We live in a time of vast change, and it appears that things are only going to accelerate. As a result, the field of security management is vast and growing each day. From supervising security guards at a retail park to managing state-of-the-art surveillance equipment, security management is as extensive and challenging as they come.
Bottom Line Up Front (BLUF)
- The traditional definition of security management, which emphasizes physical security, is outdated due to the ever-expanding importance of cybersecurity.
- The need for a comprehensive approach to enterprise security will continue to grow as organizations continue to integrate cyber into physical systems.
- In a high cyber threat environment, frameworks such as the NIST Cyber-Physical Systems Program will continue to help organizations adopt a more efficient cyber-physical model.
Subscribe to the @DavidSecurity blog to receive the latest security management insights.
What is security management?
Security management is a broad term that encompasses everything from coordinating security guards at retail parks and commercial buildings to integrating high-tech security management systems to safeguard an organization’s data.
At the end of the day, security management focuses on the process and systems that enable security managers to identify and mitigate potential threats to their company effectively.
What is security management…really?
The traditional definition of security management, which emphasizes physical security, is outdated due to the ever-expanding importance of cybersecurity.
Even before this great digital acceleration that is before us, security thought leaders were telling us that the blend of physical security and cybersecurity was a pattern that was only going to accelerate.
Speaker and Cybersecurity Consultant Scott Klososky, made a persuasive presentation back in 2017 at the Future of View conference where he explained to the audience that the line between physical security and cybersecurity would all but disappear in the near future as the majority of security firms would blend the two fields into one.
Cybersecurity and Physical Security Convergence
A few years ago, the concept of cyber-physical security convergence was trendy. Today any forward-thinking physical security professional knows that an organization’s security is compromised without a solid cybersecurity plan.
The fact is that physical security is highly dependent on cybersecurity and the reverse is also true. Physical security systems are connected to the internet, and without a strong cybersecurity posture, access control systems, as well as surveillance and perimeter security, are vulnerable to cyber-attack or worse.
NIST Cyber-Physical Systems Program
Frameworks such as the National Institute of Standards and Technology (NIST) Cyber-Physical Systems Program will continue to assist firms in adopting a more efficient cyber-physical model in a high-threat environment.
The NIST 800-171 standard lays out government guidelines for the storage, security, and transfer of sensitive data, making it essential to a company’s compliance efforts.
Security management will continue to evolve as threats, and vulnerabilities get more sophisticated over time. Gone are the days when a physical security professional could only focus on traditional physical security systems without regard to the cyber component of operations.
Organizations that adopt the physical-cyber hybrid approach to security will better align their ability to detect and defend against an attack regardless of whether it is cyber or physical.