Honeywell - www.honeywellaccess.com
HOME |  LOGIN |  ADVERTISE |  CONTACT
Editorial Calendar  | Media Kit
Back Issues |  Manage my account
 
  • Markets
  • General news Blogs EDITORIAL MARKETWATCH
      Video
    • Resources
    • Digital Editions White papers Careers
      Morrow converges enterprise risk

      DALLAS-At February's TechSec Solutions conference, Dave Morrow, chief security and privacy officer for EDS, moved away from the technical piece of convergence for an hour and focused on a broader view - approached from an enterprise risk management perspective.

      EDS, which is the second largest IT outsourcing firm in the world, merged its IT and physical security departments in 2005 under Morrow's leadership and he presented the benefits and challenges associated with this transition in his closing keynote address.

      The key is "looking at an organization as an enterprise," but that can be difficult in a business that has traditionally viewed physical and IT security as siloed departments, which was the case previously at EDS.

      "There was little in common between these two," Morrow said. "They kind of hated each other."

      Morrow's first course of action was to get management to understand that the entire security team must both protect and enable the business.

      "We took a look at what we were doing as a department and if these things were not benefiting the business, we weren't going to do it anymore," he said.

      Morrow is not just working on this view of convergence at his organization; he is also working with the Alliance for Enterprise Security Risk Management, a group that was formed by ASIS International, ISACA and the Information Systems Security Association and brought together global security professionals with broad security backgrounds and skills to address the increase and complexity of security-related risks to international commerce from terrorism, cyber attacks, Internet viruses, theft, fraud, extortion and other threats.

      AESRM released a report titled, "The Convergence of Physical and Information Security in the Context of Enterprise Risk Management" in 2007 that looks at the benefit of a converged view of security in managing enterprise risk.

      But there are challenges. When Morrow began merging IT and physical security operations, it was difficult to get both departments to think about the other's main concerns. For example, he asked the physical security department to determine the number of laptops that had been stolen in the last month. The personnel came up with the price per laptop and then multiplied the cost by the number of laptops lost. But what about the value of the data stored on the laptops?

      "The departments think differently," he said. "You need to get them using their skills, but thinking on the same level."

      Morrow has seen the gap narrow in the past three years, especially when one of his leaders, "a card-carrying CPP" recently earned his CISM certification.

      "He is proof that it is possible to bring these groups together, they just need to speak each other's language," he said.

      To see video of Morrow's closing presentation, please visit www.securitydirectornews.com/index.php?p=blogs. SDN

      Suggested stories:
    • Congress mulls IEMP threat to critical infrastructure
    • Improving security means selling the business benefits
    • Virtualization in security on the horizon

    • Email to editor | Comments ()

       
      SDN News Info Center
      SOURCE BOOKS
      2009 Systems Integration Source Book
      The value of the systems integrator..p3 What to consider when choosing a service provider..p4 Our list of systems integrators..p6
      2009 IP Technology White Paper
      A virtual roundtable p3... In IP system that is and isn't p.4... It's all HD to me p.6... Yet more convergence p.8... Standard play p.10
      2008 Access Control & Biometrics
      Increased security, convenience and reduced costs boost biometric market...p3 'Finally starting to see tangible results'...p4 Access control & biometrics buyer's guide...p6
      Systems Integration Source Book
      Security directors rely on integration firms to help merge technology, people and processes
      CALENDAR
      March 2010
      NY Metro InfraGard and Extreme Terrorism Consulting are hosting this event to prepare security professionals, first responders, government agencies, businesses, academics, and other citizens on how to detect and counteract terrorist activities. For more information, visit www.nym-infragard.us
      Sands Expo & Convention Center, Las Vegas, Nevada. For more information, visit www.iscwest.com.
      Long Beach, Calif. For more information, visit www.campussafetyconference.com
      April 2010
      Orlando, Fla. For more information, visit http://new-fields.com/3rd_nsssc
      May 2010
      Gaylord Texan in Dallas. For more information, contact Liz Benson at 703.600.2030 or liz.benson@rila.org
      Dallas, Texas. For more information, visit http://events.aaae.org/sites/100501/
      June 2010
      Georgia World Congress Center. Atlanta, Ga. For more information, visit www.nrf.com
      July 2010
      Training opportunity to learn about changes to the Clery Act including changes in emergency response & immediate notification, expanded hate crime reporting. University of Pennsylvania, Philadelphia. For more information, visit http://www.securityoncampus.org.
      Training opportunity to learn about changes to the Clery Act including changes in emergency response & immediate notification, expanded hate crime reporting. Norris Center, Northwestern University, Chicago. For more information, visit http://www.securityoncampus.org.
      August 2010
      Balancing Safety, Security and Spectator Experience. Astor Crowne Plaza, New Orleans, La. For more information, visit www.ncs4.com/conference
      Louisville, Kentucky. For more information, visit www.nasro.org
      September 2010
      Halifax Port, Nova Scotia. For more information, visit www.aapa-ports.org
      October 2010
      San Antonio, Texas. For more information, visit www.apta.com
      Dallas, Texas. For more information, visit www.asisonline.org
      117th annual conference. Orlando, Fla. For more information visit www.theiacp.org
      ADVERTISER INDEX


      Anixter, Inc.
      ASIS
      Avigilon
      Axis Communications
      Brivo
      CBC Group
      Globtek Inc.
      Honeywell
      IAPSC
      Intransa
      ISC West
      L3
      RILA
      Samsung CCTV/GVI Security









      HOME       SUBSCRIBE       RESOURCES       ADVERTISE       CONTACT       PRIVACY POLICY       

      United Publications, Inc.
      © 2010 United Publications Inc.