Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Security and analytics

November 2003 News & Events

During the course of the last three years I have been focused editorially on our IT titles: Network Times and eSecure. It has been fascinating to communicate the heightened corporate governance sensitivities and risk management issues to a receptive audience.

Now that I am back as Editor of Hi-Tech Security Solutions, I thought it would be instructive to see what we can learn from the drivers and trends in the business technology arena, if only because security technology is increasingly being influenced by exactly the same drivers.

As you will read in the issue, networking and IP are fundamental to current and future generation security solutions. As security systems (in fact you could argue, any data-based solutions) are only as good as the integrity of the information on which they are based, it seems obvious that successful solutions are all about getting the right information to the right people at the right time in the right format.

Simple, is it not?

What I find fascinating about this embracing of IP and networking generally, is that it is not confined to any one sector. Manufacturing (Technews also publishes SA Instrumentation and Control) is grappling with exactly the same issue, for much the same reasons ... manufacturing, automation and process control solutions have long been based on proprietary networks (Profibus and LonWorks Echeleon-based networks spring to mind), but IP-based (Ethernet) networks are considerably cheaper, more pervasive and offer many of the benefits that proprietary networks have traditionally used to differentiate themselves. The trend towards IP-based solutions is all but unstoppable, in all the sectors in which its driving solutions integration, and wireless connectivity is extending the reach of this ubiquitous networked world.

But now the real problems will only start. This wholesale embracing of IP hauls whole industries kicking and screaming into a legislative landscape that differs materially from that they are used to. There are laws relating to data protection, privacy, risk management, business continuity, access to information and electronic monitoring which now start to, or potentially will, affect these evolving industry sectors. The legal landscape has changed, and most of us do not understand the implications of this.

Another area that is interesting is that of analytics as applied to security. A business intelligence approach to extracting value from information, analytics in intelligent systems in the security world is going to be something of a boon to security managers and risk managers as they seek to apply limited resources to areas where risk is the highest.

Annemarie Cronje, product manager for Operational Intelligence at SAS Institute SA, suggests that with the complexity of IT security systems and soaring incidences of attack, analytic techniques must be introduced to the information security arsenal to equip company executives to effectively mitigate and manage risk. She adds that company directors require systems to allow them to rapidly and effectively assess the security posture of their businesses.

"Emerging laws and reports including the King II Report, the Electronic Communications and Transactions Bill (ECT), the South African Constitution and the Promotion of Access to Information Act (PROATIA) place new responsibilities on the shoulders of directors in terms of company security."

She explains that the introduction of these corporate governance measures makes the CEO and the board of directors directly responsible for the security status of the organisation.

"Without tools that cut through massive volumes of data to give them a simple yet accurate picture of their security status, directors may be exposing themselves to serious liabilities."

The reality is that businesses face an alarming volume of information security threats.

"Viruses, hackers, crackers, worms, Trojans and many other types of malware pervade the corporate network," she says. In an effort to combat the copious threats facing their information infrastructure, businesses have typically implemented many systems. Characteristically, security infrastructure comprises firewalls, antivirus software and intrusion detection systems.

Physical and logical access control

Additionally, she says, access control, both physical and logical, forms an integral component of the security measures, while data from infrastructure management solutions contribute potentially valuable information that can be leveraged to ensure system integrity. The trouble with the myriad of systems deployed to protect corporations from compromise is the sheer volume of data generated by monitoring the complete spectrum of network activity.

"Every system generates its own log file, many of which run into hundreds of pages daily. These log files must be analysed to identify anomalies and changes in network behaviour, which provide an indication of the occurrence of attacks," says Cronje.

"Directors may well find themselves overwhelmed with a mountain of data and no way to sift through the information to identify and act on salient information."

Datawarehousing

By establishing an IT security data warehouse, the full spectrum of information generated throughout the organisation, and even from the extended supply chain, can be collected into a single repository. In this repository, every security-related incident from systems across the organisation is assimilated and can be analysed to provide an instant, accurate picture of security status.

From a security/risk dashboard, line management and executives can instantly and accurately assess their security status for statutory compliance, as well as providing an effective benchmark for data insurance purposes. "Additionally, companies looking to electronically integrate with trading partners are able to rapidly provide a benchmarked security assessment to demonstrate their security posture," she adds. Cronje notes that effective security management has to take into account the full spectrum of the technology environment, within the context of security policy and standards, and taking cognisance of the security architecture and processes. "Analytical techniques enable executives to view the entire security situation at a glance. They can audit, monitor and investigate security across the board, while effectively validating their security posture for regulatory compliance."

Who says IT is not in the driving seat anymore? We have hardly begun the journey.

Till next month,

Darren Smith





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Is your entrance security secure?
SMART Security Solutions Centurion Systems Technews Publishing News & Events Access Control & Identity Management Smart Home Automation
While Centurion Systems may be known as a leader in gate and door motors in 72 countries, the company has developed more than hardware and now offers an automation ecosystem for access control security.

Read more...
Continuum launches centralised access and identity management
News & Events Access Control & Identity Management Facilities & Building Management
Continuum Identity is a newly launched company in the identity management and access control sector, targeting the complexity of managing various Access and Identity Management (AIM) systems.

Read more...
From prevention to protection
Securex South Africa News & Events Fire & Safety
The Western Cape’s varied landscapes and rapid urban development present a range of fire safety challenges, from densely populated city centres to remote industrial sites, and from heritage buildings to new high-rise developments.

Read more...
Workflow and asset management solutions
Asset Management News & Events
Zamatrack’s innovative workflow and asset management solutions feature the Worxit platform. This all-in-one solution allows businesses to streamline operations with real-time tracking, GPS data, and custom reports.

Read more...
SAQCC Gas awareness
Associations News & Events
SAQCC Gas will raise awareness within the gas industry by emphasising the importance of using registered gas practitioners and getting a Certificate of Compliance (CoC) for all your gas systems.

Read more...
Why Securex matters more than ever
Securex South Africa News & Events Fire & Safety Facilities & Building Management
Visitors will observe the application of integrated security solutions, including AI-enhanced surveillance, cloud-based access control, cybersecurity tools, and perimeter protection within residential, commercial, logistics, and industrial environments

Read more...
Fire Ops SA Partners with Matrix
News & Events Fire & Safety Residential Estate (Industry)
Fire Ops SA, a South African private fire and rescue service, has announced its partnership with Matrix Vehicle Tracking to launch FireStop, providing Matrix and Beame clients with direct access to a dedicated professional private fire service.

Read more...
SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
Adding AI analytics to security monitoring
SEON South Africa News & Events Perimeter Security, Alarms & Intruder Detection Residential Estate (Industry) AI & Data Analytics
SEON has announced its latest integration with Refraime, an AI-powered video analytics platform designed to elevate CCTV surveillance through real-time object detection and intelligent alerting.

Read more...
Advances in electric fence management
Nemtek Electric Fencing Products News & Events Perimeter Security, Alarms & Intruder Detection
Nemtek will demonstrate its newly enhanced FG7C+ Fence Controller, now featuring an advanced software upgrade that connects all Nemtek devices, aggregating data to a single point for efficient electric fence alarm monitoring and control.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.