For almost two decades, the security industry has been envisioning the convergence of information security, physical security, and business continuity functions. Conceptually, there would be a standard methodology to Identify and assess risks and companies would utilize clear role-based SOPs to mitigate threats as they arise across an organization. Nearly 90% of participants in a 2022 study sponsored by the ASIS Foundation agreed that convergence enhanced overall security, yet it is rare that corporate security operations function in a completely integrated fashion. Why is that?
Both information and physical security disciplines operate in very dynamic environments to assess and mitigate risk. And they both use a “Defense In-Depth” security strategy with barriers across multiple layers and dimensions to protect an organization’s assets. But it is no surprise that the nature of what is being protected and the expertise of the protector varies greatly.
Security professionals who defend against cyber-attacks protect information and information systems. They constantly work to prevent unauthorized access, disclosure, disruption to data and IT networks. Information security experts are skilled in scripting, software, and systems for intrusion detection and security information event management (SIEM). The threat focus and attack vectors managed by physical security professionals are quite different. They safeguard human lives and protect corporate property against unauthorized access, disruption, and damage. Physical security expertise ranges from emergency preparedness and response to executive protection to threat analysis to investigations.
The need for collaboration and alignment arises when a threat from one domain impacts the other. This often occurs when a cyber case spills into real life. An online threat comes from a person with a history of violence. A protest publicized on the deep web is planned at a company’s headquarters and guards are needed to ensure employees’ safety. Leaked credentials expose office access information. The list goes on and on.
It is important for leaders in the security industry to maintain a high level of discourse on the realities of convergence. Helping CISOs understand the dynamics of physical security, what resources are available, how and when to deploy them are the guiding principles for Chris Falkenberg’s upcoming presentation at the (ISC)2 Security Congress on October 25th in Nashville.
Want to be part of the discussion on security convergence?
Click here to schedule a one-on-one meeting with us at the upcoming Security Congress.