The attempt of an organization to construct an efficiently converged system entails the merging of several aspects into a single holistic solution. As a result, convergent security refers to the process of combining several security elements to improve overall security performance. A converged security system combines traditional security measures, such as physical security, with modern systems. As a result, tying these two pieces together ensures improved functionality and integration. A system, according to Board (2017), should be able to manage its physical and logical security in order to gain greater efficacy and control. Therefore, convergence combines measures that are built to protect IT facilities and equipment from threats that are physical such as theft and vandalism. Moreover, convergent security covers all loopholes to create a robust security system that is impenetrable.
Information security entails the guarding of information by ensuring privacy and integrity of data. Firewall as an instance of security measures refers to software that is used to protect networks from unauthorized access and intrusion of malware. Firewalls use filtration of packets to allow entry and exit of data in a system. They may also have encryption features as an added security measure. Encryption involves the process of converting information into unreadable characters (Dubin et al., 2016). Likewise, an encryption key is usually designed to convert data into a cipher. Encryption makes use of passwords or algorithms in securing data. Encryption, therefore, forms one of the safest ways of guaranteeing the security of information.
The primary aim of information security is to ensure that the information is available and authentic. It establishes permissions to warrant that data is not modified or transferred without privileges (Karovič, 2015, p.134). Information security uses digital signatures to ensure that information authenticity is maintained. It also prevents interception of data during transmission.
As another security feature, Technical Surveillance Counter-Measures (TSCM ), involves the evaluation of a system to pinpoint hazards and weaknesses. TSCM entails the examination of both electronic and physical elements to control access and identify security weaknesses. Equally important is the issue of risks mitigation in determining risk gaps.
On the other hand, personnel security refers to the training and proper selection of employees. It is a management practice that ensures responsibilities are awarded carefully to the employees. Training and vetting of employees are essential, primarily when employees handle sensitive duties. Personnel management enables proper dissemination of information and streamlined operation.
Therefore, the concept of converging security is an excellent way for an enterprise to achieve more security functionality from its systems. Merging of all security system guarantees that an organization focuses its security towards the areas with lapses while at the same time securing other places. Undeniably, risks in security often come from different sources. With convergence, the organization can be able to cover different areas with a more unified approach as compared to when physical and or electronic securities are working separate (Rudowski and Tarnowska, 2016, pp.389-400). Converging of security system gives an organization an edge when carrying out a security audit because it is always easier to identify areas of weakness when all the security resources are harmonized.
Furthermore, the advantage of having a converged security system is; it is possible to have total control of the anticipated risks. Most IT organization’s risks and threats are usually fraud, data loss, physical intrusion, and hacking. A converged approach will always include a strategic assessment of all risks. Also, it works to cover the areas of risks depending on the potentiality of happening.
The primary aim of converging security systems is securing all points of threat and vulnerability. In information communication systems the security processes have to be dynamic to cover hardware, software, and networks all at the same time. The deployment of security measures to these three areas may face challenges when not linked (Mahapatra et al., 2017). Therefore, a converged approach is vital to counterbalance each security need.
Purposefully, this new form of security can be achieved by not necessarily merging departments as it is easier only to integrate processes. The option to converge security should always be driven by a security audit, which identifies potential disasters. This integration of core processes should be an effort to streamline operation.
The convergence of security is an evolving security solution, which is an improvement from the unintegrated security systems. It is cost effective because it merges physical and logical security measures. Also, the converging of all security component from standalone systems provides efficiency and easier control of security apparatus. The process of setting up a converged system involves strategic planning. This can be done by examining the personnel, premises, security measures and the security apparatus. The design procedure can be divided into eight steps namely:
Setting goals and objectives
Threat analysis
Vulnerability study
Security design solution
Acceptance process
Bid Management
Award and implementation
Review test and user training
Setting Goals & Objectives
An organization’s concern for security is paramount. Business executives should frequently meet to set goals and review the business security performance. Having correctly defined goals can help in the management of progress, supervision of objectives and improvement of security integration as well as assist the company in creating future security measures.The process of formulating goals and objectives begins with a meeting to review current security practices and setting targets for the future.
Loia, D’Aniello, Gaeta, and Orciuoli (2016, pp.127-143) assert that projecting future outcomes is the first process in building a strategic plan. Therefore, the evaluation of existing security measures and precedented risks help an organization establish what is required to move to another step, which constitutes the setting of goals and objectives. After a meeting with the company management where risks are assessed from a security audit, the company should set a review for future threats and vulnerabilities to establish counter security policies in the business enterprise.
The goals of a security audit are to examine past security flaws and prevent them from repeating. The importance of having a security audit is for the executive to decide on how to allocate resources for the objectives and goals. Furthermore, understanding future security concerns prevent a business enterprise exposure to threats. A converging security system, for instance, has all the physical and logical security systems which are adequately and individually assessed to identify its strength and weaknesses. When converged, security apparatus has to be specific to cover all threats currently as well as in the future. Also upon convergence, the progress should be measurable to evaluate the progress and make desired changes for optimal performance. Moreover, a convergent system should have specific objectives to be achieved within a realistic timeline.
Threat Analysis
Threats amount to anything that may pose a risk to a business enterprise. Threats may be physical and electronic or both depending on the nature of the business. Threats must be scrutinized to understand the risk that an organization may experience. Security threat analysis is the procedure in which external and internal knowledge is used to determine any vulnerability that a system will experience (Norman, 2016). With regards to the convergence of security, examination of threats and vulnerabilities ensures that there is a smooth transition from the previous security system to a converged security system. The desired result of a threat analysis is focused on the maximization of the protective capabilities while using the minimum resources possible.
As the first protocol, the scope of all the elements covered has to be identified with their level of sensitivity. Data is then collected on threats to evaluate their potential. Security standards dictate that a threat assessment has to have considerations for even the minimum threat posed. Therefore, an analyst has to account for even the smallest possible risk that can be accrued by an enterprise. Data forms a significant element when carrying out threat evaluation. Therefore, the incorporation of data -policies- into a threat analysis helps an organization determine the level of exposure and previous measures that were taken.
Threat analysis inspires confidence into a security system because an analyst will know about potential attacks before their happen. As a significant move, the management can put measures in the minimization of possible damage from these attacks. Correspondingly, building a converged security system provides a level of insurance against perceived threats and vulnerabilities.
Security risk review involves collecting data from security personnel and records to draw an assessment report that will be taken into consideration when implementing new operations. Not only does security risk review examine critical on-going processes but also susceptibility to risks. As a result, it provides insurance that a converged system has to be developed with the underlying assessment of threats for proper balance of allocated resources.
The threat analysis process involves three steps. These steps evaluate countermeasures and probabilities. The first step deals with the analysis of potential threats, which can be demonstrated through a case when the system fails, and the business is open to attacks like theft and physical damage. Second analysis deals with the vulnerabilities. This step looks at the potentiality of a company being attacked by threats, which can be countered by creating awareness of future risks. The third analysis deals with the developments of processes and countermeasures, for instance, control and preventive measures such as early detection and response.
Vulnerability Study
Vulnerability study is an assessment of threats posed to a business location at a given time (Kušen and Strembe, 2017). Typically, threats analysis report is applied when finding the appropriate way to counter the threats posed to business. Vulnerability study is a developed survey of physical apparatus. The review has the role of identifying, preventing, holding off and responding to threats. It forms the first line of defense against threats. The physical survey first identifies critical assets of the operating principles of a business and then works to deter this threat. The elements that are protected in the physical survey include the personnel, physical (hardware), data and business image. A converged security system is advantageous when carrying out a vulnerability study because it has a holistic approach to all these elements. The practices that aid a physical survey is a simple observation of the risks and loopholes. For example, a business server room has to have access control, CCTV monitoring, and guards. Therefore, an audit of this measures combined with their degree of compromise amount to physical security. The vulnerability survey answers questions like what is the level of each security protocol and its objectives (Huang, Liu, Fang, and Zuo, 2016). A converged approach to vulnerability study will entail covering all the points of threat entry with coordination from one central place.
Onion Principle
The onion principle is drawn from a model made up of layers with the center being the asset. Each layer is an added defense against the risk. Security measures increase as you pass each layer. With each layer, there is always an elimination of a threat. Examining of security protocols and checking its predisposition to risks is the primary objective of vulnerability study.
Security Design Solutions
It is developed after a vulnerability design has been carried out. It is mainly a schedule of tasks to be carried out after a physical survey. This indicates that operations have to be scheduled and distributed across places with needs. However, an identification of what loopholes to cover is paramount. Designing a security solution involves looking at each area separately. It then details each sector and establishes the observations and recommendations to develop risk elimination procedures (Riel, Kreiner, Macher, and Messnarz, 2017). This step is dependent on the security risk review. Furthermore, data is used to make decisions and to ensure that risk mitigation is carried out. The risk elimination has to be documented for future reviews.
Acceptance Report
Various factors are considered when accepting security risk report. Most of these factors are internal, and therefore, the acceptance report must meet the threshold of the standard industrial legislation. Based on the need to comply with government and laws, a company should be careful on the method it uses to mitigate the risks. Business ventures while securing its assets should also look at its profits. Financial expenditure into risk mitigation should be within reasonable budget allocations. The cost-effectiveness of the project should be measured to concur with the budget. Ølnes and Cook (2016) explain that approval of the security risk review depends on this main factor. Future maintenance and upgrades should be considered during acceptance. With concern to the above evidence, a convergent system is cheaper as compares to the regular security system.
Bid Management
After the security report has been accepted, it is the prerogative of the company executives to decide on who to award tenders to manage the security. Advertisement of tenders and management of bids in ensuring that the tender is awarded to the right firm is crucial as writing the security report. The effectiveness of the final project is essential, and management should select a vendor based on experience with similar projects and budget. Awarding of tenders to one entity is necessary to create a consistent plan. Also, considerations have to be made to ensure that the vendor is available for future adjustments and support at minimum or no cost. Before any bid is accepted, the tender specification must be to the business’ advantage (Ølnes and Cook, 2016). The tender should also specify that on implementation the process will not affect current operation.
Award and implementation process
The award and implementation process starts when the selected security contractors are invited to submit their tender applications. Tender documents are then issued to interested parties with a closing date for submission. The company may then organize for a site visits for the vendors to assess the scope of the project. After this, the company then start receiving tender documents from the prospective vendors. It then reviews the tenders adhering to factors such as price quoted and terms of delivery, which are carefully examined to select the best offer. The company, after close examination of the vendors then check up the business referees of the shortlisted vendors as a follow up to the information provided. Financial aspects are also handled at this stage. The company then iron out payment plans and the total cost of the project. After this assessment, the company awards the tender to the supplier who had the best overall terms. This thorough investigation is paramount to the business to prevent future problems that arise from hiring the wrong vendor. During the award and implementation process, the selected supplier has to develop a schedule of how they plan to carry out their works.
Review Test and User Training
This step initiates after the project has been completed and the system is ready for operations. When the system is completed, the vendor has to test it first before handing over the operation to the company. However, before handing over to the client, the work has to be commissioned and not signed off until training of the operators is complete. The vendor has to ensure that the client is satisfied with the training and that the operators have been certified to have completed the training successfully. System maintenance, after the operations have commenced is the responsibility of the vendor because they have detailed knowledge of the project. During the signing of the contract forms, the vendor had to have agreed to provide maintenance and support services when the project begins operation. The training of the operators should be a formal training with manuals and must be certified training by the relevant bodies. Finally, the contractor and the client have to sign off on the project as having been a success. This forms last steps. However, the contractor has to be available for system upgrades and adjustments.
Conclusively, the converged security feature is a new field. It is a continuously developing field that is controlled by a fast-changing market. The converged security system is dynamic in the sense that all these elements of security have been on the field for quite some time. However, it is only until recently that the principle of converging all these systems into one has been realized. The advantageous edge of such convergence systems is that they cover all the loopholes and other risks. Since security is at the forefront of all enterprises, converging security is a significant development. Companies may not see the benefits of having a converged system at first due to complications and lack of adequate knowledge in its operation. Building access control system that is foolproof is the first step towards building a converged system at any given instance (Mell, Shook, and Gavrila, 2016, pp. 13-22). Conventional methods are more attractive but can be compromised at any time. Also, converged systems are essential because they help streamline work motivation. Therefore, convergent security measures is an efficient way to manage security systems. However, it must be backed up with policies that ensure it is a success. Converging security forms a series of defenses such that when a threat passes the first defense the other line of defense can prevent. As a result, it is highly efficient.
References
Board, T.W.C.A., 2017. Johnson, Don v. Stanley Convergent Security Systems.
Dubin, R., Dvir, A., Pele, O., Hadar, O., Richman, I. and Trabelsi, O., 2016. Real-time video quality representation classification of encrypted HTTP adaptive video streaming-the case of safari. arXiv preprint arXiv:1602.00489.
Huang, C., Liu, J., Fang, Y. and Zuo, Z., 2016. A study on Web security incidents in China by analyzing vulnerability disclosure platforms. Computers & Security, 58, pp.47-62.
Karovič, V.K.M.D.V., 2015. INFORMATION SECURITY. CER Comparative European Research 2015, p.134.
Kušen, E. and Strembeck, M., 2017. Security-related Research in Ubiquitous Computing--Results of a Systematic Literature Review. arXiv preprint arXiv:1701.00773.
Loia, V., D’Aniello, G., Gaeta, A. and Orciuoli, F., 2016. Enforcing situation awareness with granular computing: a systematic overview and new perspectives. Granular Computing, 1(2), pp.127-143.
Mahapatra, N., Sahu, N., Nanda, S., Kaur, G. and Prahar, M., 2017. Unit-1 Evolution and Growth of ICT.
Mell, P., Shook, J.M. and Gavrila, S., 2016, October. Restricting insider access through efficient implementation of multi-policy access control systems. In Proceedings of the 2016 International Workshop on Managing Insider Security Threats (pp. 13-22). ACM.
Norman, T.L., 2016. Risk analysis and security countermeasure selection. CRC press.
Ølnes, J., and Cook, S.O., 2016. Security and signature requirements for e-tendering systems and services.
Riel, A., Kreiner, C., Macher, G., and Messnarz, R., 2017. Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Annals-Manufacturing Technology.
Rudowski, M. and Tarnowska, K., 2016. Decision support system for information systems security audit (WABSI) as a component of it infrastructure management. Information Systems in Management, 5(3), pp.389-400.
