Infosecurity Professional - Issue 9 - ISC

More documents

Recommendations

Info

global insight international information security perspectives Physical & Cybersecurity A convergence of physical and cybersecurity systems and solutions is taking place, says Lucius Lobo. Physical security—such as human guards, physical entry barriers, and remote surveillance using closed-circuit television (CCTV) and access control devices—is one of the oldest forms of protecting assets. But remote surveillance mechanisms have been hampered by a lack of real-time response; for example, large installations using multiple CCTVs cannot be easily monitored in real time. Global spending on physical security is expected to exceed $100 billion in the next 10 years. The majority of this investment is estimated to be in enhancing homeland security and for using IPbased surveillance for the physical security perimeters of large organizations, residential campuses, hotels, and oil and gas installations. IP-based surveillance involves the integration of physical security solutions on IP networks without further investments in or changes to existing infrastructure. Organizations can extend their IT rolebased administration to physical security solutions. Physical Security Information Management systems facilitate the correlation of events and depict pattern analysis of security violations from both IT and physical security domains. Moving remote surveillance infrastructure and systems from analog to IP, coupled with a growth in technologies that analyze, integrate and remotely transfer sensor information over wide distances, has led to surveillance improvements. Similar to cybersecurity, physical security violations can now be treated as events, and monitored at central stations. For example, if people were detected entering a location from an exit point, a video analytic solution would trigger an alert to a remote station, where the event would be analyzed and action would be taken. Previously, one would have to post guards at each entry or exit point, monitor cameras at the location, or install door alarms. This technology shift will consolidate physical and cybersecurity into a single function—though the former will be governed independently of the latter, primarily through facility management teams. Because the core network is shared, IP-based physical security infrastructure will be subject to cyber threats. This has several implications: n Audit measures such as vulnerability assessment and penetration testing will need to cover physical security infrastructure and technologies. n The significant use of IP-based surveillance technologies will require security specialists who can integrate systems and configure the analytic components of these technologies. n Security personnel must be able to respond to physical as well as cyber intrusions. In the next one to two years, information security professionals will command a salary premium if they have experience in both areas because there is a shortfall of technology consultants with these skills. Lucius Lobo, CISSP, is Director, Security Consulting at Tech Mahindra Limited, a global systems integrator and business transformation con sulting firm. He is based in Mumbai and can be reached at lucius@TechMahindra.com. photo top by George Diebold 20 InfoSecurity Professional issue number 9
Security must be considered at every stage of development. Watch Video Securing the SDLC: A Business Perspective www.isc2.org/csslpvideo In the world of software development, security measures must be implemented within each phase of the software lifecycle. Yes, build it right in. Our offspring are too vulnerable and the threats to them too consistent to work any differently. To learn what to do, become an (ISC) 2® Certified Secure Software Lifecycle Professional (CSSLP ® ). Simply attend a CSSLP Education Program, they’re available worldwide, then take the CSSLP exam. Remember, Mother Nature takes pride in giving her members ways to protect themselves. We can learn a lot from her. www.isc2.org/csslp Connect with us! www.isc2intersec.com twitter.com/isc2 youtube.com/isc2tv
Page 1 and 2: issue number 9 An (ISC) 2 Digital P
Page 3 and 4: issue 9 2010 VOLUME 1 14 To view th
Page 5 and 6: executive letter From the desk of t
Page 7 and 8: (ISC) 2 MEMBER NEWS (ISC)² Hires F
Page 9 and 10: The password to your future is NSU.
Page 11: illustration by SASHIMI/theispot be
Page 14 and 15: son’s social position. “Breache
Page 16 and 17: You’ve probably developed, or are
Page 18 and 19: frankly, your enemy.” The more ti
Page 20 and 21: Each year, (ISC) 2 participates in
Page 24: The one security blanket you won’

Infosecurity Professional - Issue 9 - ISC

Create successful ePaper yourself

Delete template?

Save as template?