There has been a shift in the info management (IM) of business and organizations in the last few years to become a function of (either superior to or subordinate to) the IT side of things. Indeed, the creation of IM Managers and Chief Information Officers (CIOs) is the new sexy in hiring.
Unfortunately, this has taken a significant bite out of security managers and executives power, and in fact has left them holding the less sexy physical security bag, which has become woefully neglected.
The biggest problem with creating a second and third avenue of security responsibility in an organization is that it creates a fragmented approach where each department (2-3 of them) each try and secure their respective castles, with often only a thread of connectivity in the form of a corporate security policy which was likely not created to effectively coordinate separate departments.
The next biggest problem is that major resources tend to go to the sexy side (IT/IM), and the scraps are left to physical. This means that on top of the IT and IM folks likely enjoying the attention of the executive suite more than the physical guy, they also get the bulk of funds and resources and ignore the significant role physical lapses can result in which make IT and IM irrelevant.
Case in point. Super strong network security and a perfectly synchronized access plan (which never occurs by the way) will be easily outmanoeuvred by someone picking through the garbage, talking to staff after work or digging up some dirt and doing an old fashioned intelligence recruitment.
There has to be more to the IM and IT planning than just having strong capabilities in network security and managed information flows. The old fashioned approach of physical security should be the driving force still in the current security model, as things haven't actually changed, even though the pedlars of these systems may claim otherwise.
The most effective security model then is one which is drawn up by one sole security source (usually being the physical security guy), which then incorporates how information will be managed from physical to electronic and back to physical mediums. This will ensure unity of effort, reduced costs in terms of security staff, better understanding of the overall security picture by personnel and a more effective plan overall.
Blog courtesy of Elemental Investigations: Private Investigator Edmonton, which is a security and investigations agency in Ottawa, Canada. They are located on the web at www.elementalpi.ca
Tuesday 10 December 2013
Friday 6 December 2013
Security Surveys
Security Surveys are a handy tool to assess the effectiveness of a security plan/system.
Contrary to some perceptions, security needs to be continuously reviewed and adapted to the changing environment, or else it risks becoming out of date and irrelevant.
The security survey should always be performed by a neutral third party, which ensures that corporate group think and egos stay out of the way of properly assessing the effectiveness of your security. The survey will look at things like current practices, how they are understood and are being followed by staff, technology changes, attitudes to the organization, threats to the industry and any other factor which could conceivably impact the security of your organization or operation.
This will allow managers and executives to look at the various weak points in a security plan and determine whether or not they will mitigate the issue or deal with it head on. It will also help assign resources to more effective areas, which can ease resource demands and even save some cash.
The security survey should be performed yearly for security sensitive organizations, and every 3-5 years for other organizations to keep them effective. These should be paired to the Threat Risk Assessments for your organization as well to give the most effective and comprehensive security picture of your organization to keep your staff and assets as secure as possible.
Blog content provided by Elemental Investigations: Private Investigator Edmonton, which is a security and investigations agency operating out of Edmonton Canada.
Contrary to some perceptions, security needs to be continuously reviewed and adapted to the changing environment, or else it risks becoming out of date and irrelevant.
The security survey should always be performed by a neutral third party, which ensures that corporate group think and egos stay out of the way of properly assessing the effectiveness of your security. The survey will look at things like current practices, how they are understood and are being followed by staff, technology changes, attitudes to the organization, threats to the industry and any other factor which could conceivably impact the security of your organization or operation.
This will allow managers and executives to look at the various weak points in a security plan and determine whether or not they will mitigate the issue or deal with it head on. It will also help assign resources to more effective areas, which can ease resource demands and even save some cash.
The security survey should be performed yearly for security sensitive organizations, and every 3-5 years for other organizations to keep them effective. These should be paired to the Threat Risk Assessments for your organization as well to give the most effective and comprehensive security picture of your organization to keep your staff and assets as secure as possible.
Blog content provided by Elemental Investigations: Private Investigator Edmonton, which is a security and investigations agency operating out of Edmonton Canada.
Subscribe to:
Posts (Atom)