|
|
Our
Mission...
|
|
At Talon
Executive Services, Inc. we pride ourselves in
providing the highest quality professional
security service to business and industry, without
the prohibitive costs commonly associated with
such services. TALON is fully licensed and
insured, and is unequaled in professionalism,
training, experience and
integrity. | |
|
By: Todd Stefan, Director of Information Security Services
Physical security and information security are
typically considered to be as different as night and day, with very little in common. However,
organizations that are merging the two worlds of physical and
information security are considered forward thinking, as they are better able to
execute a complete security strategy. It is becoming apparent that combining
both physical and information security into a holistic risk management
program results in more thorough overall security, stronger integrated
functionality, and economies of scale.
As the physical and information security worlds collide, these forward
thinking organizations are moving towards a single, enterprise-wide
approach to risk management with the goal of finding the proper balance between
protective security measures and an acceptable level of risk. Many
factors are encouraging this trend, including:
1. Shareholders require that security risks be handled in a manner
consistent with the overall business strategy
2.Security costs must be managed, which can be achieved through the use of
common solutions and/or common elements in different solutions,
resulting in increased efficiencies and decreased costs
3.The impact of laws and regulations, especially privacy and
security laws, that effect all business processes
Stronger security is precisely what the Health Information Portability
and Accountability Act (HIPAA), the Gramm Leach Bliley Act, and the
Sarbanes-Oxley Act, all of which deal with unauthorized privacy
disclosures and security breaches, are attempting to achieve. Organizations that
must comply with these regulations must embrace the integration of their
physical and information security programs to ensure that they are in full
compliance. It is critical to realize that security programs are only
as strong as their weakest link.
An enterprise-wide security program is most thorough when comprised of
protecting both physical and information resources and should include
data protection and privacy, disaster recovery plans, and business
continuity plans, as well as physical security. The goal is to align people,
processes, and technology to provide an integrated approach that
reduces the risk to the organization as a whole.
Holistic security results in strengthened integrated security and
privacy from stronger authentication, more granular authorization, better
auditing,faster provisioning, combined physical and logical intrusion detection,
and more comprehensive incident response. In addition, by combining
physical and information security, organizations are better are able to
integrate networks, systems, and the storage of mission-critical information.
Although the task of integrating a holistic, enterprise-wide security
program that successfully combines both physical and information
security to ensure that all important assets are properly protected is daunting, it
is possible to do so in a manner that does not disrupt normal business
operations but instead generates great value. The first step in combining
both physical and information security should involve the performance
of a Risk and Vulnerability Survey to facilitate a baseline understanding of
the organization's exposure to risk, both physical- and computer-based, and
identify the many dimensions of threats that the organization is
exposed to. In addition, it is also necessary to assess if business functions are
secure and can survive in a hostile environment, as malicious attacks,
manipulation, and fraud are ongoing threats and the reality of organizations
in today's world.
Upon close examination, physical and information security programs
possess numerous points for integration, which is increasingly called upon by
risk managers, corporate counsels, and senior executives. When holistic
security is realized, organizations benefit greatly from the convergence of
physical and information security. With the growing and dramatic nature of the
risks threatening the security, stability, and operation of organizations
across a wide spectrum of industries, no aspect of security can afford to be
overlooked.
|
