Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.
Issue link: http://sdi.epubxp.com/i/810390
L ast Fall, I started taking a cybersecurity certificate program at the University of Rhode Island (http:// dfcsc.uri.edu/academics/ cyber_security). Without a doubt, I am the only physical security representative in the class, and am surrounded by 30-plus IT security managers and aspirants. Recently, I was tasked with leading an online discussion group with my classmates about the role of physical security in provisioning better cybersecurity. It was a great opportunity to get their perspectives on what we do every day. Clearly, this is a work in process, but there are promising signs. Here are some of their most eye-opening comments, which come from experts in various IT-related disciplines: The Good "Any attempt to establish a comprehensive security program must include physical security. e best efforts of the rest of the team are in vain if there is inadequate physical protection. Most 'defense in depth' diagrams focus on cyber, but the physical infrastructure provides an extensive range of defense in depth before the cyber space is encountered." "Physical security cannot just be putting locks on exterior doors and calling it a day. Companies need to take a layered approach when securing its physical contents. It is not hard to gain access to a restricted building even without the proper credentials using the social engineering method of tailgating." "Physical security is one of the most overlooked topics in security. Everybody is more concerned about having the latest and greatest security appliances that we forget about all of the other security domains." "Keeping physical security top-of- mind will be as good an investment as all the firewalls and anti-virus soware you purchased." "A compromise of physical security can lead to the worst kind of cyber-at- tack because an assumption is oen made that an attacker does not have physical access to the equipment." "Physical access usually correlates to the insider threat – someone who is trusted but has ill intent and has physical access to company resources. A company can implement the best logical security, but if their physical security is flawed or lacking then the company's assets are at high risk." "A company that only is focused on the bottom line or is trying to survive are less impressed with security invest- ments until they are caught with their pants down." "e physical element of security is oen overlooked and typically less of a priority in favor of logical threat concerns; however, physical security should be seen as an intricate part of cybersecurity that requires controls to safeguard company assets. e con- trols should consist of multiple layers to deter and deny an attacker's attempt at compromising an asset." "PC-based end-points form our largest and most unsecured (from a physical security perspective) attack surface. Physically compromising a PC is a rather quick operation for a trained individual…We are in gen- eral very cavalier towards the physical security of endpoints. Compromises can be more obscure than we realize." "Frame security as a critical enabler…Encourage your employees to view security not as something restric- tive but as something that enables your organization to deliver its promises to its customers." "How many organizations have regular security tests against the physical security infrastructure? A lot of organizations are hiring companies to perform testing, but that typically only tests the digital/ network infrastructure." "When the physical and logical access is maintained by different sys- tems, the departments that manage the access oen do not interact with one another. is could lead to ineffective security policies that negatively impact 14 Security Dealer & Integrator / www.SecurityInfoWatch.com April 2017 What IT is Saying About Us A sampling of what IT experts have to say about physical security runs the gamut from good to bad and ugly Tech Trends BY RAY COULOMBE Any attempt to establish a comprehensive security program must include physical security ," one IT professional said. "The best efforts of the rest of the team are in vain if there is inadequate physical protection."