Companies are increasingly seeing the need to develop their thinking on security strategies – and bring physical and IT security together; in a word, convergence. The Information Security Awareness Forum (ISAF), the Chair of the ISAF and the Chair of the ASIS European Security Convergence subcommittee agreed to conduct a survey of their members on the state of Security Convergence in Europe.
Co-author James Willison, pictured, vice chair of the ASIS European Convergence committee and founder of Unified Security Ltd explains, “The analysis from 216 companies of what is converging showed that 60 per cent are working together on security projects across the enterprise. In fact 39pc are working either in the same department or report to a shared executive director with a further 21pc collaborating on a variety of security issues. Companies are increasingly seeing the need to develop their thinking on security strategies and perhaps as awareness of cyber threats increases there is a correlating concern for looking at security more holistically. Common reporting, advances in technology and increasing reliance on networked systems will inevitably develop converged relations.”
Sarb Sembhi, co-author and Chair of ISACA GRA Sub Committee, Director of Consultancy Services at Incoming Thought Ltd who hosted the survey added, “One of the underlying objectives for this survey was to understand why any organisation today is considering a converged security response. Some 57pc indicated that the blended threat was the key driver. Our understanding for why responding to blended threats had a much higher response could have been largely due to the increase in blended threats in the press and that many organisations may have personal experience of dealing with them. And further that to deal with them effectively they worked closely with their colleagues in other security functions.”
And Dr David King, Chair of the ISAF, says: “Convergence has been a topic of significant interest and relevance in recent years in traditional security and information security arenas alike. The prevalence of the “blended” threat and the coming together of physical and information security techniques has given some the growing sense of the need for a converged response. Indeed, organisations have been embracing convergence of their security capabilities to varying degrees. However, it has been very hard to put a figure to the extent of adoption”. ASIS Europe has pioneered a strategy to promote converged security approaches across Europe and its chair, Alessandro Lega saw the value of a survey which would seek to answer this question. His initial thoughts were that as this was “the first real survey on Security Convergence run in Europe, there was the risk of impact from a potential starvation due to the complexity of the subject.” He added that, “It was unpredictable if corporations would have been willing to share information with us.”
They asked three specialists in the field of security convergence to analyse the data and write a report. Prof Paul Dorey, Director with Security Faculty Ltd and IISP Chairman Emeritus said: “We have had a long standing interest in the effective integration and convergence of different security functions and skill sets. This comes both from actual experience of running a converged security team covering IT and physical security and working with teams in other companies who have done just that too. We have had the experiences first hand. We were interested in getting some more recent data on what companies were really doing. We were particularly interested in testing conversations we have been having with both corporate and IT security professionals who say that they are brought to work together by the actions of our attackers.”
After the response and results both chairs were delighted with the findings.
Dr King said: “This report is particularly to be welcomed as a useful addition to our understanding of convergence overall, and provides a foundation to underpin the work of those in the industry that have been pioneering convergence as a key strategic theme for their organisations. Mr Lega added: “Afterwards we can say the survey was very well received and respondents gave their valid contribution to draw a picture of where we stand right now with Security Convergence in Europe”.
The full report is available at –
http://www.incomingthought.co.uk/index.php/leadership/research/csm-report-2011
Founding members of the forum include The ISSA, the BCS, CMA, the Cybersecurity Knowledge Transfer Network, eema, EURIM, Get Safe Online, ASIS International (UK Chapter) IAAC, the Information Technologists’ Company, Infosecurity Europe, the Institute for the Management of Information Systems (IMIS), the Institution of Engineering and Technology, the Digital Security Working Party of the International Underwriting Association of London (IUA), ISACA, (ISC)², ISF, the Institute of Information Security Professionals (IISP), the Jericho Forum, the National Computing Centre, the National e-Crime Prevention Centre (NeCPC), the Police Central e-Crime Unit, the SANS Institute, the Charities Security Forum and the SASIG. The forum is chaired by Dr David King and its secretary is Stephan Freeman.
