Security Systems News

NOV 2018

Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se

Issue link: https://ssn.epubxp.com/i/1043537

Contents of this Issue

Navigation

Page 14 of 36

www.securitysystemsnews.com November 2018 S e CU r ITY SYST em S N e WS Guest Commentary 10 The converged standard would take the following into consider- ation: • Compliance requirements (Defined by industry and business requirements for that industry). • Business process (aligning business processes with compli- ance and the use of technology). • Technology (the proper technology that is best applicable to each industry's needs but fol- lows proper security pro- tocol within the NIST stan- dard). • B e h a v - ior (including a c o m p a n y stance on their overall envi- ronment within IT, OT and PS). Do they want convenience or do they want security? Also, when they do assessments, do they remediate? Within each category, specific weighted questions will be asked and based on the answer (current state), which should be validated thru a third party assessment, a weighted average will be deter- mined. This score will directly affect business entities, vendor qualification, manufacturer capa- bilities, compliance adherence, and network, operational, and physical technology maturity, aligned to both compliance and business operations. The final weighted score will delve into a one-year evaluation of assess- ments that have been done by the entity. The assessments revolve around risk assessments sur- rounding security and compliance within IT, OT and PS. The overall goal is to define the behavior of the company in maintaining and insuring proper measures. Fundamentally, the hope is that the converged weighted score from 1 thru 4 will help companies reduce cost from higher insurance coverage that are rarely based on factual information and tend to push rates higher because of the lack of information received. Most companies rarely share criti- cal information with their insur- ance carriers; therefore, there is no way to determine coverage rates and liability. This standard will also help companies define gaps throughout their organizations and better align correct technol- ogy to both business operations and compliance requirements. Pierre Bourgeix is the president of ESICONVERGENT LLC, a com- pany dedicated to converged assess- ments and sourcing for the security industry. Pierre Bourgeix By Pierre Bourgeix T he g OA l of the converged standard is to align IT, OT and PS (information tech- nology, operational technology, and physical security) with Indus- try Compliance and Regulations and Business Processes. This stan- dard will be defined using NIST standards and using the rate of maturity using CMMI or Carnegie Melon Maturity Index. The standard all fits within the FISMA framework and will help define the overall guidelines for the self- and third-party assess- ment of business entities, includ- ing proper weighting of impor- tance within each of the key areas necessary to define liability to an entity. The inevitable goal is to define a proper weighted score that defines risk and ultimately liability. The goal is the acceptance of this standard by insurance car- riers to define risk limits and the correct liability that companies hold. The roadmap for a converged security standard underway Industry consultant working with NIST to create a standard that aligns physical security, IT and OT

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Systems News - NOV 2018