Click here to receive your FREE subscription to Campus Technology
Opinion
Converged Security: Can Ex-Cops, Propeller Heads, and Bean Counters Make Nice?
9/14/2007
I had an opportunity this spring at the Security 2007 Professionals Conference (www.educause.edu/sec07) to hear Ira Winkler, author of Spies Among Us, talk about his experiences testing corporate security. One of his case studies described how he and a colleague were hired by an American company to "steal" the plans for a nuclear reactor that the company was developing. Using a business card stolen from a nearby restaurant he was able to enter the company's facility and with a healthy dose of chutzpah obtain a corporate security badge and access to the company's computers, which they then hacked to obtain the nuclear reactor plans. (They also found unauthorized access into the company's servers by a foreign nation.)
The most sophisticated information security technology and procedures can't protect the information if the thief has physical access to the server room. (See It's Not All About Hackers, September 2005 Campus Technology Magazine.) Physical security is just as essential as the information security we techies are familiar with. And a growing number of businesses, such as the Web conferencing firm WebEx, are merging the management of physical and IT security into a single unit. The corporate trend appears to be a more holistic approach to security.
Even the titles for security professionals, which had been a confusing plethora, have begun to coalesce into commonly accepted definitions. The title Chief Security Officer, or CSO, was first used within IT to identify the person responsible for information security. Now the trend is to use the more specific title of Chief Information Security Officer (CISO) for that person and reserve the CSO title for an executive level position with responsibility for both physical and information security.
Security Convergence
From a broader corporate perspective, security goes beyond information security, which focuses on availability, integrity, and confidentiality of information and systems. It includes physical security, which is much more than simply controlling access to facilities and includes insuring the safety of employees, facilities, and assets. Finally, it also includes financial, legal, and compliance security. As Bill Boni, vice president and CISO at Motorola puts it, it involves badges, bytes, and beans.
Traditionally, these functions have been separate silos, and those responsible for each approach security from a different perspective and bring different skills and abilities to address the problem of "security."
Recommended Reading
- California Community Colleges Partner with Waterfall Mobile on Statewide Emergency Notification Coverage
The Foundation for California Community Colleges (FCCC) has awarded a statewide emergency alert notification contract to Waterfall Mobile. The contract establishes Waterfall's AlertU as an approved technology through the official non-profit foundation for the California Community College (CCC) system office. Through this partnership, individual colleges may directly implement emergency communication services, eliminating lengthy technology evaluation and RFP processes.
- King's College and ASU Add e2Campus for Improved Emergency Notifications
King's College and Arizona State University have switched to Omnilert's e2Campus for emergency notification. Omnilert also has introduced a new program called the ENS Conversion Service that allows schools to bulk upload data from their previous emergency notification system into e2Campus at no charge.
- Saint Joseph Builds Out Wireless Network in Multi-year Upgrade
Saint Joseph's University has begun deploying a Meru Networks wireless local area network across its Philadelphia campus as part of a multi-year effort to bring wireless coverage to every building on campus.
- Vista Ramp Up Is Happening Now, Study Says
Organizations may have been slow to adopt Microsoft Windows Vista, but expect that to change by late 2008 to 2009, according to a Forrester Research report by Benjamin Gray et al., published last week.
- Talisma Launches New Version of CRM with Built-in Application Management
Talisma Corp. announced version 8.0 of its constituent relationship management (CRM) application for higher education. The new release includes application management, a revamped user interface, two-way text messaging, personalized Web portals, and an ADA-compliant Web client, among other enhancements.
- Bringing Composers into Classrooms Through Skype
Two Pennsylvania teaching colleagues with an interest in music and technology are bringing remote experts into classrooms at almost no cost, using Skype's free videoconferencing technology.
