Computerworld - In many respects, the physical and information security groups that coexist within companies are as different from each other as J. Edgar Hoover and Bill Gates.
Physical security staffs predominantly consist of former law enforcement officials who report to legal, compliance or risk management departments, whereas information or logical security departments typically have employees with technical backgrounds who are part of the IT organization. Physical security divisions tend to focus on the three G's -- guards, guns and gates -- while logical security groups usually concentrate on safeguarding information systems.
There are a few companies where the two entities are structurally connected, but most are not. Still, a growing number of executives have recognized the value of having these groups collaborate to share tactics such as loss-prevention techniques for retailers or the use of card systems to restrict personnel access within a facility.
According to a survey of 8,200 IT and security executives in 63 countries conducted in March and April of 2005 by PricewaterhouseCoopers and CIO magazine, 53% of organizations have some level of integration between their physical and IT security divisions. That's up from just 29% in 2003.
"People are recognizing that the two groups can't stay in their own towers," says Anne Rogers, vice president of marketing at the Information Systems Security Association (ISSA), a not-for-profit international organization of information security professionals and practitioners.
Collaboration can be as simple as having an information security group send an e-mail warning staffers about a fast-moving Internet virus while the physical security group posts signs around the building as a secondary reminder, suggests Angel Cruz, chief information security officer at Freescale Semiconductor Inc. in Austin.
Different Worlds
Although the benefits of security convergence are obvious, there are huge cultural challenges to collaboration that physical and information security organizations must overcome. For starters, IT workers typically embrace new systems and like to play with them to see how they might be applied to their work, whereas physical security personnel are usually more skeptical and standoffish about emerging technologies, says Steve Hunt, president of 4A International LLC, a security consulting firm in Chicago. Those differences can lead to a disparity in terms of how the two groups evaluate and adopt security technologies, he adds.
Compensation is another bugaboo. Hunt says a physical security chief for a Fortune 500 company with 20 years of experience typically earns about $60,000 a year, while an IT security manager who has been with the same firm for just two years generally commands twice as much. "It
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
