Good evening fellow classmates and Professor,
In this weeks forum we are continuing the conversation of Information Technology & and Physical Security convergence and how it enhances the over security of an organization. In this weeks reading we learned that the fundamentals of Information Technology security are authentication, authorization and secure communication. Authentication is used to ensure that the user is who they say they are. This process generally requires some form of identification like password, ID card, biometrics or some other proof that an individual is who they say. Authorization is used to grant people certain types of access to areas or information. This prevents breaches or unauthorized access to information that people have no need to know or need to access whether it be personal identification information(PII), finance information, logistics or any other information that needs to be protected. The last fundamental of information technology security is secure communication. This includes the use of encoding or encrypting information to prevent unauthorized access. There are various types and levels or layers of encryption depending on the sensitivity of the information. An easy way to think about it is the use of firewalls on a computer to prevent viruses or hacking, IT professionals have the ability to create multiple layers of these encrypted firewalls so if one is breached than there are others to back it up.
The topic of integration is important when discussing the unification of information technology(IT) security and physical security as well. “The target landscape for threat actors today is rich and safe for the threat actors. More sophisticated modern attackers are uncovering and utilizing cross-platform exploits that use the cracks between physical and IT security systems to attack the organization. This approach is new, like ransomware was new just a couple of years ago. But today, more than half of malware attacks carry a ransomware payload. In a couple of years, it is likely that cross-platform attacks will be very common, and existentially destructive.”(Norman, 2017) Because these technological security breaches are usually combined with physical security breaches it is important that they are integrated in order to provide a more secure environment for an organization.
-David Werlinger
References:
Kovari, P. (2005). WebSphere Security Fundamentals: IBM Redbooks. Retrieved from http://www.redbooks.ibm.com/abstracts/redp3944.html
Norman, Thomas L., CPP/PSP (2017), Compelling Case for Unifying IT and Physical Security, https://www.securityindustry.org/2017/11/20/the-compelling-case-for-unifying-it-and-physical-security/
Recent Comments