Who should Lead in System Selection? – The IT manager has nudged the security director aside when it comes to system selection. It’s time for security to get into the action
- B.S.Raghavan
As a security system design consultant, my dealings with multiple businesses over the course of a decade or more have given me a front row seat from which to watch the unfolding battle between IT and security professions. Ten years ago, my contact at the client company was typically that of the security director. Three years ago, IT managers began showing up at these meetings. In the past year, the IT manager has not only called me in, but he has been the only person with whom I met to discuss security technology. The security director was not involved. The change has been fuelled by the integration of security systems with the corporate network. The remaining question is: How should security directors be responding to the new dynamics and what outcome would most benefit the overall organistion? Security directors have important contributions to make, and they should not accept being relegated to a secondary role in the selection of systems. IT personnel may understand the inner workings of any system well, that they may not fully understand its function in the sense of what the corporation needs the security system to accomplish. When IT personnel design security systems, they do not base those designs on vulnerability studies and risk assessments; they also do not factor in other security principles,, such as, the concepts of crime prevention through environmental design, for example. The primary concern for IT managers I have worked with was whether the equipment would fit within the existing networks and meet bandwidth restrictions. I have seen companies where security takes the lead, relies on the security system sales representative for advice, and fails to involve internal IT personnel. The result is often a system that won’t work with the network or that causes network problems. IT managers, when they can, will specify security systems with an eye toward ensuring that the systems meet the standards for the network. When shut out of the process, IT may play its trump card and simply ban the security systems from the network. It can significantly increase the cost of the installation and reduce the system’s capabilities. Some companies are replacing managers who can’t bridge the gap between security and IT with personnel who understand what is needed for the survival of the organization, not just the individual department. The new managers are usually cross trained in IT and security and understand the need for cooperation. Security must operate with or without the latest technology. If the system or the network goes down, security can’t go down with it. That’s why IT must be a consideration of the security director and not vice versa. The new environment requires the involvement of IT for the proper operation of the complex security systems now being installed. Security directors must also work closely with human resource personnel to consider the type of security officer that must be hired to operate the more sophisticated security equipment. Above all, security directors must embrace teamwork and the delegation of duties. They musut understand that they can transfer or share some tasks – such as allowing IT to ensure that the security system meets network criteria – without ceding ultimate responsibility for the security solution.
Security Management – August 2004.
Pacific port security a 'terror risk' By Claire Harvey, New Zealand correspondent ANTIQUATED airports and docks and inadequate cargo-screening systems throughout the Pacific posed a serious terrorist threat, New Zealand Prime Minister Helen Clark warned yesterday in calling on nations such as Australia to spend millions on lifting regional security. Her warning came as Australia yesterday announced an extra $500,000 in aid for improved port security and training of border officials in 11 Pacific nations, including Papua New Guinea. New Zealand also announced an extra NZ$3million ($2.6million) a year for Pacific security. Ms Clark also warned delegates at the formal opening of the Pacific Round Table on Counter-Terrorism in Wellington last night that terrorist attacks might be launched from within the Pacific, and foreign embassies in the islands were at risk. "The Pacific might present a tempting target, either for an attack like the one in Bali, or as a base from which terrorist cells might undertake the planning and groundwork for an attack somewhere else," she told senior security officials from around the region, who today begin talks on money-laundering, border security and law enforcement. "The traditional image of the South Pacific has long been one of a tropical paradise," Ms Clark said. "But as experience has shown in Kenya and Tanzania, where hundreds of locals were killed in terrorist attacks on US embassies, remoteness, peacefulness and even neutrality or non-alignment do not guarantee security from terrorists." Some Pacific airports may be closed to international flights if they could not meet the International Civil Aviation Authority's new security requirements, which come into force on July 1, 2006, she said. The new rules include X-ray baggage screening, metal detectors and tight passenger screening. "If international airlines were unable to land at Pacific entry points because ... security requirements were not met, the impact on the Pacific's tourism sector would be devastating," Ms Clark said. Fiji alone would need several million dollars in aid from donors such as Australia, the European Union and New Zealand, said Fijian Justice Ministry chief executive Sakiusa Rabuka. "We are very, very concerned that the airports can be used as staging points for attacks by people who are coming to Australia or New Zealand," Mr Rabuka said. "We don't have the human resources, the technical resources or the financial resources to handle this." Ms Clark said among the most urgent problems were new International Maritime Organisation rules on secure handling of cargo, which come into force in July. "If cruise ships stopped calling at Pacific ports, then the tourism market would dry up," she said. "If cargo capacity disappears because foreign ships and aircraft are unwilling to berth or land, or if delivery becomes unreliable, the economic impact would be very damaging." (Courtesy: Mr. Mayer Nudell, USA .)
Her warning came as Australia yesterday announced an extra $500,000 in aid for improved port security and training of border officials in 11 Pacific nations, including Papua New Guinea. New Zealand also announced an extra NZ$3million ($2.6million) a year for Pacific security.
Ms Clark also warned delegates at the formal opening of the Pacific Round Table on Counter-Terrorism in Wellington last night that terrorist attacks might be launched from within the Pacific, and foreign embassies in the islands were at risk.
"The Pacific might present a tempting target, either for an attack like the one in Bali, or as a base from which terrorist cells might undertake the planning and groundwork for an attack somewhere else," she told senior security officials from around the region, who today begin talks on money-laundering, border security and law enforcement.
"The traditional image of the South Pacific has long been one of a tropical paradise," Ms Clark said. "But as experience has shown in Kenya and Tanzania, where hundreds of locals were killed in terrorist attacks on US embassies, remoteness, peacefulness and even neutrality or non-alignment do not guarantee security from terrorists."
Some Pacific airports may be closed to international flights if they could not meet the International Civil Aviation Authority's new security requirements, which come into force on July 1, 2006, she said. The new rules include X-ray baggage screening, metal detectors and tight passenger screening.
"If international airlines were unable to land at Pacific entry points because ... security requirements were not met, the impact on the Pacific's tourism sector would be devastating," Ms Clark said.
Fiji alone would need several million dollars in aid from donors such as Australia, the European Union and New Zealand, said Fijian Justice Ministry chief executive Sakiusa Rabuka.
"We are very, very concerned that the airports can be used as staging points for attacks by people who are coming to Australia or New Zealand," Mr Rabuka said. "We don't have the human resources, the technical resources or the financial resources to handle this."
Ms Clark said among the most urgent problems were new International Maritime Organisation rules on secure handling of cargo, which come into force in July.
"If cruise ships stopped calling at Pacific ports, then the tourism market would dry up," she said.
"If cargo capacity disappears because foreign ships and aircraft are unwilling to berth or land, or if delivery becomes unreliable, the economic impact would be very damaging."
(Courtesy: Mr. Mayer Nudell, USA .)
