30 November 2005

Enterprise Security Risk Convergence: The Wave of the Future...

Savvy CIO's and CSO's recognize that new threats and soaring costs are two factors driving the convergence or integration of traditional and information security functions in a growing number of global companies. Business desire for security professionals who can examine and assess the risks that organizations face as a whole is one of the driving forces behind the convergence phenomenon. Operational Risks span the continuum from the physical to the digital environment in our enterprise ecosystems.

The focus on security from an enterprise perspective has led to innovative approaches that emphasize integration;specifically, the integration of the risk side of business into the strategic planning side in a consistent and holistic manner. Strategic Convergence & Change Management solutions ensures that integrated functions within the organization work together. This growing need enables the organization to effectively deter, detect, defend and document both physical disruptions and information security incidents.


Enterprise Security Risk Convergence initiatives are underway in many global organizations today and for good reason. For too long, the silo's of information in the physical guards, gates and guns world were not on an IP network. Those days are over. The Siemens, Tyco's and Honeywells along with other physical security juggernauts have figured out that they need the information security software and hardware to provide totally "converged" solutions for their clients. Integration of information-based assets in embedded systems combined with the data bases of the INFOSEC operations can now provide that holistic view of risk that the enterprise has been thirsty for. Yet, this battle is only starting to heat up.

Prepare your organization for the day when the efficiencies and the effectiveness of having redundant safety and security responsibilities becomes a new agenda topic at the next executive retreat. Strategic Security Convergence is the "Operational Risk Management" wave of the future. How these converged entities are forming and how they will arrive at a single focal point is based on what they both have in common. Information-based assets.

And when it comes to establishing a single risk management system focused on information, there is only one international standard. ISO 27001:2005 is that set of controls and guidance that will assist in the rapid convergence of these seemingly different security domains. Once the physical security management realizes that their budgets are going to be combined with the information security budgets the feathers and fur will begin to fly in the halls of the corporate headquarters around the globe. In the end, the winners will be those organizations who realized that all the guards, gates, firewalls and intrusion prevention systems are nothing more than tools. What they support are the successful implementation of a Risk Management System focused on information. The single asset that both security organizations have in common.

No comments:

Post a Comment