Data breach? Call IT, and physical security

Sunday, October 21, 2007

With data breaches costing companies billions of dollars -- The TJX Cos., the merchant behind the largest data breach in history, reported that it lost 46 million credit and debit card numbers -- more businesses are focusing in on the protection of critical data. But what role does an organization's physical security department play in this?
According to recent research conducted by Security Director News, 59 percent of security practitioners reported that they are part of the investigative team if a data breach occurs at their company. Nearly 80 percent of respondents said they believe physical security professionals should be part of the process after such an incident occurs.
Keith Blakemore, director of corporate security at W.W. Grainger said the company's department is part of a cross-functional data breach response team.
But why -- if the breach is purely data related? What value does a corporate security department without IT functions bring to such an investigation?
Robert Mercado, manager of corporate security of Oberhur Card Systems, said physical security should assist in the investigation to help put data together and write a complete investigation report, as well as develop recommendations to prevent further breaches.
"In today's day and age, 'security' should not be viewed in silos," said Kevin Schatzle, chief security officer/global head, IDT Corp.
Even so, John Williams, director of security at Prince Williams Hospital, said that although there is a tendency to think of the security department as untechnical, many who have studied network security are aware of system protection measures and can assist in an investigation.
Bram Bottfeld, director of security for Bank Atlantic Center, said today's security director has to be a broad generalist and that includes being knowledgeable about IT processes.
"Security must walk hand in hand with so many departments but now, IT, as never before, is critical to the security program due to all the possible thefts and access problems that can occur," he said.