Ensuring the physical security of building complexes and equipment can be just as challenging as fending off cyber threats.
Although CISOs are generally rarely entrusted with the full spectrum of health and safety issues, they do play an important, strategic role in this regard – especially when it comes to physical security systems with IT connections and direct access to IT assets . The main limiting factors for CISOs are usually:
- the budget and
- unclear responsibilities.
In this article, we present ten essential measures for (more) physical security that CISOs should have on their list. First, however, let’s take a quick look at how physical security is defined – and why it is crucial for companies.
Why physical security is important
The term physical security, by definition, includes the protection of people, property and physical assets from unauthorized access, theft and other actions that lead to damage or loss. This area is all too often neglected in favor of cybersecurity.
This area is particularly important for CISOs because the vast majority of modern physical security systems and controls are linked to IT in some way – from badges and keycards to video surveillance. If there is unauthorized (physical) access, this can also result in cyber attacks and data breaches . It should therefore be in the interest of every security decision-maker to take appropriate precautions to control access to these assets.
This does not (and cannot) mean that CISOs should be entrusted with all physical security tasks. While it may work in the case of some smaller companies to combine the roles of CISO and CSO, for many large companies this is not an option, as Max Shier, CISO at cyber risk specialist Optiv, explains: “If there are regulatory requirements or it is a larger company, it may not make sense to combine cybersecurity and physical security. The resulting responsibilities – such as taking care of security for production facilities or bodyguards for executives – could quickly overwhelm cybersecurity teams depending on workload and capacity .”
If this option is not available to you either, Howard Taylor, CISO at security service provider Radware, knows what to do: “Then communication and coordination with the physical security teams is crucial for CISOs to achieve their goals. They should be included in the planning processes for business continuity , disaster recovery and physical assets and facilities. In addition, it must also be ensured that the resulting physical measures are legally sound – for example, that recordings from surveillance cameras do not violate data protection regulations.”
The Top Ten Physical Security Measures
Regardless of the organizational structure, CISOs should collaborate with all stakeholders in the area of physical security. Here are ten measures you should keep in mind in this regard.
1. Harden IT facilities and data centers
Data centers, sensitive IT facilities, and computer rooms in multi-purpose offices are obvious areas where CISOs should focus their attention to ensure control over physical access. David Ortiz, CISO at consumer goods company Church & Dwight, specifies: “Security decision makers should ensure that access to any rooms containing technical equipment is restricted to those who need it . In addition, contractors should only be allowed access to such rooms when accompanied. Ideally, access is logged and reviewed daily.”
Explore emtech 360 for the latest advancements in Information Technology & insightful updates from industry experts!
Source: https://www.csoonline.com/article/3493920/10-essenzielle-masnahmen-fur-physische-sicherheit.html
