In 2002, Simone Kaplan wrote an article on combining IT and physical security.
(Read it here)
8 years on, some employees are reporting the lack of a coordinated security approach. IT and Security Departments often act independent of each other, and each imposes their own regulations and measures with little regard for the other’s requirements.
Some common audit findings include:
1. CCTV surveillance for critical workstations was not updated to meet requirements of a new floorplan.
2. Security staff (e.g. security guards, department security representatives) not reporting the unauthorised shared use of computer resources that can’t be detected when a user is legitimately logged on to the network.
3. Server racks placed away from the main server rooms that are not physically secured.
4. Network infrastructure labelled in obvious ways when physical security policies mandate more discrete labelling to make it less obvious to non-essential stakeholders.
5. Webmail access for former staff not terminated after the staff has left the company and returned staff passes / access cards.
Does your company coordinate security for both IT and physical environments? Let us know.
email us at firstname.lastname@example.org
Securityplan.org is committed to providing readers accurate, practical and relevant information. We advise that all posts / replies be kept anonymous to protect the users and companies being discussed. Do not post company names, persons, or other information that may identify the subject of the post to others.