Physical security and IT convergence: Managing the cyber-related risks
Abstract
The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California.1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.
1Thayer, R., Martin, R., D’Agostino, S. and McCreight, T. Information Technology Security Council Series: Addressing Cyber Security Concerns in Physical Security, ASIS/ISC2 Annual Seminar and Congress, Anaheim California, Session 3209, 29 September 2015.
The full article is available to subscribers to the journal.
Author's Biography
Tim Mccreight is the Director, Advisory Services for Above Security — A Hitachi Company. Prior to joining Above Security, he was the Chief Information Security Officer for the Government of Alberta and the Director, Enterprise Information Security for Suncor Energy Services Inc. He has over 35 years’ experience in physical and IT security and has developed operational teams in both realms. He is a member of ASIS International, where he holds the Chairman’s position of the Information Technology Security Council.
Doug Leece is an information security professional with over 20 years’ experience in telephony, information systems and cyber security. Holding a number of consulting positions since 2006, he has worked with clientele ranging from small not-for-profit to Fortune 500 across multiple sectors including oil and gas, retail, transport, utilities, health, education, government and gaming. An active member of the Calgary information security community, he is an open source enthusiast doing independent research in the areas of network security in the enterprise and industrial control systems.
Citation
Mccreight, Tim and Leece, Doug (2016, September 1). Physical security and IT convergence: Managing the cyber-related risks. In the Journal of Business Continuity & Emergency Planning, Volume 10, Issue 1. https://doi.org/10.69554/PGJO8341.
Publications LLP