Enabling business strategy is the goal

Integrated security is about how people, policies, procedures, technology, architecture and corporate culture are aligned to enable the enterprise to do what would otherwise be too risky

. What's this?

By George Campbell

April 12, 2010CSO

Who do you call when you've been caught in a semantics trap?

Steve Hunt was kind to me in his response (Convergence: The Semantics Trap) to my earlier Myth of Convergence piece. I worry that it's because he sees me addled and drooling in my declining years. He refers to me as "Mr. Campbell" and alludes to my tenure in security management somewhere in the primitive analog era. Since he sees me in this dotage, I think I'll refer to him simply in the more youthful and familiar "Steve".

Steve does a really nice job of laying out the evolution of the physical security and IT security relationship from his perspective. I didn't bite my lip until he got to level three where we may find "the convergence of physical security people and processes with IT security people and processes. Here is where tempers flare." Either I did a bad job laying out my thesis in "Myth" or he missed my point when he concludes this evolution with the notion of "bringing the two security teams together under single management." I guess I can't blame him since he has evidence of "the train wrecks" he and others have witnessed when these marriages have contributed to workplace violence.

The failure of a marriage or relationship like this is the heart of the debate on convergence for me. I'm immovable that where these organizational train wrecks occurred, there was an institutional failure in two key areas: relationship management and enterprise risk management. These temper tantrums speak more of low level, immature, school yard shoving matches than security (business?) professionals recognizing their merged interests and commitment to corporate health and hygiene.

Also see The Holistic Security Momentum Theory


I have great respect for Steve's experience and credentials. I proudly had the CISO function in my organization for 7 years and any one of that great team will tell you what I knew of Steve's and their craft would fit in a thimble. My job was to make sure all the moving parts of a risk-focused corporate security program were in synch with each other and the business plan. Physical security and logical security were partners. There were enough bad guys out there to keep us all busy.

I've been at this debate table for the last decade and want to see it end. It gets us no closer to finding the common ground our top management has every right to expect of governance partners. I keep stirring the pot so I'm as much the instigator as anyone. But my passion is around how inclusive I feel about my information security colleagues and how exclusive their context appears to be in so many of the articles on convergence.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER