Skip to main content
Mobile
  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations
HS Talks HS Talks
Subjects  
Search
  • Notifications
    Notifications

    No current notifications.

  • User
    Welcome Guest
    You have Limited Access The Business & Management Collection
    Login
    Get Assistance
    Login
    Forgot your password?
    Login via your organisation
    Login via Organisation
    Get Assistance
Finance, Accounting & Economics
Global Business Management
Management, Leadership & Organisation
Marketing & Sales
Strategy
Technology & Operations
Practice paper

Physical security and IT convergence: Managing the cyber-related risks

Tim Mccreight and Doug Leece
Journal of Business Continuity & Emergency Planning, 10 (1), 18-30 (2016)
https://doi.org/10.69554/PGJO8341

Abstract

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California.1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

1Thayer, R., Martin, R., D’Agostino, S. and McCreight, T. Information Technology Security Council Series: Addressing Cyber Security Concerns in Physical Security, ASIS/ISC2 Annual Seminar and Congress, Anaheim California, Session 3209, 29 September 2015.

Keywords: converged security; physical security; IT security; risk assessment; system configuration; planned maintenance; security standards; supply chain; sensitive data

The full article is available to subscribers to the journal.

Already a subscriber? Login or review other options.

Author's Biography

Tim Mccreight is the Director, Advisory Services for Above Security — A Hitachi Company. Prior to joining Above Security, he was the Chief Information Security Officer for the Government of Alberta and the Director, Enterprise Information Security for Suncor Energy Services Inc. He has over 35 years’ experience in physical and IT security and has developed operational teams in both realms. He is a member of ASIS International, where he holds the Chairman’s position of the Information Technology Security Council.

Doug Leece is an information security professional with over 20 years’ experience in telephony, information systems and cyber security. Holding a number of consulting positions since 2006, he has worked with clientele ranging from small not-for-profit to Fortune 500 across multiple sectors including oil and gas, retail, transport, utilities, health, education, government and gaming. An active member of the Calgary information security community, he is an open source enthusiast doing independent research in the areas of network security in the enterprise and industrial control systems.

Citation

Mccreight, Tim and Leece, Doug (2016, September 1). Physical security and IT convergence: Managing the cyber-related risks. In the Journal of Business Continuity & Emergency Planning, Volume 10, Issue 1. https://doi.org/10.69554/PGJO8341.

Options

  • Download PDF
  • Share this page
    Share This Article
    Messaging
    • Outlook
    • Gmail
    • Yahoo!
    • WhatsApp
    Social
    • Facebook
    • X
    • LinkedIn
    • VKontakte
    Permalink
cover image, Journal of Business Continuity & Emergency Planning
Journal of Business Continuity & Emergency Planning
Volume 10 / Issue 1
© Henry Stewart
Publications LLP

The Business & Management Collection

  • ISSN: 2059-7177
  • Contact Us
  • Request Free Trial
  • Recommend to Your Librarian
  • Subscription Information
  • Match Content
  • Share This Collection
  • Embed Options
  • View Quick Start Guide
  • Accessibility

Categories

  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations

Librarian Information

  • General Information
  • MARC Records
  • Discovery Services
  • Onsite & Offsite Access
  • Federated (Shibboleth) Access
  • Usage Statistics
  • Promotional Materials
  • Testimonials

About Us

  • About HSTalks
  • Editors
  • Contact Information
  • About the Journals

HSTalks Home

Follow Us On:

HS Talks
  • Site Requirements
  • Copyright & Permissions
  • Terms
  • Privacy
  • Sitemap
© Copyright Henry Stewart Talks Ltd

Personal Account Required

To use this function, you need to be signed in with a personal account.

If you already have a personal account, please login here.

Otherwise you may sign up now for a personal account.

HS Talks

Cookies and Privacy

We use cookies, and similar tools, to improve the way this site functions, to track browsing patterns and enable marketing. For more information read our cookie policy and privacy policy.

Cookie Settings

How Cookies Are Used

Cookies are of the following types:

  • Essential to make the site function.
  • Used to analyse and improve visitor experience.

For more information see our Cookie Policy.

Some types of cookies can be disabled by you but doing so may adversely affect functionality. Please see below:

(always on)

If you block these cookies or set alerts in your browser parts of the website will not work.

Cookies that provide enhanced functionality and personalisation. If not allowed functionality may be impaired.

Cookies that count and track visits and on website activity enabling us to organise the website to optimise the experience of users. They may be blocked without immediate adverse effect.