Most organisations today rely on business metrics and data to make informed decisions. IT is the enabler, providing the infrastructure to collect, collate, process and disseminate this data.
However, increasingly IP-enabled security technology – particularly video surveillance, access control and converged security solutions – are used not just to protect assets and increase situational awareness but to also deliver business intelligence.
Security systems are thus growing larger and more complex and being pulled further into the cybersecurity realm.
Simultaneously business leaders increasingly appreciate the value of enterprise risk management (ERM), which breaks down risk silos and integrates risks, and enterprise security risk management (ESRM). Cybersecurity forms part of the wider ranging information security management discipline of protecting both an organisation’s digital and physical information assets, although the two are often confused and used interchangeably.
Cybersecurity has attained significant importance in the boardroom
Cybersecurity has attained significant importance in the boardroom. A recent report by Security Infowatch said it is prioritised over physical security as a result of the range of threat actors, media stories of cyber-attacks and the regulatory bite of GDPR and the substantial fines for non-compliance.
Whether we like it or not, cybersecurity is generally seen as IT’s domain – arguably rightly so when it comes to configuring and securing devices on the network.
After all, the IT provider is responsible for network administration, monitoring network functions and operations as well as for installing, maintaining and upgrading any software or hardware required to efficiently run a computer network. When you connect a camera, access control or other device onto the network you create a potential gateway, which can, if incorrectly configured and protected, be exploited.
The network-savvy installer tends to make better use of video surveillance camera technology, setting up each video stream to match specific requirements and using event-triggered or on-demand recording as opposed to following traditional 24-7 recording at high frame rates, whether required or not. Although it’s appreciated, this might be at the request of the client.
With the growth in video analytics and artificial intelligence the need to fully comprehend digital signalling processing and transmission is growing. IT is well placed to understand the technology through a comprehensive suite of academic qualifications in a range of computer science and network engineering subjects up to PhD level.
This can be supported by internationally recognised vendor certification such as those provided by CISCO. Likewise, today’s security manager – traditionally a retired police officer or ex-military person – is now being professionalised through organisations like The Security Institute, which promotes academic qualifications in various security and risk management subjects up to doctorate level.
The Security Institute even provides a Security MBA, which gives the security manager real parity in the boardroom – not just as a subject matter expert but also as a recognised business peer.
In contrast, the security systems engineer is poorly catered for. Since the demise of the old security systems apprenticeship scheme there are no academic technical security system qualifications, with many engineers relying on on-the-job experience, electrical qualifications or manufacturer-specific training.
But let’s not write off the security engineer just yet. They have many strengths: many have a strong understanding of threats, vulnerabilities and risk and appreciate that security is a weakest-link discipline – someone will always seek ways to compromise it. They understand the best place to position cameras and security devices to maximize performance and how to conceal wiring to ensure it’s not easy to tamper with.
Security companies are also generally good at providing service response 24-7/365 when things go wrong. A number of organisations run schemes that recognise companies and their compliance with relevant standards: SSAIB, The National Security Inspectorate (NSI) and The Fire and Security Association (FSA) to name three, although none are entirely dedicated to recognising competent individuals.
Would you place your faith in a poorly qualified industry to mitigate risks given increasing penalties for failure?
However, Tavcom Training – part of Linx International Group – fills a skills gap with BTECs and training in a range of technical security subjects and recognises trained, competent security engineers through the Register of Certified Technical Security Professionals (CTSP).
Enterprise risk management examines an organisation’s risk profile to identify threats to financial sustainability and market opportunities rather than categorising them into financial, regulatory and operational risks.
So if you’re a chief financial or chief risk officer, would you place your faith in a poorly qualified industry to mitigate your security risks, given the increasing penalties for failure?
Or say you’re an IT director responsible for the integrity of an organisation’s entire communications infrastructure. Increasingly your team is tasked with defining technical requirements for electronic security systems residing on your network on behalf of the security lead.
Consider the opportunities to grow the IT estate with additional network points, switches, etc to accommodate security systems. Are you going to hire an IT company with staff possessing relevant degrees? Or use a security company reliant largely on the experience of its technical staff?
Likewise, in today’s litigious society, how can the health and safety manager best mitigate their risk: with a physical security company or by hiring more technically qualified alternatives?
That’s not to say every company specialising in IT is competent, or that every employee in a technology role is academically qualified – but they do have that option. Similarly, the security manager is increasingly knowledgeable in their role and in deploying protective strategies to mitigate risks in line with their organisation’s objectives.
Like chartered engineers, surveyors and accountants, the modern security manager can now also attain chartered status on The Register of Chartered Security Professionals. This gives them a powerful way to corroborate their knowledge, experience and value to their organisation.
Electronic security engineers needs pathways to similar credentials if they are to thrive in a changing landscape.
You may believe the traditional electronic security company’s days are numbered regardless. With the right qualifications framework, and by adapting their business models, I believe the sector can combat the threats to its existence and remain fit for purpose.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
