How physical, IT security sides can work together
A physical security specialist teams up with an IT security specialist to outline a more potent defense. From the CSO Security Standard event in New York.
By Bill Brenner , Senior Editor
September 13, 2010 — CSO —
NEW YORK -- Physical and IT security shops often have trouble working together. They work as two separate departments and cultures, and criminal activity can go unnoticed as a result.
At the CSO Security Standard event, two security professionals sought to change that, offering up a plan the physical and IT sides can use to join forces for a far more potent defense.
Representing the physical side was Richard Gunthner, vice president of global corporate security for MasterCard Worldwide. Representing the IT side was Roland Cloutier, vice president and chief security officer for ADP.
"Much of my career has been spent on the IT side and Richard has dealt largely with the physical, but now our jobs are looking more and more alike," Cloutier said. "Security is not about headcounts in the physical and IT departments. We need to leverage each others' people, processes and technologies."
From there, the two built a couple practice scenarios for how to get there.security incident event management (SIEM) technology and other tools to track potential data leakage and perform such things as deep packet inspection. On the global risk and intelligence analysis side, there is intelligence collection and risk monitoring on the physical side and on the IT side there are the GRC platforms, anti-fraud feeds and control assurance platforms.
Where do the physical and IT ends meet? Cloutier and Gunthner presented two different scenarios.
In the first scenario:
- A thief takes a computer.
- The SIEM system detects a resource change (the computer removed from its proper place).
- The physical security information management (PSIM) procedures detect that the doors in and out were not accessed according to protocol (card swipe to open the door, etc.).
- The SIEM and PSIM talk to each other, compare data and trigger a response rule.
- The incident handling system receives an alarm and fires off the proper standard operating procedure to deal with the theft.
- The related notification technology on the physical and IT sides trigger a pre-arranged response.
By pooling the physical and IT technologies and procedures, chances of the company finding the thief and retrieving the computer increase significantly.