eCrime Watch: Integrating Physical and Data Security

eCrime Watch

Electronic crime threatens every corporation. "eCrime" (a.k.a security breach) can undermine shareholder value and destroy the tenure of senior executives. A company's biggest liability is to be found negligent or out of compliance following a security breach involving data loss. This blog addresses risk management in regard to electronic crime, with a focus on governance, integration (or convergence) of physical security and data security and that which pertains.

Friday, December 09, 2005

Integrating Physical and Data Security

Over 15,000 physical access control systems have been sold and installed in US corporations. These systems fully support integration of access control in both physical and logical space: Yet, less than a dozen companies have completed this integration. Despite the existence of these systems, the place to start the integration is with the people. Physical security personnel hold many of the key skills. Here is what I recommend:
1. Have physical security lead the risk based assessment of the company's computer systems. This skill is in their DNA. IT folks almost never conduct risk based assessments.
2. Have physical security write enforceable policies for change management within IT. IT seldom writes such policies for themselves...and when they do they seldom do them so they are readily enforceable.
3. Have physical security provide third party oversight when key change procedures are performed. This of data as cash: digital cash. Doing so highlights the need for third party oversight.
Integrating these three functions is the forerunner of integrating the access control systems. It follows the old IT adage: Do not automate broken processes.

About Me

Joel Rakow, Ed.D., leads the Electronic Security Group at Ollivier Corporation. He has advised the Secret Service and the Electronic Crimes Task Force, FBI Infragard, US Army, US Census Bureau, Dept. of Transportation, Adobe Software's Advisory Council, the State Courts of California and Tatum, LLC’s eCrimes. He developed master security plans for a $5 Billion global beverage company, healthcare organizations such as device manufacturers, hospitals, pharmacies, a national beverage company and ecommerce companies. Formerly, Rakow was Chief Technology Officer (6 years) and President and CEO (7 years) in nationally prominent organizations and Assistant to the President of a publicly traded company securing communications between the US Dept. of Defense and the White House, Chairman of the IT Steering Committee for an international public company. He has developed over 40 commercially successful application software programs and has won numerous industry awards such as Microsoft Partner of the Year, 1998, PC World Best Product of the Year (3 consecutive years) and Great Plains Implementation of the Year, 2001. Visit www.olliviercorp.com for more information.

eCrime Watch

Friday, December 09, 2005

Integrating Physical and Data Security

About Me

Previous Posts