Convergence of Physical and Cyber Security
By Byrne Ghavala, 15 March 2002.
Physical Security and Information Security form a natural synergistic and symbiotic relationship. This relationship has long been acknowledged by the IT security industry, and has been recognised in the BS7799 / ISO17799 security standards.
These standards were formed to assist companies in their implementation of industry best practice in information security, by providing a single point of reference, detailing the wide range of controls required to do so.
The standards cover ten major areas, which include (amongst others), System Access control, Physical and Environmental Security, Computer and Network Management and Personnel Security.
Companies looking to implement current security best practices according to these standards will quickly find just how closely Physical Security and Information Security are linked.
Implementing the latest policy compliance tools, perimeter protection systems and authentication solutions do not provide complete security. It is common knowledge that security is only as good as the weakest link. If the systems to be protected are not physically secure, then they are still vulnerable to attack. It is an old security adage that "if you can physically touch a system, then there is no security".
In summary, both Physical and Cyber security are inherently inter-reliant. There is no point in building Fort Knox if the information contained within can be siphoned out via an unprotected data feed. Conversely, it is hopeless to assemble a formidable electronic defence if an intruder can walk in off the street and take whatever they wish.
Any modern security officer would be wise to keep a weather eye on all aspects of security. You can never be sure where the next storm will start brewing.
