The Alliance for Enterprise Security Risk Management: A partnership of the three leading international security organizations, formed to address issues surrounding the convergence of traditional and logical security.

Security Experts Recommend Tips for Minimizing Convergence Turf Wars

Rolling Meadows, IL, USA (14 September 2006) —Organizations are increasingly integrating physical and information security to reduce costs and make better use of technology investments. While this convergence is a positive trend, differences in cultures and priorities between physical and information security departments can cause turf wars and end up actually weakening an organization’s overall security.

To help maximize the benefits of convergence and minimize risks, The Alliance for Enterprise Security Risk Management (AESRM) has released Convergent Security Risks in Physical Security Systems and IT Infrastructures, the results of a study it conducted to identify risks and help information and physical security managers effectively evaluate and manage them. The report is available as a complimentary download at www.aesrm.org.

Security executives and consultants from the three global organizations that make up AESRM—ASIS International, ISACA and the Information Systems Security Association (ISSA)—identified seven areas of risk and offers tips including:

  1. Establish a governance framework for managing security-related risks.
  2. Define security requirements for physical security, plant process control and other similar systems early in the planning cycle.
  3. Analyze and understand security-related cost-benefit tradeoffs.
  4. Implement effective controls.
  5. Treat physical security systems as critical and include them in the organization’s continuity plans. They are important sources of information in investigations.
  6. Require increased auditing for and logging in to special systems.
  7. Require tailored security training and awareness.
  8. Increase pressure on vendors to vigorously address security protocols.

Detailed explanations of the risks and advice for managing them are contained in the free report.

“The need for security convergence is exemplified by recent high-profile thefts of laptops holding confidential information, such as personal data on millions of people,” said Ray O’Hara, CPP, chairman of AESRM. “Protecting organizations from such losses—as well as significant embarrassment and a potential drop of stock price—takes expertise that combines physical security, to protect the laptop, and information security, to protect the data it contains. The key is to get these two formerly separate disciplines to work together.”

About AESRM
The Alliance for Enterprise Security Risk Management (www.aesrm.org) is a partnership of three leading security organizations—ASIS International, ISACA and ISSA—formed to address issues surrounding the convergence of traditional and logical security.

About ASIS International
ASIS International (www.asisonline.org) is the preeminent organization for security professionals, with more than 34,000 members worldwide. Founded in 19855, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities and the public. By providing members and the security community with access to a full range pf programs and services, and by publishing the industry’s number one magazine — Security Management — ASIS leads the way for advanced and improved security performance.

About ISACA
With more than 50,000 members in more than 140 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, develops international information systems auditing and control standards, and administers the globally respected Certified Information Systems Auditor designation, earned by more than 48,000 professionals since inception, and the Certified Information Security Management designation, a groundbreaking credential earned by more than 6,000 professionals since it was established in 2002.

About ISSA
The Information Systems Security Association (ISSA) (www.issa.org), with more than 13,000 individual members and 106 chapters around the world, is the largest international, not-for-profit association for information security professionals. It provides educational forums, information resources and peer interaction opportunities to enhance the knowledge, skill and professional growth of its members. ISSA members are consistently recognized as experts on critical issues in the area of information security, and the association is viewed as an important resource for small businesses, global enterprises and government organizations alike. Working closely with other industry organizations such as (ISC)2, ASIS and ISACA, and leading worldwide initiatives like the GISP and the recommended CISO education curriculum, ISSA is focused on providing leadership and maintaining its role as The Global Voice of Information Security.

Media Contacts
For ASIS: Chris Flynn, cflynn@asisonline.org, 703.518.1466
For ISACA: Kristen Kessinger, kkessinger@isaca.org, 847.590.7455
For ISSA: Ann Rogers, arogers@wm.com, 713.287.2488

 

 

 

 

Copyright © AESRM 2008, All Rights Reserved.