Physical and Logical Security Convergence                       

Powered by enterprise security management               
                Copyright © 2007 Elsevier Inc. All rights reserved        
                                              
Author(s): Brian T. Contos, CISSP, William P. Crowell, Colby DeRodeff, GCIA, GCNA, Dan Dunkel, Dr. Eric Cole and Regis McKenna                                
ISBN: 978-1-59749-122-8

Edited by

• Eric Cole, Independant network security consultant and speaker, USA
  

By

• William Crowell, Former Deputy Director, National Security Agency
• Brian Contos, CISSP, Chief Security Officer, ArcSight Inc.
• Colby DeRodeff, GCIA, GCNA Manager, Technical Marketing, ArcSight, Inc., CA
• Dan Dunkel, President, New Era Associates, LLC., Dallas/Ft. Worth, TX, USA
  

                                Government and companies have already invested hundreds of millions of dollars in the convergence of physical and logical security solutions, but there are no books on the topic.This book begins with an overall explanation of information security, physical security, and why approaching these two different types of security in one way (called convergence) is so critical in today’s changing security landscape. It then details enterprise security management as it relates to incident detection and incident management. This is followed by detailed examples of implementation, taking the reader through cases addressing various physical security technologies such as: video surveillance, HVAC, RFID, access controls, biometrics, and more.

Audience
System and security administrators as well as operational managers for physical security and information technology departments in public and private organizations are the primary audiences for this book. Additionally, it is valuable for any individual or organization that needs the technical knowledge to converge the historically disparate professions of information technology and physical security. Finally, it is valuable to any group desiring greater operational efficiencies and a reduction in overall risk in regards to: hackers, terrorist, organized crime, nation-state threats, malicious insiders, malicious competitors, and other criminals.


Reviews               
                                                                                                                        Security in the post 9/11 world is about much more than just guns, guards and gates. The authors make a tremendous contribution to today's security debate by offering thoughtful and sensible recommendations that will help any reader understand the challenges of the networked world we now live in.- Roger Cressey, NBC News terrorism analyst Written for both practitioners and managers, the authors provide the necessary background information as well as copious technical detail, and they round it out with a view of the converged security future. Numerous real-world examples and case studies are interwoven throughout the text, providing ample evidence that convergence is happening, but it is also hard to do well. Take advantage of the years in the government and commercial arenas that the authors have, their knowledge of current and emerging technologies, and their insight on other's successes and failures.- Dr. Jim Jones, CISSP, Senior Scientist, SAIC In my opinion the authors do an exceptional job explaining the need for more comprehensive approaches to achieving operational risk management within business and governmental organizations. The authors clearly demonstrate why convergence of physical and logical security is a natural evolution with significant advantages to all participants.- Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute The consistent and persistent message in this book is needed and well presented Corporate executives must understand and implement converged security or get left behind. This message is presented using a nice balance of historical examples and contemporary business issues and case studies. The authors make their points by presenting information from the public, and government perspectives. Thus, this book is appropriate for any leader in the field of security (physical or IT).- Dr. Terry Gudaitis, Cyber Intelligence Director, Cyveillance Physical & Logical Security Convergence: Enabling Rick Management in the Trusted Enterprises takes an in-depth look at how the issue of convergence is impacting enterprise security, particularly from the insider threat perspective. Solutions are commonly a reaction that lag behind evolving threat, be they technology or management focused. In the new world, we need bottom up approaches that converge solutions that keep up with evolution. This book is a primer for convergence in an evolving rish environment.- Dr. Bruce Gabrielson, NCE, Associate, Booz Allen Hamilton This book will be an invaluable guide to anyone involved in guiding security convergence or simply wanting to understand the power and benefits of convergence.-Mark Fernandes, Senior Manager, Deloitte

                        Contents               
                                       

• 1. Introduction 2. Physical Security History 3. What is Convergence and Why Do We Care? 4. Examples from the Media, Interesting Stories 5. Identity Management and & Access Control 6. Video Surveillance & Video Analysis 7. Selling Security: R.O.I. & Enterprise Deployments 8. The New Security Organization: The Trusted Enterprise 9. ESM Architecture 10. ESM Log Collection 11. ESM Event Processing, Real-Time Analysis, and Response 12. ESM Event Storage and Forensic Analysis 13. Bridging the Chinese Wall 14. Physical Controls 15. Video Surveillance - Data Center Snapshots - Video Surveillance - Tailgating 16. Environmental Controls - Dell, NetBIOS 17. Oil and Gas: SCADA 18: Final Thoughts