Insights can be gained sometimes by analyzing the professional lexicon of IT and security practitioners. If a term is recognized and is common to a company, it may reflect current practices. A very savvy responder, nevertheless, might be familiar with a term regardless of whether it’s used internally. The percentages of respondents claiming to recognize the following acronyms and jargon as being pertinent to their operations are noted below.
75% ISO: This term stands for International Organization for Standardization. It is not an acronym. Rather, it is based on the Greek word, iso, meaning equal. This response suggests that a fairly high percentage of the surveyed companies comply with ISO standards. ISO covers a panoply of standards, including many for the IT/computer industries.
46% Six Sigma: Six Sigma is a coined name for a quality control process developed by Motorola in 1986 that emphasized discovering and reducing defects through a formal and highly structured process. It has since evolved into various forms that can be applied to almost anything. The IT community has adopted its concepts. Almost one-half of the respondents appear to be using a Six Sigma process, or at least they know what it means.
32% SCADA: This is the acronym for “supervisory control and data acquisition” and is associated with networked and automated systems that are capable of real-time monitoring and control. A third of reporting companies are familiar with the term.
26% PKI: PKI is the abbreviation for “public key infrastructure.” It is a type of encryption protocol to protect data transmitted over the Internet. Awareness of the term suggests familiarity with protection against cybercrimes. Only a quarter of the respondents knew this term.
25% ASP: ASP stands for “application service provider.” These are companies that provide security services over the Internet whereby their servers host application software that is used by a client on a subscription basis. Some also provide monitoring services.
16% HSPD-12: As discussed earlier, HSPD-12 is a presidential directive intended to secure and standardize methods of identification for federal employees and contractors. It is closely associated with smartcard technology. About 49% of the surveyed companies reported they were using smartcards, but, oddly, only 16% recognized the term.
12% PACS: Another abbreviation, this stands for “programmable automation controllers” and is a technical variant of “programmable logic controller.” It is less frequently used for security systems except in those instances, as one example, when a very large number of doors have to be controlled.
The following terms and acronyms relate to building automation systems and infrastructure. It is curious that 29 percent of the survey respondents reported that their security systems were part of a building automation system, but only 2 to 5 percent were familiar with the nomenclature associated with that technology. A term that should have been included in the questionnaire (but unfortunately wasn’t), LonWorks, might have been more recognizable because it is a very familiar technology (intelligent multiplexing) that is occasionally used for security systems to reduce the construction costs of conduit and wiring.
♦ 05% PHYSBITS, or Physical Security Bridge to IT Security, is an international standard and data model that is supported by the Open Security Exchange (OSE) and the Global Information Assurance Certification (GIAC) program. It is at the heart of physical and IT security convergence.
♦ 05% BACnet, Building Automation and Control Network, is a well-known and long-standing data communications protocol for building automation. It is an ISO standard.
♦ 02% oBIX, or Open Building Information Exchange, is another international standard related to convergence.
The last term is a nonsense word that was included as a test to see if any responders were spoofing the questionnaire. No one checked that box.
♦ 00% Klaatu, or a made-up alien word used in the 1951 science fiction classic, The Day the Earth Stood Still.
The final part of the questionnaire asked about cross-training. About 23 percent of the companies reported that formal training in physical security was available for IT employees and 34 percent stated that formal training in computer technology was available for security employees. It is not known if the training was available “in-house” or through local community colleges.
What is to be done
Many of the survey results forecast gloom for the security industry, but there is time to change the outcome. Security professionals must press for greater involvement in convergence and standards. More colleges need to offer security management degrees and, more importantly, understand that criminal justice and public safety are not synonymous with security management. Colleges should offer doctorate programs.
In this same regard, all security professionals need to educate themselves about computer technology. Professional security associations need to listen less to lawyers and shift from passively supporting nonutilitarian guidelines to actively participating in the standards writing process. American security professionals also have to accept the reality that the European Union is going to play a role in the development of security standards for convergence.
All of these things can happen if we want. Like it or not, the world as we know it is going to change. By 2020, many of the things we take for granted will be extinct, such as print newspapers, iPods, most desk-top computers, supermarket check-out lines, car keys, and a legion of other obsolete technologies. The security industry must do whatever it takes to ensure that its profession doesn’t become aged and unfit. The comet is approaching, but there’s time to deflect it.
John J. Strauchs, CPP, is the senior principal of Strauchs LLC, a security consulting and design firm located in Virginia. Praise and censure welcomed at “John’s Blog”: www.strauchs-llc.com.
© Strauchs LLC
Photo from homepage by purpleslog/Flickr