Slashdot Mirror

← Back to Stories (view on slashdot.org)

Physical and Network Security Merging?

Posted by michael on from the etherkiller dept.

MonMotha writes "CSO reports that physical and network security may be merging in an effort to eliminate redundant jobs, create a more secure security plan, and make security procedures more standardized across the company. This would seem to be a logical step forward as businesses become more and more dependent on their computers, and as the old adage goes, an attacker with physical access already has you owned."

2 of 132 comments (clear)

  1. ISC^2 already defines this by phreakmonkey · · Score: 5, Informative
    ... as the article points out. To me, the bigger relevation to "geeks" here should be that information security is about a lot more than OS vulnerabilities and firewalls.

    The International Information Systems Security Certifications Consortium (ISC^2) defines ten domains of information security.

    Physical Security is one of them... a big one. So is network security, auditing, forensics, and liability, amongst other things.

    Anyone interested in the relations of risk management and physical/information security should aim their research towards ISC^2 related documentation.. in addition to being fairly comprehensive you will be better prepared when you become experienced enough to apply for your CISSP certification. ;-)

    (ISC^2 can be found here)

    -PM

  2. Re:Bad idea by Col.+Panic · · Score: 3, Informative
    If you want a CISSP you will have to learn something about physical security. You will also have to learn about all the other parts of the CBK, including:

    Access Control Systems & Methodology

    Applications & Systems Development

    Business Continuity Planning

    Cryptography

    Law, Investigation & Ethics

    Operations Security

    Physical Security

    Security Architecture & Models

    Security Management Practices

    Telecommunications, Network & Internet Security