While departments within a corporation can vary depending on their industry, there are still core departments that make up the heart of a company including operations management, finance, human resources, marketing and IT. Security departments are similar in that they differ based on the market they are serving but there are still consistencies within the anatomy of corporate security. Many enterprises separate their security departments into physical security and information security, where adopting a converged security approach might be a more effective way to protect a company’s important assets.
Physical security involves protecting a wide range of assets such as people, places, and things. There are a variety of methods that fall into the bucket of traditional physical security including key cards, security personnel, and electronic surveillance cameras. While these are all key tools for many physical security departments, physical security teams fall short in adapting to the evolving digital landscape.
It is only becoming apparent to physical security departments that they can benefit from the digital landscape. There is a wealth of pertinent information available across the Surface, Deep and Dark Web that provides companies with relevant threat intelligence. Leveraging intelligence from digital sources will aid in the planning and preparation process as well as increasing their situational awareness.
Information security, often referred to as InfoSec, differs from physical security in that it is concerned with protecting information rather than physical assets such as employees and facilities. Information security involves preventing and mitigating risks that could lead to the theft, modification, and exposure of sensitive business information. Since this information generally lives on the Internet, information security teams have a stronger understanding of the importance of incorporating threat intelligence into their security strategy. This is why many information security teams have an allocated budget and a better chance of adopting threat intelligence and risk detection platforms compared to physical security teams.
Risks are not always the concern of one department which means operating in silos is no longer the most efficient approach to security. In many instances, a lack of physical security could lead to an information breach or vice versa. For example, if a physical copy of a document is left exposed by a negligent employee, someone can steal the document and leak any sensitive business information. In this scenario, it was a physical security threat that lead to an information security breach.
Convergence involves the conjoining of physical and information security departments to resolve a threat or operate completely as the same department. Shifting to a converged security strategy will better allow security teams to take a holistic approach to threat intelligence, allowing for more effective investigations.
Figure 1 – Stages of maturity in adopting a converged security strategy
It’s widely recognized that convergence is integral to the constantly evolving threat landscape but has yet to be adopted by many security teams. Two of the main factors that act as blockers to prevent convergence from being adopted fully include security maturity level in the corporation and leadership.
Corporate security maturity can be broken up into 4 main stages, as shown in Figure 1. In the early stages, the company has one dedicated security department that fails to distinguish between physical or information security strategies. As the company increases in maturity, two well-defined departments are created that separates physical and information security activities. In the final stages, the departments are now working together and convergence is regularly practised.
While the maturity level of security plays a part, at the end of the day it’s up to leadership to understand and encourage the merging of departments. Since two departments working together is more effective than operating in silos, it’s integral that the leadership team understands how to support this transition and ensure that it is well adopted.
The intelligence cycle is both a theoretical and practical model for conducting intelligence processes. This process can be applied to any form of investigation or research to produce consistent results. Although there are many variations as this model has been used since the period of the Cold War, the cycle generally consists of the six steps shown in Figure 2.
Figure 2: The Intelligence Cycle
Since physical and information security often differ in the assets that they are trying to protect, the intelligence cycle looks different for both respected verticals. Media Sonar has worked closely with both physical and information security teams to apply the intelligence cycle for more effective investigations.
Physical Security Example
Problem: The head of corporate security reported that their company was planning to build a facility in another country which required more enhanced protection of their executive team. The intelligence cycle was applied to create a more effective plan.
1. Planning & Direction
Senior leaders need intelligence on security risks around the planned location. The security team needs to create a report on crime, terrorism, and natural disaster risks for the country of interest.
The head of the intelligence team finds raw information from local media reports, law enforcement records, and credible disaster risk databases.
Processing the information involves considering the reliability of the source and convert the initial information into easy-to-digest graphs.
4. Analysis & Production
In this step, the head of intelligence had to decide which information to use. From here, they are able to compile a report of the key findings.
The report is then submitted to the company’s key decision-makers and executive team.
6. Evaluation & Feedback
The head of corporate security then follows up in two weeks time to determine how the report was received and make any necessary changes to the document.
Information Security Example
Problem: The corporation has a policy on keeping information secure on its employees’ computers and wanted to review their process to ensure it is effective. The intelligence cycle was applied throughout this process.
1. Planning & Direction
The policy is reviewed and the company acquires technology to create an internal database.
The database is filled with indicators of compromise (IOCs) and known threats from internal sources. They were able to uncover previously flagged emails, who sent those emails, and possible malware that was attached. They also gathered information from external sources such as open threat exchange (OTX) and industry-specific information sharing exchanges.
After the company gathers information from both internal and external sources, the endpoint detection and response (EDR) software is used to monitor all computers and to cross-reference the threat intelligence database. When something is detected, the incident is flagged by a security information and event management (SIEM) software that generates an alert.
4. Analysis & Production
The SOAR platform is then able to take the alert and walk the security team through a playbook on how to resolve the issue. The team generates an incident report on what was detected, the risk involved, and how it was dealt with. An information exchange (STIXX) file is then generated.
The incident report is then shared with internal stakeholders and the STIXX file is uploaded to external threat exchanges.
6. Evaluation & Feedback
The policy is reviewed by stakeholders and decision-makers and any amendments to the policy are made.
Where does Media Sonar fit?
Media Sonar is a threat intelligence and risk detection software that offers solutions to help both physical and information security teams. Our platform offers protective intelligence for corporate security teams who are looking to meet the needs of:
- VIP Protection
- Brand Protection
- Travel Intelligence
- Event Intelligence
- Due Diligence & Investigations
- Facility Protection
- Insider Threat Protection
- Intellectual Property Protection
Building off the idea of converged security, Media Sonar offers case management tools and collaborative workflows to make the transition to convergence easier. This allows physical and information security teams to work more efficiently together with the same goal in mind – protecting the company’s important assets. Our platform was created with security teams in mind and will continue to evolve to meet the needs of the ever-changing security landscape.