Is this War, or an Opportunity?
After taking a short few weeks to investigate the InfoSec space and speak with several ISC2 certified CISSP’s… it would appear the convergence and overlap of Data and Physical Security is creating misconceptions regarding roles for effective protection of assets. A few gentlemen I spoke with felt Physical Security is merely a subset of the much broader Information Security category. The comment really had me thinking. This perception must certainly be caused by poor communication between the two disciplines.
How do we fix this?
Demand for convergence is so high with end-users, InfoSec needs are starting to drive Physical Security requirements. As Physical Security Professionals, if we don’t start embracing this trend, the new CISO executives will become THE “C” suite security officers.
As I begin to engage both sides of this debate, I sense both curiosity and competitiveness emerging. On the ISC2 side, some have expressed the belief they are better prepared and uniquely qualified to handle BOTH Information AND Physical Security management, planning, design, etc… The InfoSec world is very aware of Physical Security, while I find the reverse is not necessarily true. On the ASIS (American Society for Industrial Security) side, InfoSec is being seen as a parallel industry, with little impact on our disciplines and trades. Neither of these viewpoints is close to the truth. Successful people are bound to tap into their competitive nature and whether this translates into a perceived advantage, or ignoring the convergence… this is the wrong track. I have been sharing a message for all who would hear for a year now… the bright new future will require both disciplines in cooperation, to properly deploy security plans/systems.
Embracing the “Dark Side”
Okay, so maybe the title is a cheap “Star Wars” rip-off, but it truly represents the challenge. In the recent IP Video Camera years, most traditional security contractors struggle with LAN/WAN connectivity and data security. Typical proposals exclude any associated impact on network infrastructure. In the past three years, I have heard it said to the end-user so many times, my head hurts: “the connection to the network is not my problem.” Conversely, I am also tired of the I.T. Director telling me: “you will not put that cr@p on my network!” This has to be a two-way street. For effective protection of assets, the answer should come from both sides embracing each other’s world and finding the compromise somewhere in the middle.
Compete with InfoSec and I.T., or Partner?
Choosing ignorance and denial and competing with cabling/network contractors and InfoSec consultants will not be a successful strategy in the long-run. LAN/WAN/Cloud is here now and is the data solution of choice for the private sector. It is clear, the best answer will come from education. ASIS and ISC2 should be pursuing an industry alliance. We need to look at each other’s value and find where they compliment each other in the planning and successful deployment of systems.
Defining Roles and Examining Cooperation
In the future, I will attempt to examine what that cooperation might look like and how to define and separate roles. I will attempt to look at this from both sides and find the path to the middle. I am looking forward to the challenge and I hope to learn much along the way.
This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.