Home » Magazine Archives » February 2006
Security Technology Executive
Most Read
Most Emailed
E-mail Article
Print Article
Function Vs. Faction
Why are security silos dying, and what can you do to converge functions in your organization?The Latest from SIW
Mace to launch dealer program, acquire central station Basics of establishing an employee ID badging system The security week that was: 1/02/09 The top 40 security stories of 2008 Homemade bombs force evacuations in Aspen, Colo. Toronto wraps up municipal surveillance pilot project
By Dave Tyson
If one accepts the premise that security is a “weakest link” discipline, then no organization can truly approach being secure unless they consider all of their security risks when crafting an overall security strategy and making risk mitigation decisions.
For many years, organizations have approached risk mitigation in an essentially siloed format, where physical security, IT security, audit, risk management and other risk-oriented functions operated independently. The gulf between these divisions inevitably increased duplication, bureaucracy and cost.
Over the past few years, a variety of business drivers has led these independent business functions to come together. This trend has been called security convergence: the formal, collaborative and strategic integration of the cumulative security resources of an organization in order to deliver enterprise-wide benefits through enhanced risk mitigation, increased operational effectiveness, and cost savings.
Study Finds Convergence Drivers
In a recent study commissioned by ASIS International, the Information Systems Security Association and ISACA (Information Systems Audit and Control Association) and conducted by Booz Allen Hamilton research, 36 global organizations were surveyed about the business drivers motivating security convergence in their organizations. The top five business drivers were:
1. The rapid expansion of the enterprise ecosystem. Organizations' network environments continue to expand, introducing new risks to the enterprise. Just a few factors extending the perimeters of organizations: global enterprises connecting disparate systems across countries and continents, connections with third parties, business partners, remote access, wireless, and the promotion of legacy systems to the outside world through the Internet. This push to expand technology borders is driving the risk equation to new heights.
2. Value migration from physical assets to information-based and intangible assets . For many years organizations were primarily concerned with protecting assets in the physical realm—inside filing cabinets and desks. In recent years we have seen a number of assets transition to almost entirely electronic form. Records often exist only in electronic format; orthophotos are stored in GIS databases, and CAD drawings are available online. The skill sets required to protect these assets have had to evolve in parallel with the migration of the assets themselves.
3. New protective technologies blurring functional boundaries. Historically, the tools of the physical security department included the standalone access control system, alarm system and CCTV system. Many of these systems now operate solely in the network environment, and all the while many physical security professionals are becoming less knowledgeable about the systems they rely on to conduct their operation.
