Physical and IT security shops often have trouble working together. They work as two separate departments and cultures, and criminal activity can go unnoticed as a result.
At the CSO Security Standard event, two security professionals sought to change that, offering up a plan the physical and IT sides can use to join forces for a far more potent defense.
Representing the physical side was Richard Gunthner, vice president of global corporate security for MasterCard Worldwide. Representing the IT side was Roland Cloutier, vice president and chief security officer for ADP.
"Much of my career has been spent on the IT side and Richard has dealt largely with the physical, but now our jobs are looking more and more alike," Cloutier said. "Security is not about headcounts in the physical and IT departments. We need to leverage each others' people, processes and technologies."
From there, the two built a couple practice scenarios for how to get there.
First, there's the physical and IT security technology. On the physical side there are the alarm systems, the CCTV monitoring and the video analytics. Video can spot the suspicious person hiding behind a tree and can track the flow of automobiles in and out of the parking lot. On the cyber side, there's the security incident event management (SIEM) technology and other tools to track potential data leakage and perform such things as deep packet inspection. On the global risk and intelligence analysis side, there is intelligence collection and risk monitoring on the physical side and on the IT side there are the GRC platforms, anti-fraud feeds and control assurance platforms.
Where do the physical and IT ends meet? Cloutier and Gunthner presented two different scenarios.
In the first scenario:
- A thief takes a computer.
- The SIEM system detects a resource change (the computer removed from its proper place).
- The physical security information management (PSIM) procedures detect that the doors in and out were not accessed according to protocol (card swipe to open the door, etc.).
- The SIEM and PSIM talk to each other, compare data and trigger a response rule.
- The incident handling system receives an alarm and fires off the proper standard operating procedure to deal with the theft.
- The related notification technology on the physical and IT sides trigger a pre-arranged response.
By pooling the physical and IT technologies and procedures, chances of the company finding the thief and retrieving the computer increase significantly.
The second scenario deals with workplace violence prevention. In this sequence of events:
- The data loss prevention (DLP) technology uncovers a chat session on a work machine where an employee has threatened someone over IM.
- The physical corporate investigation and HR people move in and investigate the insider's record.
- The insider is found to be a domestic violence case and information on the spouse is obtained.
- IT security technology (telephony monitoring and DLP systems) is updated with the data corporate investigations and HR has gathered.
- The physical and IT shops now have the pieces in place to watch the offender closely and swoop in at the first sign of trouble.
The scenarios may sound painfully obvious. But as the two men pointed out, things often don't work this way.
The benefits of working together are considerable, Gunthner said, noting that a combined defense can help reduce cases of ID theft, leaking of corporate trade secrets, travel risks affecting employees, terrorism, etc.