Magazine article Security Management

The Growing Trend toward Convergence

Magazine article Security Management

The Growing Trend toward Convergence

Article excerpt

A NEWLY RELEASED STUDY shows that having an enterprisewide view of risk rather than an asset-based view helps build a stronger security posture for an organization. The study shows that the convergence of functions that have security implications, whether they are in the IT department or elsewhere, also helps avoid any gaps that may exist when departments are not working together. As a result, the organization is more secure and can quickly resume operations in the event of a catastrophe.


The survey was conducted by Booz Allen Hamilton (BAH) for ASIS International, the Information Systems Security Association, and the Information Systems Audit and Control Association. Thirty-six global companies in a variety of industries, including financial services, pharmaceuticals, biotechnology, and healthcare, with revenues ranging from $1 billion to more than $100 billion, responded to the survey. In addition, BAH conducted follow-up interviews with 14 senior security professionals from responding companies.


What exactly is convergence? For IT professionals and physical security professionals alike, the term is often used to mean simply the integration of physical and computer security assets, such as when an access control system runs across the company network. When that happens, it raises turf and responsibility questions, such as who should be involved with purchasing technology that affects assets traditionally under the purview of two different departments.

But that integration is only one aspect of convergence, which has much broader implications for all security professionals, as well as other executives and workers across an organization.

Timothy L. Williams, CPP, vice president of corporate and systems security with Nortel and treasurer of the ASIS Board of Directors, explains that convergence means having an enterprise security strategy that's integrated across an organization; it's not about organizational charts. "It doesn't matter whether you report to somebody," Williams says. "It's how you functionally work together."

How companies achieve convergence may vary. It could be through a chief security officer (CSO). But former ASIS secretary, Raymond T. O'Hara, CPP, senior managing director with Vance, says, "We're not saying that every organization needs a CSO. It's a nice model from an organizational standpoint, but if it doesn't work with your organization, you can't force that issue."

In fact, the study found that this organizational option--putting all security under one chief--was the "common first choice" among organizations attempting convergence. But it was found to be a "flawed option" whose "rather predictable result" was a decline in the influence of some of the players.

An alternative that works better, according to the study, is a "council of leaders" approach in which "all stakeholders ... use a common language: the language of business units."

ASIS President Jeff M. Spivey, CPP, PSP, explains that this approach allows "security to have access to the decision makers in the C-suite. By having that approach, you're also making sure that the voids that may be there in the silo approach don't exist."

The key is to adopt an enterprisewide view of risk rather than an asset-based view, says Spivey, who is head of Security Risk Management, Inc., in Charlotte, North Carolina. That approach makes it clear that representatives from safety, legal, contingency planning, disaster-recovery groups, and others who may not at first glance appear to have security-related functions need to be working together and sharing information to help the organization be prepared for, and respond to, a disaster. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.