Leron Zinatullinwww.zinatullin.com

Convergence of Physical and Information Security

@le_rond

Convergence

“a trend that involves development of managed business process solutions to address risks and interdependencies between business functions and processes within the enterprise ”

Alliance for Enterprise Security Risk Management “Convergence of Enterprise Security Organizations”, 2005http://www.asisonline.org/newsroom/alliance.pdf, Web retrieve on December 22, 2009

@le_rond

Protection measures

@le_rond

@le_rond

@le_rond

@le_rond

@le_rond

@le_rond

@le_rond

Risk reduction

Cost savings

Disaster Recovery efficiency

@le_rond

Benefits of Convergence

Security Incidents

@le_rondUS-CERT, "Cyber Security Trends, Metrics, and Security Indicators", June 16, 2009. Volume 4, Issue 1.http://www.us- cert.gov/press_room/trendsanalysisQ109.pdf, Web retrieve on December 22, 2009

Liu, Simon and Cheng, Bruce; "Cyberattacks: Why, What, Who, and How", IT Pro, IEEE Computer Society, May/June 2009

Attack tool trends

@le_rond

Attack sophistication

Skillsrequired

@le_rond

@le_rond

@le_rond

Background

Salary

Training

Culture

Challenges of Convergence

@le_rond

@le_rond

@le_rond

@le_rond

@le_rond

Benefits ChallengesCost savings CultureMore holistic view of risk Salary differencesReduction of risk profile Training requirementsStreamline process Lack of collaboration

Summary of Benefits and Challenges of Convergence

@le_rondAlliance for Enterprise Security Risk Management “Convergence of Enterprise Security Organizations”, 2005http://www.asisonline.org/newsroom/alliance.pdf, Web retrieve on December 22, 2009

Merge physical and information security

Separate with reporting to one CSO

Keep the functions completely separate

Beginning a Convergence Program: Organizational Structure

@le_rond

Benefits of Convergence

Challenges of Convergences

Beginning of Converged Program

Summary

@le_rond

Thank you!

@le_rond