- Donald E. Hester
Security Convergence Resources
As technology continues to evolve and organizations become more connected, the convergence of physical and IT systems is becoming increasingly prevalent. The convergence of security has been a topic of discussion for many years, and as threats continue to emerge. That's why I have created this post, to serve as a reference for all the useful resources on the convergence of security. As someone with a degree in security management (physical security) with a concentration in information security (cybersecurity), I have been monitoring the trends and debates surrounding convergence for nearly two decades. The federal government has also recognized the importance of convergence, which led to the formation of the Cybersecurity and Infrastructure Security Agency (CISA) a whole agency dedicated to both physical and cyber security. This blog will serve as a centralized location for all the latest information on convergence and how it impacts enterprise risk. I will update this post with new resources from time to time. Contact me if you have other resources you think I should add.
“Since the advent of computer systems and widespread use of the Internet, the function of the information security officer has been artificially separated from the corporate (or physical) security function. Now, in an increasingly networked world, and in the wake of Sept. 11 terrorist attacks, these two security areas are moving closer together. As both private corporations and government agencies struggle with the demands of maintaining a heightened level of security, issues of how information security should interact with physical security move into the spotlight.” - John Pescatore
Anonymous. (1 JAN 2006). To Security Convergence (and Back). CSO. https://www.csoonline.com/article/2120071/to-security-convergence--and-back-.html
Ciabarra, C. (23 FEB 2023). Why Physical Security and Cybersecurity are Converging. Pivot Point Security. https://www.pivotpointsecurity.com/why-physical-security-and-cybersecurity-are-converging/
CISA, (22 DEC 2021). Cybersecurity and Physical Security Convergence Action Guide. https://www.cisa.gov/resources-tools/resources/cybersecurity-and-physical-security-convergence-action-guide
Computer Security Journal (Vol XIX Number 1) Winter 2003
Crowell, W., Contos, B., DeRodeff, C., & Dunkel, D. (2007). Physical and Logical Security Convergence: Powered By Enterprise Security Management (1st ed.). eBook ISBN: 9780080558783. https://amzn.to/3MzAtfR
Deloitte. (10 NOV 2022). Physical Security: The Shift in Perspective. Deloitte Perspectives. https://www.deloitte.com/global/en/services/risk-advisory/blogs/physical-security-the-shift-in-perspective.html
Douglas, C. (28 SEP 2021). Cybersecurity needs a significant place in the emergency management matrix. Security Magazine. https://www.securitymagazine.com/articles/96242-cybersecurity-needs-a-significant-place-in-the-emergency-management-matrix
Egli, C. (15 NOV 2022). Know the Physical Risks Introduced by Potential Cyber Vulnerabilities. WaterISAC. https://www.waterisac.org/portal/know-physical-risks-introduced-potential-cyber-vulnerabilities.
Gates, Megan. "Convergence: Physical Security and Business Continuity Meet their Moment." Security Management, November/December 2022, https://www.asisonline.org/security-management-magazine/articles/2022/11/convergence-physical-security-and-business-continuity-meet-their-moment/.
Goodchild, J. (31 MAY 2010). Enterprise risk management: all systems go. CSO. https://www.csoonline.com/article/2125218/enterprise-risk-management-all-systems-go.html
Henriquez, M. (3 JUN 2020). The Need for Cybersecurity and Physical Security Convergence. Security Magazine. https://www.securitymagazine.com/articles/92518-the-need-for-cybersecurity-and-physical-security-convergence
Hunt, S. (1 MAR 2010). Convergence: The Semantics Trap. CSO. https://www.csoonline.com/article/2135065/convergence--the-semantics-trap.html
Lohrmann, D. (5 SEP 2021). Why Should You Merge Physical Security and Cybersecurity? Government Technology. https://www.govtech.com/blogs/lohrmann-on-cybersecurity/why-should-you-merge-physical-security-and-cybersecurity
Messmer, E. (13 JAN 2010). Debate rages over converging physical and IT security. Network World. https://www.networkworld.com/article/2241458/debate-rages-over-converging-physical-and-it-security.html
National Infrastructure Advisory Council (NIAC), (16 JAN 2007) The NIAC Convergence of Physical and Cyber Technologies and Related Security Management Challenges Working Group, Final Report and Recommendations by the Council. https://www.dhs.gov/xlibrary/assets/niac/niac_physicalcyberreport.pdf
National Security Telecommunications Advisory Committee draft report to the President, Information Technology and Operational Technology Convergence (DEC 2022) https://www.cisa.gov/sites/default/files/publications/Draft%20NSTAC%20IT-OT%20Convergence%20Report%20%288-12-2022%29_508_0.pdf
Optic Security Group. (15 DEC 2019). What is Converged Security? [Whitepaper]. Updated 18 OCT 2021, https://www.opticsecuritygroup.com/post/whitepaper-what-is-converged-security
Shegerian, J.S. (2013). Security Convergence: Blurring the Lines Between Physical and Cybersecurity. Security Magazine. https://www.securitymagazine.com/articles/84419-security-convergence-blurring-the-lines-between-physical-and-cybersecurity.
Slater, D. (5 DEC 2005). Physical and IT Security Convergence: The Basics. CSO. https://www.csoonline.com/article/2117824/physical-and-it-security-convergence--the-basics.html.
Slater, D., & Brandel, M. (1 MAR 2013). ERM: The basics. CSO. https://www.csoonline.com/article/2133044/erm-the-basics.html
Threat Post. (25 JUL 2022). Why Physical Security Maintenance Should Never Be an Afterthought. https://threatpost.com/physical-security-maintenance/180269/
Tourney, M. (20 JAN 2021). How to Enhance Physical Security for Government Buildings. StateTech. https://statetechmagazine.com/article/2021/01/how-enhance-physical-security-government-buildings