Physical Security and Cybersecurity: A Critical Connection for CISOs
The Importance of Physical Security for CISOs
For Chief Information Security Officers (CISOs), the physical security realm is crucial because most modern, physical security systems and controls are somehow connected to IT – from badges and keycards to video surveillance. If an unauthorized physical access occurs, it can lead to subsequent cyber attacks and data breaches. Therefore, it is in the interest of every security decision-maker to take measures to control access to these assets.
The Role of CISOs in Physical Security
This does not mean that CISOs should be responsible for all physical security tasks. While it may work for some smaller companies to combine the roles of CISO and Chief Security Officer (CSO), this is not a viable option for many large companies, as explained by Max Shier, CISO at Optiv: “If there are regulatory requirements or it’s about larger companies, it may not make sense to combine the areas of cybersecurity and physical security. The resulting responsibilities – for example, managing a security guard service for production facilities or bodyguards for executives – could quickly overwhelm cybersecurity teams depending on workload and capacity.”
Communication and Coordination between Physical and Cybersecurity Teams
If combining the roles is not an option, Howard Taylor, CISO at Radware, knows what to do: “Then, communication and coordination with physical security teams are crucial for CISOs to achieve their goals. These should be integrated into planning processes for business continuity, disaster recovery, and physical facilities and equipment. Additionally, it must be ensured that the resulting physical measures are legally sound – for example, that footage from surveillance cameras does not violate data protection regulations.”
Conclusion
In conclusion, physical security and cybersecurity are interconnected and critical components of a comprehensive security strategy. CISOs must recognize the importance of physical security and take measures to control access to assets, communicate and coordinate with physical security teams, and ensure that physical measures are legally sound. By doing so, they can effectively mitigate risks and protect their organizations from cyber attacks and data breaches.
FAQs
Q: Why is physical security important for CISOs?
A: Physical security is important for CISOs because most modern, physical security systems and controls are connected to IT, and unauthorized physical access can lead to subsequent cyber attacks and data breaches.
Q: Can CISOs be responsible for all physical security tasks?
A: No, combining the roles of CISO and CSO may work for some smaller companies, but it is not a viable option for many large companies due to the resulting responsibilities and workload.
Q: How can CISOs communicate and coordinate with physical security teams?
A: CISOs should integrate physical security teams into planning processes for business continuity, disaster recovery, and physical facilities and equipment, and ensure that physical measures are legally sound.
Q: Why is communication and coordination between physical and cybersecurity teams important?
A: Communication and coordination between physical and cybersecurity teams are crucial for CISOs to achieve their goals and effectively mitigate risks and protect their organizations from cyber attacks and data breaches.
