What to Do When Physical Security and IT Meet

Effective meetings between security and IT requires breaking through the communications barrier


Many discussions and meetings between Security and IT personnel go awry because of a terminology problem that is peculiar to the realms of Physical Security and IT. Because IT includes security elements, the world of Physical Security shares many words with the IT world. The words are similar conceptually, but different in specific meaning.

Security personnel can think that IT's discussion about an Access Control List means a discussion about authorizations for the security cards used to access the building and parking lot. The IT term is a parallel concept, but actually refers to a list that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Does a security breach inside the perimeter mean that someone forced a door open in the facility, or that a network breach originated on the inside of the firewalls that protect the network? Does traffic level mean the amount of people that go through a security revolving door, or does it mean the number of packets being transmitted on a network?

Meeting Fog
It is very common for people to get hung up on a particular point due to this terminology issue. They thought they were tracking with the speaker and then they realize they are not. Not wanting to appear ignorant, or out of concern for being ridiculed, they sit there and try to look alert even though they are fighting a heavy mental fog. It can put people to sleep.

Managers and executives can have the worst time of it, because just as they think a new word or phrase means one thing, it seems to mean another.

IT personnel would be amazed at the number of people who don't know the meaning of the word bandwidth. People can get all kinds of strange ideas when they hear words that they don't understand or for which they have different definitions. Overhearing a sentence like, "Look at the screen, you can see there isn't enough bandwidth," can give someone the idea that the width of the visual image on the screen is what is meant by bandwidth. This has actually happened. And there are people who think that CCTV refers to some cable television station like MTV rather than the camera surveillance system--closed circuit TV.

Meeting Guidelines
Here are some guidelines that can be applied to all meetings, but which are especially important for meetings where both Physical Security and IT topics will be discussed:

- List the topics to be covered. At the start of the meeting, list the various knowledge domains that will be covered in the meeting. Ask for a show of hands if a domain is not a primary subject of expertise. If any hands go up, emphasize the importance of not going past any point that isn't completely understood. Explain that the success of the meeting and the follow up actions is important enough to take the time to clear up any questions.

- Schedule attendance for mixed agenda meetings. Try scheduling the topics so that people won't be unnecessarily subjected to domain-specific discussions. Someone from accounting should not be expected to sit through a lengthy technical discussion. Skip the technical discussion and give a plain English summary, or schedule the technical discussions first with a limited group and bring others into the meeting at a later point.

- Specify who can answer questions. Sometimes people can think they understand something, to find later that they don't. By the conclusion of any meeting, make sure you have identified who should be contacted about questions specific to each topic of discussion.

This content continues onto the next page...