Home » Magazine Archives » September 2007
Security Technology Executive
Most Read
Most Emailed
E-mail Article
Print Article
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
Lessons Learned
Physical Security & IT CollaborationThe Latest from SIW
Mace to launch dealer program, acquire central station Basics of establishing an employee ID badging system The security week that was: 1/02/09 The top 40 security stories of 2008 Homemade bombs force evacuations in Aspen, Colo. Toronto wraps up municipal surveillance pilot project
By Ray Bernard, PSP, CHS III
Security Technology & Design
Over the past four years at leading companies, the physical/corporate security departments and IT departments have been collaborating to improve security in both domains. This article presents three key lessons learned in those collaborative efforts, and provides a list of potential collaboration points between physical security and IT.
Lesson One: Integrate Processes, Not Systems
For many physical/IT collaborations, the initial thinking revolved around the systems integration tasks.
Data had to flow out of one system and into another. As the systems integration work was defined, more and more questions came up — such as where specific data comes from, who is responsible for the data, and so on. The process owners at the systems level were consulted. After quite a few iterations, enough questions were answered that the systems integration could be accomplished. The connections worked, so the project was considered successful.
However, for these projects, only systems-level documentation existed. What about the high-level impact on the business? That wasn't considered, but the common assumption was that it had to be better after the project. That's not necessarily a good assumption. When you automate an error-prone process, the errors simply happen faster. Additionally, the automation may provide opportunities to refine or improve the process at the business level.
Today's Integration Perspective
Collaboration benefits are available at all levels of security management and technology implementation, especially when security processes are examined within the context of the business processes. According to Wikipedia, the term Business Process Management (or BPM) refers to a set of activities which organizations can perform to either optimize their business processes or adapt them to new organizational needs. That's a very interesting description, because security executives and managers must optimize security processes to be aligned with the business, and adapt them to new business needs, including the changing risk picture of the business.
Additionally, the job of security is to reduce risks to acceptable levels at an acceptable cost. That means operational efficiency (i.e. process efficiency) comes into play as well when considering the total cost of security, especially for large organizations.
This is today's perspective for security practitioners. As Dr. Gerald L. Kovacich and Edward P. Halibozek have stated on page 14 of the book Security Metrics Management : “Security professionals who understand the corporate and global environment have a better chance of personal and professional success than those who do not.”
