The initiative for the survey was triggered by new interest in the subject of security convergence which is being promoted by the ASIS International European Security Convergence Sub-Committee (led by Alessandro Lega with the support of eleven members from eight different European countries).
The research – carried out by ASIS International (Europe) and the Information Security Awareness Forum (ISAF) – finds that 35% of respondents had fully integrated their physical and logical access control using a single ID/card.
A further 26% of those security professionals surveyed indicated that they were developing the technology.
“These results,” commented Alessandro Lega, “clearly show the need to keep the momentum going in terms of promoting security convergence across Europe. With threats are converging from a technological and operational standpoint, we need to make sure that corporate security organisations are not going to waste time and resources in fighting each other.”
Working towards a converged security strategy
According to James Willison, vice-chairman of ASIS’ European Security Convergence Sub-Committee, the aim of the research was to determine how many medium-to-large enterprises are either operating – or working towards – a converged security strategy in their organisations.
Willison is the founder of Unified Security and co-authored the report along with fellow IT security professionals Professor Paul Dorey (director with Security Faculty and IISP Chairman Emeritus) and Sarb Sembhi (chairman of the ISACA GRA Sub-Committee and director of consultancy services at Incoming Thought). He feels the research results confirm that approaching two thirds (61%) of organisations are both streamlining and increasing the cost efficiencies of their physical and logical access security systems.
“This is excellent news, as it not only reduces their security risk profile but also leads to cost efficiencies,” explained Willison. “As the ROI on these efficiencies generates cost savings, so these savings can be re-invested into further security technologies.”
Security: reaching a level of maturity
“These research results support those of our own studiesat Security Faculty which suggest that that IT security has now reached the level of maturity where it can meet the previously disparate requirements of security and financial control – and that is no mean feat,” added Professor Paul Dorey.
Professor Dorey also said that the ASIS-ISAF survey (which draws on responses from 216 security professionals from across the physical and information security community in Europe) states that 35% of organisations now operate independent corporate and information/IT security functions.
“The fact that the same percentage of respondents also revealed that previously independent security disciplines now work together on security risks across the business is another reflection of a growing maturity within the information security industry,” said Dorey.
“A recent ASIS/(ISC)2 survey found that 30% of corporate and IT security professionals share a responsibility for security,” outlined Willison. “The latest research suggests that this level of co-operation is on the increase, and that’s extremely positive for organisations.”
An important evolution
ASIS-ISAF report co-author Sarb Sembhi – who’s also a former president of ISACA London – echoed the comments voiced by Willison and Dorey, noting that co-operation and integration of security between the various disciplines is a very important evolution.
“It’s an important step as it means that risks can be identified and their true impact understood with an agreement for action. It means there is less duplication and, as a consequence, improved cost savings can be generated for enhanced risk management. This is good news in these economically troubled times.”
Professor Dorey continued: “It’s also interesting to note that organisations with a North American headquarters are more likely than their European counterparts to have converged security functions. A growing trend can also be seen in the UK and Ireland, but that trend appears slower in continental Europe.”
The researchers also noted that more than 70% of respondents to the survey agreed that it’s important to combine physical and logical security due to the rising levels of blended physical and digital threats being seen on the threat horizon.
This, they say, has significant implications for the way in which both physical and logical security people work together – whether it be to deal with blended threats, changes in technology, cost savings or the generation of better value to the businesses they serve.
A summary of the survey’s findings is available here
Further analysis and a more detailed report will be published in due course.
About ASIS International and the Information Security Awareness Forum
ASIS International is a professional organisation for security managers dedicated to increasing the effectiveness and productivity of security professionals worldwide by developing educational processes in the industry. For further information access the ASIS website
The ISAF – which was born out of the ISSA-UK Advisory Board – is essentially a cross-industry initiative set up to formally raise awareness of information security with the aim of assisting IT professionals to build the innovative security defences needed in the modern connected business world. More information is available online
