Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

CSOs creating cultural change

From: InfoSec News <isn () c4i org>
Date: Thu, 24 Jul 2003 02:57:46 -0500 (CDT)
http://www.computerworld.com/securitytopics/security/story/0,10801,83354,00.html

By Lauren Thomsen-Moore
Computerworld Today (Australia)
JULY 23, 2003

SYDNEY -- The convergence of physical and IT security is driving the
appointment of chief security officers (CSOs) within the enterprise, a
new title that is creating cultural change, the senior cybersecurity
consultant at Pinkerton Australia Pty. Ltd., Atif Ahmad, said this
week.

Speaking at the Australian Security Industry Association conference in
Sydney, Ahmad said some organizations are struggling with the
appointment of a CSO because the skills required for the job cover a
broad spectrum of both physical and IT security, as well as an
understanding of risk management and strong business skills.

For some companies, he said, it's a bit awkward appointing the IT
manager as CSO because the individual lacks physical security
experience, so the company instead hires someone outside the
organization.

In the past, Ahmad said, there was a fundamental separation of IT and
physical security with separate budgets, resources, personnel and
skill sets.

"As an example, each door has an access control point and whoever had
a key had access, which was authentication by possession," he said. It
has moved on now to authentication by knowledge using PIN numbers or
combination pads.

"And now IT has added authentication by characteristic with a swipe
card."

Threats are also more sophisticated in both physical and IT domains,
but it goes both ways, he said, IT attacks can cause physical damage
and visa versa.

"Technology demands sophisticated infrastructure. As an example, if an
organization was to buy CCTV as a method of physical security, it's
not just about setting up the camera, it is about total infrastructure
integration," Ahmad said.

Chris Thomas, data protection group senior consultant for Computer
Associates, said the Open Security Exchange was established in
recognition of the convergence of IT and physical security (see story)
[1].

He said the group was formed in April to promote the use of security
best practices for the protection of physical and IT assets. Other
members of the exchange include smartcard maker Gemplus and Software
House, a security software company and subsidiary of Tyco Fire &
Security.

[1] http://www.computerworld.com/securitytopics/security/story/0,10801,80480,00.html

 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: