SUBSCRIBE
Get what you need to know about information technology solutions to grow your business.
subscribe now »
| » comment |  del.icio.us |
 digg this |
|
 rss feeds |
Fortigate 330A Tutorial
Connor Anderson looks at unified threat management products from Fortigate.
View video »
Connor Anderson looks at unified threat management products from Fortigate.
View video »
| RELATED | MOST POPULAR |
|
Deploying Microsoft Desktop Optimization Pack 2009
Learn four ways MDOP R2 can help you migrate your organization to Windows 7. Cisco's UC 500
Cisco's UC 500 all-in-one appliance offers everything an IT department needs to deliver effective communications to workers. Data Theft Deterrent
Generally, it's not feasible to forbid employees from using mobile computing devices simply because of security risks. And often today, your employees need them to do their jobs. The HP 4410t Mobile Thin Client can help allay your information security concerns. Securing Mobile Data
With the proliferation and affordability of notebook computers, it's only a matter of time before one belonging to your business ends up in the wrong hands. Start planning now so that when you receive that phone call, you can rest assured your data is safe. Security Blanket: Vista's Outbound Firewall
Want an extra layer of security for Windows? Then enabling Vista's outbound firewall just might do the trick. 7 Must-Have Technologies
IT practitioners agree that there are some products no IT shop can live without. The Best of Both Worlds
The HP Compaq dc7900 Ultra-Slim provides substantial processing power in an ultra-slim machine. Multithreat Protection
The SonicWall NSA E5500 UTM appliance can create a shield to help protect your business's network. Break Down the Walls
Providing a mobile environment is a good way to boost employee morale. The Power of Convergence
Become a better leader by converging business and technology. |
|
Mix It Up
Adhere to the four commandments of security — deter, detect, delay and respond — with blended physical and technology security teams.
Rick Patterson, Director of Security, Sidley Austin
The battered economy is forcing many businesses to reduce operational costs and cut back on traditional “cost centers.” Every category of IT spending — including security — is under scrutiny, even with an increasing need to ensure that systems remain tight as a drum.
One way to reduce costs and more closely align technology with business goals is to consolidate security programs at the management, staff and process level, develop a risk-based approach to security and provide upper management with more meaningful metrics.
Consolidate. Physical and technological security should be managed as a single function. This management convergence allows for a singular focus on operational risk management and replaces the vertically isolated approach that most businesses take toward security.
Physical security is typically a concrete discipline that is tangible and easy to visualize — locks, guards, badges — compared with IT security, which tends to be abstract. The concept of an IP packet is somewhat theoretical, and grasping the complexities of network protocols is not a trivial undertaking. Still, absent philosophical differences, physical and technological security professionals share many characteristics that would support convergence. Both focus on managing risk, protecting assets, and conducting investigations that involve evidence collection, hypothesis development and report writing.
Cross-training your security teams on physical and IT security methods is the first step. Through staff convergence, certain processes can be consolidated to reduce overlap and leverage synergies.
For example, an IT security professional may be more effective at deploying traditional physical security devices that reside on IP networks. With a better understanding of technology concerns, an IT security professional is better positioned to assess IP-based security tools and provide controls that protect the production network.
Align to Business Goals. To align IT closely to core business objectives, security should focus on risks to the business as determined by a qualitative risk assessment. Such assessments support efficient and effective allocation of resources during leaner times and should focus on a 360-degree landscape. For example, when assessing a new data center location, a converged physical and IT security team could provide a single analyst to complete the assessment, assured that all threats to the data center would be considered.
The assessment would include not only the risks associated with IT systems, but also risks inherited from third parties, such as a hosting company. The assessment should address all third-party security policies, not just for information security but also for HR, workplace violence, fraud, waste and abuse programs — all areas that have the potential to interrupt business services or otherwise affect your employees. And all are areas within the expertise of your converged security team.
Provide Meaningful Metrics. For this new approach to work, you need to showcase your success by providing metrics and reports that resonate with executives. These metrics must clearly demonstrate how security provides value to the business.
For example, after completing a risk assessment, identify and track implemented controls that address improved security. Develop a single nomenclature for physical and IT security that can apply to all incidents. Monitor the security software deployed by the organization to see if it’s effectively tackling the specific security challenges.
A converged security team that’s aligned with the goals of the business — one that communicates effectively with upper management — will achieve better results and ensure it’s viewed as a critical business partner.
Rick Patterson is director of security, which includes IT security, physical security, and business continuity and disaster recovery programs, at the law firm Sidley Austin in Chicago. He is a former secret service agent specializing in physical security assessments, electronic crime and computer forensics.
Home | Contact Us | About Us | Subscribe | Meet the Editors | Privacy | Site Map | Terms and Conditions
Copyright ©2010 CDW Corporation | 300 N. Milwaukee Avenue, Vernon Hills, IL 60061