Today, neither physical nor cybersecurity threats can be tackled in isolation; one often creates opportunities for the other. This means that security professionals need to recognise the risks posed by both when responding to risks facing the organisation.
IFSEC’s Converged Security Centre, which will feature use-case presentations between 18-20 June at ExCeL London, will showcase how both security professions – physical and cyber – can work together to manage risk in real time.
New technologies for buildings and facilities that connect to the internet may be open to cyber-attacks in the same way our PCs and laptops have been. Building systems, including BMS, access control or CCTV, must be protected with cybersecurity solutions if they connect to the internet and cloud services.
The Converged Security Centre will showcase how both physical and cyber-attacks can be monitored in real time using a combination of physical security and cybersecurity solutions with professionals from both fields.
Physical security officers can learn how to interpret cybersecurity risks in ways they previously couldn’t.
That converged security centre requires both physical and cybersecurity personnel operating 24/7 at all levels debunks the argument that new technologies replace physical professionals. The reality is that many risks involve people, such as a rogue employee accessing a computer file and downloading the company’s data. They still need to be identified and interviewed and dealt with when involving law enforcement.
Similarly, a flood or fire in the server room needs physical intervention to prevent a data loss and possibly a fine under the EU GDPR. The benefits of a single centre equipped with the power of data analytics can significantly reduce response times for dealing with attacks.
Although IFSEC is known for its background in physical security, the fact that modern physical security teams install solutions built on IT technologies means that IT and cybersecurity staff will have to play a role.
However, if we get beyond the pure IT elements, cybersecurity teams have to play their role in network intrusion detection and response. So that role has to involve detection and response to attacks on those systems as well as using those systems for their investigations.
At the centre cyber and physical security leaders will discuss how Security Information and Event Management systems (SIEM) can be integrated with Converged Security and Information Management Systems (CSIM), such that security risks can be more efficiently identified. With the help of artificial intelligence we will demonstrate how anomalies form alerts that are actionable so that an identified network attack on an HVAC system enables you to work with your physical security colleagues and engineers to repair the system.
There are benefits for both chief security officers and chief information security officers to reduce risks and enable response cost savings.
The centre will showcase many different solutions that can be integrated to work together as a unified solution. However that doesn’t mean that other solutions cannot be integrated to become part of a new solution.
So the centre invites all solutions providers to come and talk to us about integrating their solution. All solutions need to work well together and be integrated – and yes, we would like to see integrators learn about their role in the Converged Security Centre.
Once again joining Vidsys and Unified Security will be Micro Focus, who were solution partners last year, demonstrating how artificial intelligence can be used by security operators to understand the significance of each threat and how to prioritise accordingly.
Vidsys and Micro Focus write:
“Security operators face increasing pressure to make better decisions faster, and are often hampered by partial information and/or human limitations. To close these critical gaps, they need to automate the extraction of real-time 3600 intelligence from all available data (CCTV, sensors, access control, social media, etc.) to drive effective actions. Intelligent GSOC, which combines AI, comprehensive data aggregation, and dynamic workflow, by Vidsys and Micro Focus IDOL is designed to do just that.”
The Converged Security Centre will run for all three days of IFSEC with different use case presentations running throughout the day. No matter which industry you work in or type of building you are responsible for we have something for you – even if the session takes place when you’re not there. We look forward to helping you manage risk in real-time in your own Converged Security Centre, but first please do come and stop by our demonstration at IFSEC.
?
James Willison MA is Founder of Unified Security Ltd and Vice Chair of the ASIS European Convergence/ESRM committee. In 2018 IFSEC Global listed James #17 in the top 20 Security Thought Leaders across the world. He was also shortlisted in the Security Serious Unsung Security Heroes Awards as a Security Leader/mentor in October 2018. James is a member of the ASIS International Board ESRM initiative and on the working group for the draft ASIS/ISC(2)/ISACA Security Awareness Standard. He is Vice Chair, Smart Buildings Working Group, Internet of Things Security Foundation.
James was awarded the Imbert Prize for an ‘outstanding contribution to the Security Industry in 2011’ for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has more than 20 years of management experience in the physical and information security industry, including posts as Advisor on Convergence to the Mitie TSM Board, Senior Lecturer, Loughborough University and Digital Security Expert with the European Union. He has co-authored two White Papers with Sarb Sembhi sponsored by AXIS Communications on ESRM and Smart GDPR Assurance. He is an ISACA Academic advocate and a member of the Security Institute. James is advising UBM on the Converged Security Centre to be featured at IFSEC in June 2019. This will demonstrate a real time response to security attacks on cyber physical systems.
Sarb Sembhi, CTO, CISO & DPO, Virtually Informed has worked as a volunteer in many senior roles for ISACA and been actively involved at government level. He is a CTO & CISO and is well known for speaking, writing and contributing to many events and publications. He speaks and chairs many security events which have included IFSEC since 2009 with James Willison, ASIS International, on Converged Security Management, the Noord CISO Dialogue (17 times), ID Management, ESRM. He also regularly chairs executive dinners for event companies as a knowledgeable independent chair.
Sarb has sat on the following Judging Panels (SC Awards three times; IFSEC Awards four times; FSTech Awards once; Trailblazer Awards six times). He has contributed to several security standards including the ANSI ASIS Physical Asset Protection Standard 2012, and publications in Information Security Magazine and Risk UK. He was an active member of the IET Intelligent / Smart Buildings Resilience project and brought his expertise to this pioneering group. He is now leading a whole new approach to IFSEC 2018 with Gerry Dunphy and James Willison. Together they will bring the first Converged Security Centre to an International Security event to showcase cyber physical attacks on organisations in a real time environment.
Sarb’s other roles and affiliations have included: Past Chair of the ISACA London Security Advisory Group; Past-President of the London ISACA Chapter; Chair of ISACA International Government & Regulatory Advocacy Committee; ISACA Relations Board; ISACA Cloud Computing Task Force; Secure Software Development Partnership; Editorial Board member of InfoSecurity Magazine; Individual member of PITCom (Parliamentary IT Committee). Sarb’s specialties: Networked CCTV System Vulnerabilities, Converged Security Risk Management, Secure Software Development (Secure by Design), Software Development Standards, Data Integrity Attacks, Protecting the people responsible for Critical Business Assets.
