Risk Management: What Keeps You Up at Night? Part 3

In the System Monitoring Room Two Senior Operators Work on a Big Interactive Map. Facility is Full of Screens Showing Technical Data.

Throughout this series, I’ve been leading up to this discussion on the Security Systems Management Platform, which is likely a new term to most, but is composed of familiar systems. The concept behind this is not that it replaces any conventional security systems but ties them together with other relevant systems, such as HR and Active Directory, to help produce efficiencies and greater effectiveness which ultimately reduce risk.

Applied to Physical Security operations, this approach produces benefits to help achieve greater security risk management, but let’s shift to an enterprise approach. By enterprise, I am referring to all activities across the organization in the Physical and Logical realms. The systems you probably recognize are Physical Security Information Management (PSIM) and Physical Identity and Access Management (PIAM), also known as Credential Management. While these systems are starting to blend physical and logical security activities, the Security Systems Management Platform provides those and other capabilities at a truly enterprise level, effectively converging the two realms. For that reason, a better name is Enterprise Security Management Platform (ESMP). In this solution, actual user operations can be as integrated or as isolated as desired for physical and logical activities. Even if IT and Physical Security operations remain independent, they can easily share and collaborate as needed for their respective activities within the Enterprise Security Management Platform. I define this as a platform and not another system because in itself the ESMP is not useful without the systems it connects, and it becomes the platform to support operation of the other systems. Think of the ESMP as the webbing that not only integrate these systems, but assimilates them into a robust, unified security solution.

An in-depth discussion of the Enterprise Security Management Platform would take a long time, but there are some key principles that really drive its power.

  1. Systems integrations – Through robust connectivity and data management of enterprise systems, the ESMP can retrieve, present and distribute information between systems and users in real time to provide automated or assisted transactions, and to deliver critical data to operators as needed for monitoring and control.
  2. Policy driven processes – Building on corporate policies already in place, the ESMP allows development of automated and assisted processes to manage and direct administration of system resources, as well as event monitoring, response and control.
  3. Automated workflows – ESMP workflows remove manual actions that can be missed and introduce potential for errors. Workflows can provide notification, direction and auditing where manual activity is required.
  4. Role based assignments – By defining resources, privileges, operations, responsibilities and other operational dependencies based on Roles, errors and omissions are eliminated and administrative efficiencies are achieved.
  5. Enterprise level monitoring & control – Through the integrations with all relevant systems, the highest level of situational awareness is achieved, and event response can be driven across all enterprise systems.
  6. Audits and Reports – With all systems, users, events and actions managed through the ESMP, reports can be created and scheduled to meet any management criteria. Through internal auditing processes, the ESMP alerts staff where risks and compliance deficits exist.

This is not an exhaustive list of how the Enterprise Security Management Platform helps manage operations but hits key concepts that are used to augment the conventional security systems.

The conventional physical and logical security systems such as Surveillance, Access Control and Intrusion Detection all address specific concerns. With the supervisory tools we discussed last time to keep them operating at or near 100%, these systems should be able to accomplish their objectives. However, there are administrative activities that also drive effectiveness. Anyone who has worked with these systems for very long understands that they are only as effective as the administrative work that goes into them. In other words, the Human Factor ultimately determines the success of your systems. Another factor that challenges the conventional security systems is that of technology development. Advancements in technology not only benefit productive endeavors, but also malicious activities that threaten the organization. As threats become more sophisticated, so must our solutions to detect, deter, defend and diminish them.

In the next session, we’ll start to look at some of those risks that can cause anxiety and see how the Enterprise Security Management Platform can help bring them into check and why I believe this is the future of Enterprise Security Risk Management.

Stay tuned…

Click on the Home link at the top to see the previous blogs.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s