|
The single most important trend in security in the next ten years will be the integration of various security elements such as information security, physical security and integrated systems security into a single security function. The development of this trend can already be seen in the increase in the number of Chief Security Officers (CSO), elevating the security director to a "C-Level" position alongside the CEO, CIO and COO. Chief Security Officers are appearing in companies like Oracle, Hewlett-Packard, Microsoft, and General Electric. Management consulting firm Booz Allen Hamilton recently surveyed firms with more than $1 billion dollars in annual revenues and found that 54% of the 72 chief executive officers it surveyed have a chief security officer in place. Ninety percent have been in that position for more than two years Security has historically been an under managed and fragmented function in many organizations. After 9/11, security has become more and more important, and more expensive, because organizations are seeking a higher level of security than ever before. Many organizations are under funded and don't have enough money to implement every security safeguard ? so how does an organization decide whether to put an authentication program in place to positively identify networks users, or whether they need to create a stand-off from the front of the corporate lobby? Proper allocation of the security budget is an important element supporting the need for holistic security programs. The increasing sophistication of integrated system controls is another reason. Physical security systems such as access controls, building controls, and digital camera systems have become increasingly computerized and networked. Physical lock and key systems have been replaced by smart cards that not only allow employees access to different areas in a facility, but also may keep audit trails of where employees spend their days. Another example of this trend is surveillance cameras. Surveillance cameras, also known as CCTV (Closed Circuit) cameras, used to record everything in view on VHS tapes. The obvious problem with VHS tapes is that someone has to change the tapes frequently, that is, take out the full tape and replace it with an empty tape. Time and time again, computers and other company property would disappear at precisely the moment that the tape switch took place. Many companies have now switched to newer digital technology, which eliminates the need to change tapes and in so doing creates a continuous audit trail. Of course, this record has to be protected, because it can't be locked up in a cabinet like the old VHS tapes. Smart buildings are another example of old technology, which has been replaced with digital, networked technology. Coordinated by a single network console, the smart buildings today can control access to different areas of the facility, control fire alarms and security system alarms, as well as control the heating and air conditioning units within the facility. A major provider of physical security solutions describes their product as "offering an all-encompassing security environment for multi-server enterprise system topology, central server systems, and mobile enterprise systems; supporting applications for access control, alarm monitoring, ID management, physical asset management, digital video surveillance, recording/archive management, smart card, biometrics and visitor management functions. These new technologies for physical security have taken the practice of physical security to a new level, yet many of the practices that are commonplace in information security have not been adopted in this new environment. Historical Separation Between Information & Physical Security Prior to 1995, the information security management and physical security management were completely separated. The information security officer position started with simple data center security, and then grew into the information security environment in which computers were on every desktop and eventually linked to the Internet. Because the computer systems operations were managed out of the MIS (Management Information Systems) department, the security function was also created at this level in the organization. By contrast, the physical security officer was usually a former policeman, or someone with a military background, whose main responsibility was creating and/or managing a uniformed guard service, keeping track of keys and managing a visitor badging program in the front lobby.
|
