Implementing a complete security system

VidSys, a provider of Physical Security Information Management (PSIM) solutions, hosted a webinar on Wednesday to discuss the challenges involved with moving from traditional security applications to a complete security system.

Sharing their experiences with businesses struggling to bring together disparate security systems were John Carney, senior manager and vertical solutions architect for Cisco Systems and Rick Orloff, director of information security for Apple.

According to Carney, many public sector institutions such as government agencies and schools have had a tendency over the years to install technology in what he referred to as “silos,” meaning that they were independent of other security systems within the district or department. He also added that some public sector organizations also seem to either not share critical information with each other or lack integration with other departments. All of this opens up the organization in question to increased risk.

“Inefficiency can have a fairly significant impact on the ability to respond to a situation,” Carney said.

To help solve some of these problems, Carney advises clients to be proactive and break down the barriers of administrative inefficiencies, such as allowing someone the power to make critical decisions as they are needed and not have to cut through bureaucratic red tape. In addition, Carney also says that organizations should move towards information and asset sharing to help foster a culture of collaboration.

Addressing the issue of technology, Orloff says that organizations should build their security systems around root problems to avoid having the dilemma of trying to tie together a group of disparate solutions.

“It’s analogous to doing a business impact analysis,” he said. “We sit down and determine what the most critical thing to them is. If they lose those things or components or these things happens, it’s going to have an adverse impact to their business. That’s what we decide is then their ‘crown jewels.’ Now that we have agreed with that business… we look at what the (solution) is that we want to protect (the crown jewels).”

Orloff says that business should first determine what their functional needs are, such as access control or asset tracking, and then build the security infrastructure around those needs.

Carney warns, however, that business should always consider the primary organizational risk first and not get caught up in “risk de jour” of the day.

“The starting point should always be what the primary risk is. I think the thing you need to be careful of though is that you don’t get sucked into cycle of what is the highest risk of day,” he said. “You wind up getting into a reactionary situation where you have a limited budget, take a school for instance; you’ve had a break-in a couple of times in a dormitory. The likelihood is by the time you get cameras in that area, the risk is gone. Be careful when you’re looking at risk to look at it from the big picture perspective.”