How do security directors interact with IS departments?

Sep 1, 1998 12:00 PM, GEORGE PARTINGTON and KATE HENRY

           

What is the relationship between the information systems (IS) department and the security department? According to our interviews with security directors profiled in this issue, the relationship is becoming more important - and consequently closer - every day. Georgia Tech director of research security Robert Lang has been at the forefront of the trend. He has consulted with information technology personnel since joining the school 10 years ago. Lang, who regularly attends senior level meetings with the vice president of information technology, is included in policy discussions that involve his department and IT. Lang says it is important for security directors to become literate in information technology. "The worst thing you can do is have the person in charge of your security operation too nervous to hold a conversation or not confident enough to express an opinion," he says. At Millard Fillmore Health System, personnel of the IS and security divisions consult each other often. Robert C. Vance III, director of safety, security and police, anticipates the two divisions will eventually become one. "As the system comes together more, I think there will be more blending and crossing of job responsibilities in terms of firewalls and setting up network protection and UNIX development," he says. "We will be sending some of our officers and supervisors to upcoming IT educational programs." Vance urges security directors to educate themselves about information systems. "It's here and it's not going to change," he says. Joseph Mansfield of Sprint PCS says the company's information technology group and the security department are "joined at the hip. Many of the processes and procedures are identical." The security department interfaces with the IT manager in an ongoing effort to enhance all aspects of security. Brian Haley of Dow AgroSciences says his security department's involvement with the IS department is low, but growing. "The day is coming when they will be much more linked," he says. For example, IS does not want anything to do with the access control system, says Haley: "it's yours and we don't have any support to help you with." But the IS department is interested in security's video imaging ID program and has asked to use the photo and employee data information, says Haley. CVS Pharmacy director of field loss prevention Pete Blizniak works with the director of loss prevention services, who has daily involvement with the manager of information services. A new system that keeps an electronic journal has resulted from the working relationship, says Blizniak. "We no longer have journal tapes at the cash registers," notes Blizniak. "The customer still gets a receipt, but the piece that remains behind is electronic." The electronic journal sorts the data and alerts management of a negative function. For example, when a person rings a sale below a specific threshold, an alert pops up on the store controller, and a manager can immediately investigate. The system has reduced shrinkage at CVS stores, says Blizniak. Vince Nye, security manager at NEC Electronics, says the security and information systems departments remain separate, since the security systems stand alone. Still, they do work together when appropriate. Information systems personnel developed the software management part of the visitor access control system. "I don't think we are any different from any other production facility or manufacturer in that IT systems are critical to the production process and that is their priority," Nye says. "Also, information security is a specialty unto itself and requires the expertise of computer programmers and people knowledgeable about computer science. So we have little involvement in that from a security standpoint." Sandy Cowie, security/safety manager for the Principal Financial Group, does not think the IS function in her industry will merge with the security function. However, the two disciplines are "critical partners." After people, the biggest component at the Principal is information, she says, and security partners with IS on emergency planning and management. In addition, an IS department representative is part of the security technology selection team to make sure the equipment meets corporate protocol. The IS department has established communication networks throughout satellite facilities, and security is using the corporate communication network to monitor building alarms and control access for satellite facilities. Although information protection is not part of the security operation, Cowie is on their committee and goes to their meetings. Physical security issues will come up, she says, and information security issues often impact the physical security department.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

SUBSCRIBE

Select an Issue April 1, 2008 March 1, 2008 February 1, 2008 January 1, 2008 December 1, 2007 November 1, 2007 October 1, 2007 September 1, 2007 August 1, 2007 July 1, 2007 June 1, 2007 IP Security Supplement May 1, 2007 April 1, 2007 March 1, 2007 February 1, 2007 January 1, 2007 School Security December 1, 2006 November 1, 2006 October 1, 2006 September 1, 2006 August 1, 2006 July 1, 2006 June 1, 2006 May 1, 2006 April 1, 2006 March 1, 2006 February 1, 2006 January 1, 2006 December 1, 2005 November 1, 2005 October 1, 2005 September 1, 2005 August 1, 2005 July 1, 2005 June 1, 2005 May 1, 2005 April 1, 2005 March 1, 2005 February 1, 2005 January 1, 2005 December 1, 2004 November 1, 2004 October 1, 2004 September 1, 2004 August 1, 2004 July 1, 2004 July 1, 2004 June 1, 2004 May 1, 2004 April 1, 2004 March 1, 2004 February 1, 2004 January 1, 2004 December 1, 2003 November 1, 2003 October 1, 2003 September 1, 2003 August 1, 2003 July 1, 2003 June 1, 2003 May 1, 2003 April 1, 2003 March 1, 2003 February 1, 2003 January 1, 2003 December 1, 2002 November 1, 2002 October 1, 2002 September 1, 2002 August 1, 2002 July 1, 2002 June 1, 2002 May 1, 2002 April 1, 2002 March 1, 2002 February 1, 2002 January 1, 2002 December 1, 2001 November 1, 2001 October 1, 2001 September 1, 2001 August 1, 2001 July 1, 2001 June 1, 2001 May 1, 2001 April 1, 2001 March 1, 2001 February 1, 2001 January 1, 2001 December 1, 2000 November 1, 2000 October 1, 2000 September 1, 2000 August 1, 2000 July 1, 2000 June 1, 2000 May 1, 2000 April 1, 2000 March 1, 2000 February 1, 2000 January 1, 2000 December 1, 1999 November 1, 1999 October 1, 1999 September 1, 1999 August 1, 1999 July 1, 1999 June 1, 1999 May 1, 1999 April 1, 1999 March 1, 1999 February 1, 1999 January 1, 1999 December 1, 1998 November 1, 1998 October 1, 1998 September 1, 1998 August 1, 1998 July 1, 1998 June 1, 1998 May 1, 1998 April 1, 1998 March 1, 1998 February 1, 1998 January 1, 1998 December 1, 1997 November 1, 1997 October 1, 1997 September 1, 1997 August 1, 1997 July 1, 1997 June 1, 1997 May 1, 1997 April 1, 1997 March 1, 1997 February 1, 1997 January 1, 1997

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue