Integrating Physical and IT Security

On Wednesday, Honeywell released a press release revealing many companies are integrating physical security measures with their IT security systems. They interviewed over 50 CIO's, CSO's, and CI&SO's of major US-based global companies.
According to their release:

Most respondents indicated increased interaction between their security and IT functions:

* 63 percent said their security and IT organizations “had a formal coordination mechanism”
* 10 percent stated the two functions are run as one entity within their organizations
* 52 percent noted their security functions had a formal working relationship with their audit and compliance functions, while 11 percent said those functions are combined

Why the integration? Some might say the better question is why has it taken so long. Well, it turns out many of the respondents feel a vulnerability in either fields could bring about a breach in another. Take a look at this data:

* 91 percent of the responding companies showed an increase in security investment
* 75 percent of which said those investments increased by more than eight percent
* 31 percent suggested a greater than 12 percent rise

“This study reinforces that companies are increasingly concerned with protecting their information assets as well as their physical assets, and they recognize that integrating once-disparate systems can be effective in addressing threats,” said Jim Ebzery, senior vice president of Identity and Security Management at Novell, which recently collaborated with Honeywell to develop a converged physical-IT security system. “How they choose to implement convergence varies on a number of factors including internal roles and overall attitudes about its effectiveness.”

With all this talk of integration, the question which must be asked is "Who's in charge in regards to an a coordinated attack on both systems?".

* 34 percent said there isn’t a single internal contact
* 27 percent said the Director of Security is responsible
* 14 percent said a single CSO deals with the threats
* 14 percent said the Crisis Management Group is ultimately responsible

The study’s margin of error is plus/minus 2 percent.

If you're considering this as a career, it behooves you to get "smart" on both sides. What sense does it make to build a multi-tiered surveillance system using network infrastructures if you're not knowledgeable on the risks you face. I would hate to be you if an incident occurs on the IT side and it affects your cameras or alarms. I'm sure your boss is going to ask what measures did we have in-place and how were they defeated. He/she will be looking at you to communicate with IT to find out.