IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
James Willison MA, is a recognised International leader in Security Convergence and Enterprise Security Risk Management. In 2020 IFSEC Global listed James #8 in the top 20 Cyber Security Thought Leaders across the world. Shortlisted in Security Serious Unsung Security Heroes Awards 2018, as a Security Leader/mentor. James is Co Chair, Smart Buildings Working Group, Internet of Things Security Foundation and a member of the ASIS International ESRM Steering Committee. He is founder of Unified Security Ltd, a Vidsys consultant, works with AXIS Communications on cyber security and advises on the IFSEC Converged Security Centre.
James was awarded the Imbert Prize for an ‘outstanding contribution to the Security Industry in 2011’ for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has more than 20 years of management experience in the physical and information security industry, including posts as Advisor on Convergence to the Mitie TSM Board, Senior lecturer in Security Management at Loughborough University and Digital Security Expert with the European Union. He has co-authored three White Papers and a series of new articles with Sarb Sembhi, sponsored by AXIS Communications, on ESRM, GDPR and Smart Buildings and Cities’ Security.
The author will form part of a panel discussing convergence at the ASIS European Security Conferenceon Wednesday at 11:25am at the Hague’ World Forum. He is also speaking about smart buildings at IFSEC International, taking place at London ExCel on 17-19 June 2014 – register here
Security convergence and enterprise security risk management have preoccupied security professionals for more than a decade.
But what exactly do we mean by these terms? What have these disciplines achieved and what can we expect to see in the future?
Security convergence essentially unites all areas of security and helps the business to perform better and achieve its aims without suffering a significant incident. If it is unfortunate enough to experience an attack then it should be better positioned to minimise impact.
It can be argued that organisations that succeed in implementing a converged security strategy will have a clearer idea of potential threats and a faster response to crisis.
Of course, this depends on the company’s size and character, the management, security managers and staff.
Enterprise security risk management, meanwhile, is a more general term that focuses on the process of identifying and managing all security risks across an organisation and does not require formal collaboration.
Three layers
There are many aspects to the outworking and practice of these strategies. Three key layers should be considered.
Many readers will be aware of the impact of integrated technologies on the security industry and how systems are increasingly convergent.
Whether CCTV, access control or HVAC systems, technologies are also often networked and therefore affect corporate IT infrastructure. Security systems are the bottom layer and managed by the middle layer – perhaps the building management team – who work with other business functions such as engineering and IT on a day-to-day basis.
The top layer will be the CSO and CISO who together develop an overall strategy with the Board or senior executive.
Look at what has been achieved since 2000 it’s fair to surmise that significant progress has been made.
Events like 9/11 have heightened media interest in security issues during this period of increasing convergence. However, the most rapidly growing threat has come via the computer networks with which security systems are increasingly integrated, driving security professionals to work more closely with another, related area.
Now we have what is called the ‘internet of things’, which describes the billions of devices, from various utilities to smartphones and televisions, now connected to the internet. In response our industry has, at conferences and through articles, striven to raise awareness of the vulnerabilities of this widening array of devices.
So there’s a considerable level of awareness of the threats posed. UBM, ASIS International, ISACA, ISSA, the SyI and ISC (2) have all made notable contributions to this effort.
Blended threats, physical sites
The greatest achievement in terms of standards on security convergence and ESRM has been the ANSI ASIS PAP 2012 Standard, which outlines how to develop cross-functional teams to identify blended threats to physical sites – the most difficult to defend against and certain to be deployed by tomorrow’s criminals.
This standard was developed to support the ISO 27000 series of standards on information security, which are crucially significant in this space. Together these standards will continue to enhance organisations that implement the recommended strategies and controls.
In the practical realm of technological solutions much has been achieved in the fields of CCTV, physical and logical access control, PSIM, SIEM, intrusion detection and scanning – pretty much in all areas of security.
But if a doctor gives you a prescription, do you necessarily take the medicine? Some organisations are aligning their security strategy with the standards and using new technologies, but others aren’t even aware of the issues. How about you?
So what of the future? In my next article – to be published in April – we’ll look in more detail at emerging issues like smart buildings and the blended threats that could render them inoperable.
But we have so much to be thankful for. The last decade has seen fantastic advances in multiple fields and most people in our industry strive diligently to protect people, information and assets.
IFSEC International, taking place in June at London’s ExCel, will be a great opportunity to see how far we’ve progressed both in our technological response and managerial approach. I hope to see some of you there.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Security Convergence: We’ve Adapted Well But Are We Ready for Tomorrow’s Threats?The industry has broadly responded well to the challenges of convergence but, warns James Willison, many organisations aren't aware of best-practice security standards - let alone adhering to them.
James Willison
IFSEC Insider | Security and Fire News and Resources
