Abstract
Reliance on technology presents one of the weakest links in contemporary organisational security, as certain threats can fall into the functional gaps between physical and information technology (IT) security departments. These can be described as ‘converged threats’ when an IT-based attack delivers an impact, such as a virus attack that halts the operation of critical infrastructure, or a physical attack on a system that compromises the security of data, such as an intruder or dishonest employee installing devices on computers to enable the stealing of electronic data. The aim of this article is to present and reflect on a converged approach to organisational security risk management as a means of addressing blended threats. We discuss this idea of converged security in the context of wider trends towards enterprise-wide approaches to risk management, and present a model demonstrating how converged security can be undertaken without a fundamental restructuring of these two key functions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aleem, A. (2013) Cyber Security: A Guide to Fraud Prevention and Building a Secure Framework. Chichester, UK: Wiley.
Aleem, A. and Sprott, C. (2013) Let me in the cloud: Analysis of the benefit and risk assessment of cloud platform. Journal of Financial Crime 20 (1): 6–24.
ASIS International. (2010) Enterprise Security Risk Management: How Great Risks Lead to Great Deeds: A Benchmarking Survey and White Paper. Alexandria, VA: ASIS International, Online: http://www.asisonline.org/education/docs/CSORT_ESRM_whitepaper_2010-04.pdf.
Beck, A. (2006) Shrinkage and radio frequency identification (RFID): Prospects, problems and practicalities. In: M. Gill (ed.) The Handbook of Security. Basingstoke, UK: Palgrave Macmillan.
Beck, A. (2007) The emperor has no clothes: What future role for technology in reducing retail shrinkage? Security Journal 20 (1): 57–61.
Beck, A. (2009) New Loss Prevention: Redefining Shrinkage Management. Basingstoke, UK: Palgrave Macmillan.
Booz Allen Hamilton. (2005) Convergence of Enterprise Security Organizations. Alexandria, VA: The Alliance for Enterprise Security Risk Management, Online: http://www.asisonline.org/newsroom/alliance.pdf.
Briggs, R. and Edwards, C. (2006) The Business of Resilience. London: Demos, Online: http://www.demos.co.uk/publications/thebusinessofresilience.
Button, M. (2008) Doing Security. Basingstoke, UK: Palgrave Macmillan.
Cabinet Office. (2012) The UK Cyber Security Strategy. London: Cabinet Office.
Casualty Actuarial Society (CAS). (2003) Overview of Enterprise Risk Management. Arlington, VA: Casualty Actuarial Society, Online: http://www.casact.org/area/erm/overview.pdf.
Detica. (2011) The Cost of Cyber Crime. London: Cabinet Office.
Garcia, M.L. (2006) Risk management. In: M. Gill (ed.) The Handbook of Security. Basingstoke, UK: Palgrave Macmillan.
Gill, M., Burns-Howell, T., Keats, G. and Taylor, E. (2007) Demonstrating the Value of Security. Leicester, UK: Perpetuity Research and Consultancy International.
Hamilton, G. (1996) Risk Management 2000. Lund, Sweden: Studentlitteratur.
HM Government. (2010) A Strong Britain in an Age of Uncertainty: The National Security Strategy. London: The Stationery Office, Online: http://www.cabinetoffice.gov.uk/resource-library/national-security-strategy-strong-britain-age-uncertainty.
Kovacich, G.L. and Halibozek, E.P. (2006) Security Metrics Management. Oxford: Butterworth-Heinemann.
KPMG. (2011) The e-Crime Report 2011: Managing Risk in a Changing Business and Technology Environment. London: KPMG, Online: http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/ecrime-report-2011-accessible-2.pdf.
Loveday, B. (2006) Policing performance: The impact of performance measures and targets on police forces in England and Wales. International Journal of Police Science and Management 8 (4): 282–292.
Power, M. (2007) Organized Uncertainty: Designing a World of Risk Management. Oxford: Oxford University Press.
Rahman, S.M. and Donahue, S.E. (2010) Convergence of corporate and information security. International Journal of Computer Science and Information Security 7 (1): 63–68.
PwC. (2012) UK Information Security Breaches Survey Results in 2012. London: PricewaterhouseCoopers, Online: http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-technical-report.pdf, accessed 29 April 2013.
PwC/ISAF. (2010) Convergence of Security Risks: Addressing the Security Dilemma in Today’s Age of Blended Threats. London: PricewaterhouseCoopers, Online: http://www.theisaf.org/documents/Security_Risk_Convergence.pdf.
Verbrugge, J. (2008) University of Georgia roundtable on enterprise-wide risk management. In: G. Chew (ed.) Corporate Risk Management. New York: Columbia University Press.
Verizon. (2012) 2012 Data Breach Investigations Report. New York: Verizon, Online: http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf.
Wagg, C. (2010) The campus sentinels. BSc dissertation, Portsmouth: University of Portsmouth.
Wakefield, A. and Gill, M. (2009) When security fails. Journal of Policing, Intelligence and Counter Terrorism 4 (2): 9–23.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Aleem, A., Wakefield, A. & Button, M. Addressing the weakest link: Implementing converged security. Secur J 26, 236–248 (2013). https://doi.org/10.1057/sj.2013.14
Published:
Issue Date:
DOI: https://doi.org/10.1057/sj.2013.14