June 22, 2016

Sign up to free email newsletters


Fire safety guides from FIREX International

Why NIST is the Best Approach for Joined-up Physical and Cyber Security

UK security vendors should look to the US for help in standardising converged security systems, according to experts, or risk their cyber defences being undermined by a lack of co-ordination and harmonisation between physical and data security platforms.

“The most interesting thing for me is the National Institute of Standards Technology (NIST) proposal,” he said during a panel discussing the evolution of physical and data security systems at today’s IFSEC International conference in London.

James Willison is vice chair of the ASIS European convergence/ESRM committee, a security strategy and risk management advisor, and associate senior lecturer in security management at Loughborough University.


The Cyber Security Assessment is based on NIST framework

IFSEC Global’s Cyber Security Assessment is based on NIST framework. Take the test here


“In the past we have looked at security systems separately – IT, access control, fire, health and safety – and this is a problem. Things are improving slightly in the US but I don’t know about here [in the UK].”


The second draft of NIST’s special publication (SP) 800-160 systems security engineering proposal was published in May this year. It recommends ways in which security design principles are baked into newly converged physical and data security systems such as those being built to support the Internet of Things (IoT) at every step, from concept to implementation, rather than relying on additional data security layers being retro-fitted onto devices and networks at a later stage.


“Those things [operating systems and applications ….firewalls encryption and monitoring systems] do not go far enough in reducing and managing complexity, developing sound security architectures, and applying fundamental security design principles,” said NIST Fellow Ron Ross. “Many of the engineering-related activities must be done by industry, as consumers can’t design or modify source code, or do the other tasks necessary for full-spectrum security.”


NIST’s influence in global IT and data security standards has been significant to date. It released the cybersecurity framework v1.0 for US financial, energy, health care and other critical national infrastructure (CNI) systems in 2014 and since widely copied elsewhere.

The organisation was also instrumental in establishing a universal definition for cloud computing platforms, another key element in emerging IoT platforms which presents its own data physical and data security challenges.

Free Download: Security sector insights in the age of terror and the cyber-attack

This round-up of articles, which distills several presentations from IFSEC 2017 to their key tips and insights, focuses on counter-terror and cybersecurity – especially regarding physical security
systems – as well as drones, access control trends and CCTV procurement.

Click here to download now

Related Topics

Leave a Reply

Be the First to Comment!

Notify of