Click here to receive your FREE subscription to Campus Technology
Opinion
Converged Security: Can Ex-Cops, Propeller Heads, and Bean Counters Make Nice?
9/14/2007
I had an opportunity this spring at the Security 2007 Professionals Conference (www.educause.edu/sec07) to hear Ira Winkler, author of Spies Among Us, talk about his experiences testing corporate security. One of his case studies described how he and a colleague were hired by an American company to "steal" the plans for a nuclear reactor that the company was developing. Using a business card stolen from a nearby restaurant he was able to enter the company's facility and with a healthy dose of chutzpah obtain a corporate security badge and access to the company's computers, which they then hacked to obtain the nuclear reactor plans. (They also found unauthorized access into the company's servers by a foreign nation.)
The most sophisticated information security technology and procedures can't protect the information if the thief has physical access to the server room. (See It's Not All About Hackers, September 2005 Campus Technology Magazine.) Physical security is just as essential as the information security we techies are familiar with. And a growing number of businesses, such as the Web conferencing firm WebEx, are merging the management of physical and IT security into a single unit. The corporate trend appears to be a more holistic approach to security.
Even the titles for security professionals, which had been a confusing plethora, have begun to coalesce into commonly accepted definitions. The title Chief Security Officer, or CSO, was first used within IT to identify the person responsible for information security. Now the trend is to use the more specific title of Chief Information Security Officer (CISO) for that person and reserve the CSO title for an executive level position with responsibility for both physical and information security.
Security Convergence
From a broader corporate perspective, security goes beyond information security, which focuses on availability, integrity, and confidentiality of information and systems. It includes physical security, which is much more than simply controlling access to facilities and includes insuring the safety of employees, facilities, and assets. Finally, it also includes financial, legal, and compliance security. As Bill Boni, vice president and CISO at Motorola puts it, it involves badges, bytes, and beans.
Traditionally, these functions have been separate silos, and those responsible for each approach security from a different perspective and bring different skills and abilities to address the problem of "security."
Recommended Reading
- Yuba Community College District Renews with AT&T for Wireless
Yuba Community College District (YCCD) has contracted with AT&T to provide wireless Internet access to the 11,000 students attending the district's two Northern California colleges, Yuba College in Marysville and Woodland Community College.
- Surveys Raise Doubts on Virtualization Security
Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.
- What Was Your First Pet's Name? Lessons Learned About E-Mail Security
The intrusion last month into Vice Presidential candidate Sarah Palin's e-mail highlighted the frailty of some types of data security measures. What are the lessons for the rest of us?
- Report Casts Doubt on Anti-terrorism Tools
A new report from the National Academy of Sciences, part of which was co-authored by an Indiana University School of Law-Bloomington professor, casts doubt on the effectiveness, lawfulness, and appropriateness of using data-based tools such as data-mining and biometrics to fight terrorism.
- University in South Africa Set To Install Quantum Cryptography on Municipal Network
Physicists at South Africa's University of KwaZulu-Natal are set to install a quantum communication security solution over the eThekwini Municipality fibre-optic network infrastructure in Durban.
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
