Branden Williams' Security Convergence Blog

TechNewsWorld has an article discussing Security Convergence written by David Ting, founder and CTO of Imprivata. It's a good overview of how physical and IT access controls can be merged and leveraged.

Posted by Jeff Pettorino at 08:46 AM | Permalink | Comments (0) | TrackBacks (0)

Enterprise Security Today article

IBM Corp. hopes to capitalize on the enormous growth in video surveillance by selling technology from its research labs that performs real-time analysis on footage captured by security cameras in stores and sensitive locales.

Posted by Jeff Pettorino at 11:30 AM | Permalink | Comments (0) | TrackBacks (0)

One of the leading truths about systems security (relating specifically to computers, network equipment, etc.) is that if you have physical access to the box you are trying to attack/hack/infect/subvert then you win. It's not a matter of IF you can access, but how quickly. If you can't physically secure the system from unauthorized parties, it is (or should be considered) unsecured in any manner.

It looks like the election commissions in New Jersey doesn't know this lesson, yet. I can imagine they are used to having equipment delivered before the election, to help facilitate quicker set up on election day (all the fancy little booth/table things, registration tables, etc.) But when the equipment is digital voting machines (aka computers) that the integrity of the entire digital voting process is based upon, then they should be considered sensitive and require security measures.

Now maybe I don't have the whole story; perhaps these systems don't have any hard drives, ROM memory, etc. Maybe they are non-functional shells, and the "important bits" get installed on the morning of election day. However, if I lived in New Jersey I'd be a little concerned.

Posted by Jeff Pettorino at 05:39 PM | Permalink | Comments (0) | TrackBacks (0)

Welcome to the Security Convergence web log. Why security convergence? Well, before I get into the "why" I think it's important that we discuss the "what". Specifically, I mean the "What is 'security convergence', anyway?"

I am glad you asked...

security noun, plural -ties, adjective
- (noun) something that secures or makes safe; protection; defense.
- precautions taken to guard against crime, attack, sabotage, espionage, etc.
- a department or organization responsible for protection or safety.
- (adjective) of, pertaining to, or serving as security.

converge verb, -verged, -verging.
-(verb) -used without object to tend to a common result, conclusion, etc.
-(Synonyms) approach, focus, come together.

So that's nice, I can cut and paste. But what does it mean? With todays emerging threats, focused attacks, bot nets for rent, and compliance issues, the people who make decisions need information, and that information needs to be in the same language. In the different facets of "security" we haven't always done that very well.

Physical or "3G" Security (guards, guns, and gates), Audit and Compliance (accountants, auditors, people who know what we mean by "SOX"), and Network/Information/IT Security (the geeks, CISSPs, and the ones with Wi-Fi antennae on their cars) all need to understand how we each measure risk. We all need to speak the same language when reporting the state of events. And we need to work, if not directly together, along the same lines and with awareness of our cross-over responsibilities.

It's a brave new world. Network engineers working on physical proximity problems, security officers investigating user credential issues, and many more things. We'll be discussing these things and more on a regular basis. I hope you come back and participate.

(("security." and "converge." Dictionary.com Unabridged (v 1.0.1). Based on the Random House Unabridged Dictionary, © Random House, Inc. 2006. 02 Nov. 2006. http://dictionary.reference.com/browse/security http://dictionary.reference.com/browse/converge))

Posted by Jeff Pettorino at 04:23 PM | Permalink | Comments (0) | TrackBacks (0)