Click here to receive your FREE subscription to Campus Technology

Home > Converged Security: Can Ex-Cops, Propeller Heads, and Bean Counters Make Nice?

Opinion

Converged Security: Can Ex-Cops, Propeller Heads, and Bean Counters Make Nice?

9/14/2007

By Doug Gale

The emergence of the "chief information security officer," or CISO, is clear evidence that higher education has begun to slowly but surely recognize the importance of information security. (See The Rise of the CISO, April 2007 Campus Technology Magazine.) But recent trends in the corporate sector suggest that just appointing a CISO may not be enough!

I had an opportunity this spring at the Security 2007 Professionals Conference (www.educause.edu/sec07) to hear Ira Winkler, author of Spies Among Us, talk about his experiences testing corporate security. One of his case studies described how he and a colleague were hired by an American company to "steal" the plans for a nuclear reactor that the company was developing. Using a business card stolen from a nearby restaurant he was able to enter the company's facility and with a healthy dose of chutzpah obtain a corporate security badge and access to the company's computers, which they then hacked to obtain the nuclear reactor plans. (They also found unauthorized access into the company's servers by a foreign nation.)

The most sophisticated information security technology and procedures can't protect the information if the thief has physical access to the server room. (See It's Not All About Hackers, September 2005 Campus Technology Magazine.) Physical security is just as essential as the information security we techies are familiar with. And a growing number of businesses, such as the Web conferencing firm WebEx, are merging the management of physical and IT security into a single unit. The corporate trend appears to be a more holistic approach to security.

Even the titles for security professionals, which had been a confusing plethora, have begun to coalesce into commonly accepted definitions. The title Chief Security Officer, or CSO, was first used within IT to identify the person responsible for information security. Now the trend is to use the more specific title of Chief Information Security Officer (CISO) for that person and reserve the CSO title for an executive level position with responsibility for both physical and information security.


Security Convergence
From a broader corporate perspective, security goes beyond information security, which focuses on availability, integrity, and confidentiality of information and systems. It includes physical security, which is much more than simply controlling access to facilities and includes insuring the safety of employees, facilities, and assets. Finally, it also includes financial, legal, and compliance security. As Bill Boni, vice president and CISO at Motorola puts it, it involves badges, bytes, and beans.

Traditionally, these functions have been separate silos, and those responsible for each approach security from a different perspective and bring different skills and abilities to address the problem of "security."


Recommended Reading
  • RIAA Outsources Fingering of Students Who Share Music Illegally

    The RIAA is outsourcing the hunt for music thieves. Its largest target currently is those who operate from within colleges and universities, a move that has piqued the attention of Educause.

  • Microsoft Expands Education Footprint in Asia Pacific Region

    Microsoft Chairman Bill Gates announced new partnerships to extend accessibility and computer literacy in the Asia Pacific region during a speech in Jakarta at a government leader gathering earlier this week.

  • IT Struggling Over Security, Compliance

    IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, according to a survey released Monday by Shavlik Technologies.

  • Toronto College Upgrades Network with Gigabit Ethernet Wireless Links

    Toronto-based George Brown College has gone public about its deployment of six BridgeWave GE60 wireless links to upgrade its campus-wide network.

  • Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall

    Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.

  • Vista Vulnerability Study Puts Microsoft on Defensive

    Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format