has gone after a converged security approach, albeit more of a hardware-focused solution.

"It's not physical security; It's not computer security."
DOD's Michael Butler sheds light on the HSPD-12 implementation projects

On yesterday's live webinar from SecurityInfoWatch.com, "Meeting the Challenges of HSPD-12 and FIPS 201", one of the most interesting things to pick up on was when Michael Butler, director of the DOD's Access Card Office, summed up how he explained the HSPD-12 initiative to senior government management. To paraphrase lightly, Butler said, "It's not about computer security. It's not about physical security. It is about the identity industry."

Butler's point is well taken. The IT department isn't hugely interested in physical security, and likewise, the physical security department isn't focusing its resources on DoS attacks and the likes. But what both "camps" understand is identity management -- and that is a applicable lesson for anyone attempting to get IT and physical security departments on the same page, whether or not HSPD-12 is the topic at hand. Yesterday's webinar will be archived online and available after 3 p.m. today Eastern time. Use this registration link after that time to view the program.

Security Means Convenience?
Plus how a mysterious cloud sheds light on security protocols

Aviation security is such a hot topic, and we can't get enough of it. That's partly because airports have demonstrated that they are such great proving grounds for a lot of technologies, from X-ray systems to biometric access control. So, for a minute, let's turn to two security stories out of the airport market. The first comes out of the Minneapolis-St. Paul airport, where an alarm was set off near a security checkpoint, after a mysterious cloud appeared. The best bet is that the cloud was simply a pepper spray (it send some people to hospitals for check-ups), as the air subsequently tested negative for much worse contaminants. The situation does bring up an interesting point about reaction, and how policies should be tailored based on chemical releases: Do you quarantine and then test? Do you test and then quarantine?

The second air transportation story to be flagged was a story from a journalist with the Baltimore Sun. It often seems that additional layers of security and new security policy can often lessen the "convenience" of employees and customers. But what this journalist noted was that how a new security measure (the ban of liquids in carry-on luggage) had prompted more checking of luggage, which in turn created faster times at checkpoints and even possibly a slight increase in on-time arrivals of passenger jets. Are there applications of security at your own operations where an additional level of security can create additional convenience and faster-throughput?

This content continues onto the next page...