Follow us
Cyber Physical Security. Supporting ESRM and CSM White Paper.
Several surveys in recent years have shown that at the corporate level security is still mainly siloed, even though many security leaders have advocated a converged approach. Those successful in aligning the security risk functions have done this despite operational teams being separate. They have achieved this by forming multidisciplinary teams where it is relevant to do so, to detect threats and provide a unified response.
A recent White Paper titled “Supporting Enterprise Security Risk Management. How vendors can support ESRM and CSM strategies” explores corporate security strategy and the vendors’ role in ensuring solutions meet the requirements of a converged approach. The difficulty organisations face is that an attacker can exploit a vulnerability in a CCTV system or a component of an access control system and the Physical team is most likely unaware of this, unless it is working closely with the logical security team. Part of the challenge has been that solutions have also been siloed, although this is beginning to change. Physical security vendors were not developing products which were resilient in themselves due to security not being baked into the product or the development processes. This has also meant that solutions could not be patched when a vulnerability was identified, or that they came with default settings which were insecure (and bad practice), or it just didn’t produce alerts to say that it was under attack, etc. Further, some vulnerable physical solutions have introduced easier attack points to attack the more secure logical security solutions elsewhere in the enterprise.
The answer for enterprises is not necessarily in forming a single security function but to have the vision to form multi-disciplinary teams. - this is what the White Paper advocates as Converged Security Management. It also outlines how vendors can develop new solutions which support the organisation’s ESRM strategy. To date most technology is specified for physical or logical security, but the future is in solutions which provide a holistic view of all security risks. Vendors need to consider the cyber security of their technology and work with all the stakeholders in the manufacture and distribution to ensure that it enhances the Network security of the system and does not threaten it. Vendors and Manufacturers should observe the recent EU NIS Directive 50 which expects manufacturers to enhance the security of the network.
The White Paper covers:
• Changes that makes convergence important to physical security vendors.• The responses to those changes.• The needs of the various stakeholders.• The converged security management requirements• The support that vendors can provide.
Authors:James Willison MA MSyI, Founder, Unified Security LtdSarb Sembhi, CTO & CISO Virtually Informed Ltd.
Its sponsor AXIS Communications writes, “We believe its recommendations for our partners and customers operating in the Enterprise Security Risk Management space will be invaluable”.
It can be downloaded from the link below.
A full version of this article was ‘First published in Risk UK (July, 2017). Copyright: Pro-Activ Publications’
Cyber Physical Security. Supporting ESRM and CSM White Paper.
Several surveys in recent years have shown that at the corporate level security is still mainly siloed, even though many security leaders have advocated a converged approach. Those successful in aligning the security risk functions have done this despite operational teams being separate. They have achieved this by forming multidisciplinary teams where it is relevant to do so, to detect threats and provide a unified response.
A recent White Paper titled “Supporting Enterprise Security Risk Management. How vendors can support ESRM and CSM strategies” explores corporate security strategy and the vendors’ role in ensuring solutions meet the requirements of a converged approach. The difficulty organisations face is that an attacker can exploit a vulnerability in a CCTV system or a component of an access control system and the Physical team is most likely unaware of this, unless it is working closely with the logical security team. Part of the challenge has been that solutions have also been siloed, although this is beginning to change. Physical security vendors were not developing products which were resilient in themselves due to security not being baked into the product or the development processes. This has also meant that solutions could not be patched when a vulnerability was identified, or that they came with default settings which were insecure (and bad practice), or it just didn’t produce alerts to say that it was under attack, etc. Further, some vulnerable physical solutions have introduced easier attack points to attack the more secure logical security solutions elsewhere in the enterprise.
The answer for enterprises is not necessarily in forming a single security function but to have the vision to form multi-disciplinary teams. - this is what the White Paper advocates as Converged Security Management. It also outlines how vendors can develop new solutions which support the organisation’s ESRM strategy. To date most technology is specified for physical or logical security, but the future is in solutions which provide a holistic view of all security risks. Vendors need to consider the cyber security of their technology and work with all the stakeholders in the manufacture and distribution to ensure that it enhances the Network security of the system and does not threaten it. Vendors and Manufacturers should observe the recent EU NIS Directive 50 which expects manufacturers to enhance the security of the network.
The White Paper covers:
• Changes that makes convergence important to physical security vendors.
• The responses to those changes.
• The needs of the various stakeholders.
• The converged security management requirements
• The support that vendors can provide.
Authors:
James Willison MA MSyI, Founder, Unified Security Ltd
Sarb Sembhi, CTO & CISO Virtually Informed Ltd.
Its sponsor AXIS Communications writes, “We believe its recommendations for our partners and customers operating in the Enterprise Security Risk Management space will be invaluable”.
It can be downloaded from the link below.
A full version of this article was ‘First published in Risk UK (July, 2017). Copyright: Pro-Activ Publications’
