FPS

Just last week, I wrote about the convergence between IT and physical security after Gareth Webley, the keynote speaker at TechSec Solutions, discussed his effort to consolidate security and IT during his tenure as the chief security officer of National City Corporation.

Well, apparently everyone wants to jump on board. I just received a press release from ASIS International announcing that this year's conference in Orlando (Sept. 19-22) will co-locate with (ISC)², a large membership body of certified information security professionals. (ISC)² (not to be confused with ISC West and ISC Solutions) will hold their first annual Security Congress in conjunction with ASIS International. According to the release, the two associations will share educational programming, which I think could be great for security practitioners who may feel intimidated by IT folks and their techie talk.

Why did ASIS make this move? Here's what Ray O'Hara, the president of ASIS, has to say:
“This agreement reflects the rapidly evolving, converging roles of the information security and traditional security professionals within the global business marketplace,” stated O’Hara. “By strategically aligning our organizational resources, our combined memberships of more than 100,000 professionals gain access to core knowledge and best practices across the full spectrum of information and traditional security. The opportunity to connect with one’s security counterpart and to build a solid practitioner network is one of the most valuable benefits to be derived from this relationship.”

It seems fair to say that the more physical security practitioners know about the world of IT, the more valuable they will be to their respective organizations. I'll be leaving room on my schedule to check out some of these educational programs - you should, too.

During recent discussions with retail professionals, I've been trying to determine  the level of concern regarding cybersecurity. I realize that it's largely an IT issue, but with all the talk of convergence between IT and physical security, I wonder how long we can silo cybersecurity?

Here is a great article by Wired.com about the security breach at Wal-Mart in 2005 and 2006.

Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.

At the same time, the attacks on stores like TJX, Barnes & Noble and other stores were happening, which resulted in more than 100 million stolen credit card accounts. In case you missed it Albert Gonzalez plead guilty this month to carrying out many of those breaches with other hackers, and is facing 15-25 years in prison.

BUT, here's the sentence that caught my physical security attention:

The intruder had reached the machine through a VPN account assigned to a former Wal-Mart worker in Canada, which administrators had failed to close after the worker left the company.

That's a physical security issue, is it not?

Well, after a very busy week I am back in the office and had the chance this morning to go over some more video from this week's TechSec Solutions conference. We've compiled some clips from Wednesday's educational sessions and exhibit hall as well as an interview from one of our attendees.

I just wanted to take the opportunity to thank everyone who attended this year's event – it could not continue to be a success without the support of our sponsors, speakers, exhibitors and attendees.

Until next year ...