Physical and IT security shops often have trouble working together. They work as two separate departments and cultures, and criminal activity can go unnoticed as a result. But as the concept goes, “Security is not about headcounts in the physical and IT departments. It needs to leverage each others’ people, processes and technologies.”
Puzzled? Let me cite an example..
First, there’s the physical and IT security technology. On the physical side there are the alarm systems, the CCTV monitoring and the video analytics. Video can spot the suspicious person hiding behind a tree and can track the flow of automobiles in and out of the parking lot. On the cyber side, there’s the security incident event management (SIEM) technology and other tools to track potential data leakage and perform such things as deep packet inspection. On the global risk and intelligence analysis side, there is intelligence collection and risk monitoring on the physical side and on the IT side there are the GRC platforms, anti-fraud feeds and control assurance platforms.
Where do the physical and IT ends meet? There are two different scenarios:
A thief takes a computer.
The SIEM system detects a resource change (the computer removed from its proper place).
The physical security information management (PSIM) procedures detect that the doors in and out were not accessed according to protocol (card swipe to open the door, etc.).
The SIEM and PSIM talk to each other, compare data and trigger a response rule.
The incident handling system receives an alarm and fires off the proper standard operating procedure to deal with the theft.
The related notification technology on the physical and IT sides trigger a pre-arranged response.
By pooling the physical and IT technologies and procedures, chances of the company finding the thief and retrieving the computer increase significantly.
The second scenario deals with workplace violence prevention. In this sequence of events:
The data loss prevention (DLP) technology uncovers a chat session on a work machine where an employee has threatened someone over IM.
The physical corporate investigation and HR people move in and investigate the insider’s record.
The insider is found to be a domestic violence case and information on the spouse is obtained.
IT security technology (telephony monitoring and DLP systems) is updated with the data corporate investigations and HR has gathered.
The physical and IT shops now have the pieces in place to watch the offender closely and swoop in at the first sign of trouble.
The benefits of working together are considerable, noting that a combined defense can help reduce cases of ID theft, leaking of corporate trade secrets, travel risks affecting employees, terrorism, etc.