Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Integrating Physical and Cybersecurity

By Eric Reed
May 25, 2010

A recent DEFCON presentation described a package sent by ethical hackers to a non-existent employee at a large corporation. The package was diverted to the mailroom and forgotten. The smartphone contained within the package allowed the hackers to access the corporate LAN until its battery died. Who is responsible for the breach in information security? Is it the CIO or the security manager? An obvious answer is both – the two domains are converging. A better answer may be the CEO. Risk mitigation is a team sport, and the CEO leads the team.

Physical security and cyber security must complement each other. Real world security measures can be defeated by cyber-exploits, and the best cyber defenses can be outflanked in the real world. Investment decisions in each domain should spring from deliberate efforts to mitigate risks to the enterprise, ensuring it accomplishes its mission and recovers from adverse events.


New Capabilities Bring New Threats

There is no doubt that the Internet and associated technology provide unprecedented capabilities and opportunities for business, for government, and for individuals. The ability to remotely access information has revolutionized the way business is conducted and the way individuals live. But the flip side of these benefits is that the capabilities also can be used for malicious aims. New opportunities and the rapid adoption of new communication technologies bring security vulnerabilities, and the vulnerabilities aren’t just inherent in devices and technology; well-intentioned users are often the unwitting means to malicious ends.

As the Internet continues to develop and bring more people online, the volume of threats continues to grow. The scope of threats continues to develop and is limited only by the ingenuity of our Internet neighbors. Cybersecurity businesses offer subscription service because the threat is so dynamic that suites of countermeasures must be continually updated. So, even though critical corporate assets—people, equipment, and information—may be concentrated geographically in the physical world, risk mitigation must address threats that are global, potentially innumerable and constantly evolving.

Ensuring complementary security efforts in the physical world and cyberspace begins with acknowledging how they differ. There is no safe stand-off distance in cyberspace. The other side of the world, and all of its bad neighborhoods, are a mouse click away. Attacks can be launched from anywhere around the globe at any time, and often without alerting the intended victim.

Security staff is therefore challenged to think about risk mitigation in new ways. Before the Information Age, “enforced need-to-know” described both the fundamental principle and practice of information security. Before electronic media and networks, the dissemination of controlled information required a conscious act. Risks were mitigated because dissemination was deliberate and limited. Too often today, access to a network includes access to vast amounts of information for which there is no valid need-to-know. Network administrators are empowered to limit access, but may not appreciate fully the operational implications, and may not be able to keep up with changing requirements of knowledge workers. But once information is accessed by the wrong entity, re-establishing control is impossible—the risk equation has changed.


What’s Critical to the Mission?

Organizations with limited resources must focus their efforts on what truly requires protection. While security’s mandate is to manage the protection measures designed to preserve the organization and assure the success of its operations, the identification of critical assets and determination of appropriate protection levels are activities that require early participation from the business side of the organization. Those responsible for business operations are better equipped to determine what is critical to the organization or the mission, and to articulate acceptable and unacceptable consequences of risk mitigation measures proposed by the security staff. 

Most organizations would benefit from revisiting the framework used to support risk decisions. The framework should bring together stakeholders from the security disciplines and the operational elements. The framework should provide a forum and a repeatable, traceable process to identify critical assets, revisit threats and associated vulnerabilities, and plan and monitor synchronized actions taken to mitigate risk. Its participants should monitor changes to the organization and its mission, and stay abreast of best practices and other developments in the disciplines represented. In such a fashion, integration across security disciplines may be achieved and the organization maintains the capability to think through and manage evolving risks to the enterprise, regardless of origin.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Eric Reed is the Technology Protection Program Manager in QinetiQ North America’s Mission Solutions Group.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • security-cyber-leadership.jpg

    Top 12 physical security, cybersecurity & risk management stories of 2022

    See More
  • cyber handshake

    New opportunities at the intersection of physical and cybersecurity

    See More
  • digital-cyber

    Preparing For Physical and Cybersecurity Convergence

    See More

Related Products

See More Products
  • Physical Security and Safety: A Field Guide for the Practitioner

  • Physical Layer Security in Wireless Communications

  • The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing