SlideShare a Scribd company logo

The weakest link in today’s physical security … and no, it’s not people

D
Doreen Loeber

The weakest link in today’s physical security … and no, it’s not people

Business
1 of 12
The weakest link in today’s physical security … and no, it’s not people Bart Vansevenant Co-founder Ticto (now part of RightCrowd)
▪ Physical security is achieved by building hard perimeters. ▪ People cannot be trusted. Humans are the weakest link. ▪ Technical security controls are what we need. The more the better. The (implicit) assumptions we have been making
▪ 300k access cards still working but people no longer with company. ▪ More access levels than employees. ▪ Physical penetration test at Belgian bank. A few anecdotes … Our unconditional trust in technology creates a false sense of security
So where do we go from here?
▪ 1995 – 2010: focus on building strong perimeter between the ‘bad’ Internet and the ‘trusted’ internal network – the golden era of the ‘firewall’ ▪ Realization that sole focus on perimeter protection did not solve the problems ; ▪ Shift towards more holistic and risk-based approach ▪ Still securing the network perimeter ▪ Also securing the internal network (databases, applications, end points) The cyber security analogy
Introducing the next layer of security … Perimeter Control Access Control Point in time decision grant / deny Physical barriers protecting the facility Presence Control Continuous validation that everyone on site is right
▪ Use of active digital security credentials as opposed to current passive tags ▪ Smartphone app ▪ Security wearables ▪ Know for sure who that person is (strong authentication) and whether that person is allowed to be there (authorization) ▪ Know where each person is inside of a building (by zone) ▪ Allows for myriad of applications also beyond physical security ▪ Safety, logical security, social, convenience, health, building automation Presence Control Example of security wearable
Restoring the balance People Technology Process Engaging people in security Automating access rules and workflows
▪ Physical security is achieved by building hard perimeters. New presence control solutions allow a combination of a 'hard outer perimeter' and less expensive and more flexible 'soft internal zones'. ▪ People cannot be trusted. Humans are the weakest link. Engage your people to spot potential security incidents. ▪ Technical security controls are what we need. The more the better. Ensure optimal use of existing controls by automating the rules and workflows that enforce your security policies. Conclusion
Q & A
Thank you !

Recommended

Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
Top Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureTop Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureNiloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Trustifier tux™ makes effective security simple
Trustifier tux™ makes effective security simpleTrustifier tux™ makes effective security simple
Trustifier tux™ makes effective security simpleG.F. Windsor, Barrister & Solicitor
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtAndrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtInfosecurity2010
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of CybersecurityTruShield Security Solutions
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 

Recommended

Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
Top Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureTop Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureNiloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Trustifier tux™ makes effective security simple
Trustifier tux™ makes effective security simpleTrustifier tux™ makes effective security simple
Trustifier tux™ makes effective security simpleG.F. Windsor, Barrister & Solicitor
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtAndrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtInfosecurity2010
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of CybersecurityTruShield Security Solutions
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Carpenter: Getting Access Control from Here to There
Carpenter: Getting Access Control from Here to ThereCarpenter: Getting Access Control from Here to There
Carpenter: Getting Access Control from Here to ThereNational Information Standards Organization (NISO)
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Asim Jahan
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonspkiely
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
Rapid data services limited
Rapid data services limitedRapid data services limited
Rapid data services limitedoomagoolies
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 

More Related Content

What's hot

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Asim Jahan
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonspkiely
 

What's hot (16)

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Carpenter: Getting Access Control from Here to There
Carpenter: Getting Access Control from Here to ThereCarpenter: Getting Access Control from Here to There
Carpenter: Getting Access Control from Here to There
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis - Telecom and Security
John Yessis - Telecom and Security
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
 

Similar to The weakest link in today’s physical security … and no, it’s not people

[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
Rapid data services limited
Rapid data services limitedRapid data services limited
Rapid data services limitedoomagoolies
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & CyberPaul Andrews
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
News letter June 11
News letter June 11News letter June 11
News letter June 11captsbtyagi
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And PrivacyManan Gadhiya
 
Sollensys Employee Benefits
Sollensys Employee BenefitsSollensys Employee Benefits
Sollensys Employee BenefitsDeepPatel273775
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...NRBsanv
 
Next Generation Cyber Security
Next Generation Cyber SecurityNext Generation Cyber Security
Next Generation Cyber SecurityIan McGregor
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthingsPrayukth K V
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!Caroline Johnson
 

Similar to The weakest link in today’s physical security … and no, it’s not people (20)

Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
 
Rapid data services limited
Rapid data services limitedRapid data services limited
Rapid data services limited
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & Cyber
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & Cyber
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
News letter June 11
News letter June 11News letter June 11
News letter June 11
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
 
Sollensys Employee Benefits
Sollensys Employee BenefitsSollensys Employee Benefits
Sollensys Employee Benefits
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
 
Next Generation Cyber Security
Next Generation Cyber SecurityNext Generation Cyber Security
Next Generation Cyber Security
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthings
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!
 

More from Doreen Loeber

The growth of young professionals into the security industry (a live case study)
The growth of young professionals into the security industry (a live case study)The growth of young professionals into the security industry (a live case study)
The growth of young professionals into the security industry (a live case study)Doreen Loeber
 
Burnout: When bad things happen to good security professionals
Burnout: When bad things happen to good security professionalsBurnout: When bad things happen to good security professionals
Burnout: When bad things happen to good security professionalsDoreen Loeber
 
The New APP Certification
The New APP CertificationThe New APP Certification
The New APP CertificationDoreen Loeber
 
How to Secure an Open Campus
How to Secure an Open CampusHow to Secure an Open Campus
How to Secure an Open CampusDoreen Loeber
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
True or False in the Age of Fake News
True or False in the Age of Fake NewsTrue or False in the Age of Fake News
True or False in the Age of Fake NewsDoreen Loeber
 
Sharing is caring: Duty of Care and the Sharing Economy
Sharing is caring: Duty of Care and the Sharing EconomySharing is caring: Duty of Care and the Sharing Economy
Sharing is caring: Duty of Care and the Sharing EconomyDoreen Loeber
 
Video Surveillance in Marine Environments
Video Surveillance in Marine EnvironmentsVideo Surveillance in Marine Environments
Video Surveillance in Marine EnvironmentsDoreen Loeber
 
How Access Control is impacted by cloud, mobile and GDPR
How Access Control is impacted by cloud, mobile and GDPRHow Access Control is impacted by cloud, mobile and GDPR
How Access Control is impacted by cloud, mobile and GDPRDoreen Loeber
 
Insurance and security: finding common ground in a volatile security risk env...
Insurance and security: finding common ground in a volatile security risk env...Insurance and security: finding common ground in a volatile security risk env...
Insurance and security: finding common ground in a volatile security risk env...Doreen Loeber
 
Vendor Partnering. The A to Z of Developing Great Relationships
Vendor Partnering. The A to Z of Developing Great RelationshipsVendor Partnering. The A to Z of Developing Great Relationships
Vendor Partnering. The A to Z of Developing Great RelationshipsDoreen Loeber
 
The competitive advantage of holding a professional certification
The competitive advantage of holding a professional certificationThe competitive advantage of holding a professional certification
The competitive advantage of holding a professional certificationDoreen Loeber
 
Career Development Workshop
Career Development WorkshopCareer Development Workshop
Career Development WorkshopDoreen Loeber
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills CocktailDoreen Loeber
 
Research revealed on access control challenges for multinationals
Research revealed on access control challenges for multinationalsResearch revealed on access control challenges for multinationals
Research revealed on access control challenges for multinationalsDoreen Loeber
 
Artificial Intelligence and Automation in Mobility Risk Management
Artificial Intelligence and Automation in Mobility Risk ManagementArtificial Intelligence and Automation in Mobility Risk Management
Artificial Intelligence and Automation in Mobility Risk ManagementDoreen Loeber
 
Your building is talking. Are you listening?
Your building is talking. Are you listening?Your building is talking. Are you listening?
Your building is talking. Are you listening?Doreen Loeber
 
Why a Unified Approach to Critical Event Management Improves Operational Resi...
Why a Unified Approach to Critical Event Management Improves Operational Resi...Why a Unified Approach to Critical Event Management Improves Operational Resi...
Why a Unified Approach to Critical Event Management Improves Operational Resi...Doreen Loeber
 
Data-driven crime prevention using AI
Data-driven crime prevention using AIData-driven crime prevention using AI
Data-driven crime prevention using AIDoreen Loeber
 
Case Study: Digitalization of Systems Brings Smarter Buildings
Case Study: Digitalization of Systems Brings Smarter BuildingsCase Study: Digitalization of Systems Brings Smarter Buildings
Case Study: Digitalization of Systems Brings Smarter BuildingsDoreen Loeber
 

More from Doreen Loeber (20)

The growth of young professionals into the security industry (a live case study)
The growth of young professionals into the security industry (a live case study)The growth of young professionals into the security industry (a live case study)
The growth of young professionals into the security industry (a live case study)
 
Burnout: When bad things happen to good security professionals
Burnout: When bad things happen to good security professionalsBurnout: When bad things happen to good security professionals
Burnout: When bad things happen to good security professionals
 
The New APP Certification
The New APP CertificationThe New APP Certification
The New APP Certification
 
How to Secure an Open Campus
How to Secure an Open CampusHow to Secure an Open Campus
How to Secure an Open Campus
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
True or False in the Age of Fake News
True or False in the Age of Fake NewsTrue or False in the Age of Fake News
True or False in the Age of Fake News
 
Sharing is caring: Duty of Care and the Sharing Economy
Sharing is caring: Duty of Care and the Sharing EconomySharing is caring: Duty of Care and the Sharing Economy
Sharing is caring: Duty of Care and the Sharing Economy
 
Video Surveillance in Marine Environments
Video Surveillance in Marine EnvironmentsVideo Surveillance in Marine Environments
Video Surveillance in Marine Environments
 
How Access Control is impacted by cloud, mobile and GDPR
How Access Control is impacted by cloud, mobile and GDPRHow Access Control is impacted by cloud, mobile and GDPR
How Access Control is impacted by cloud, mobile and GDPR
 
Insurance and security: finding common ground in a volatile security risk env...
Insurance and security: finding common ground in a volatile security risk env...Insurance and security: finding common ground in a volatile security risk env...
Insurance and security: finding common ground in a volatile security risk env...
 
Vendor Partnering. The A to Z of Developing Great Relationships
Vendor Partnering. The A to Z of Developing Great RelationshipsVendor Partnering. The A to Z of Developing Great Relationships
Vendor Partnering. The A to Z of Developing Great Relationships
 
The competitive advantage of holding a professional certification
The competitive advantage of holding a professional certificationThe competitive advantage of holding a professional certification
The competitive advantage of holding a professional certification
 
Career Development Workshop
Career Development WorkshopCareer Development Workshop
Career Development Workshop
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills Cocktail
 
Research revealed on access control challenges for multinationals
Research revealed on access control challenges for multinationalsResearch revealed on access control challenges for multinationals
Research revealed on access control challenges for multinationals
 
Artificial Intelligence and Automation in Mobility Risk Management
Artificial Intelligence and Automation in Mobility Risk ManagementArtificial Intelligence and Automation in Mobility Risk Management
Artificial Intelligence and Automation in Mobility Risk Management
 
Your building is talking. Are you listening?
Your building is talking. Are you listening?Your building is talking. Are you listening?
Your building is talking. Are you listening?
 
Why a Unified Approach to Critical Event Management Improves Operational Resi...
Why a Unified Approach to Critical Event Management Improves Operational Resi...Why a Unified Approach to Critical Event Management Improves Operational Resi...
Why a Unified Approach to Critical Event Management Improves Operational Resi...
 
Data-driven crime prevention using AI
Data-driven crime prevention using AIData-driven crime prevention using AI
Data-driven crime prevention using AI
 
Case Study: Digitalization of Systems Brings Smarter Buildings
Case Study: Digitalization of Systems Brings Smarter BuildingsCase Study: Digitalization of Systems Brings Smarter Buildings
Case Study: Digitalization of Systems Brings Smarter Buildings
 

Recently uploaded

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 

Recently uploaded (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 

The weakest link in today’s physical security … and no, it’s not people

  • 1.
  • 2. The weakest link in today’s physical security … and no, it’s not people Bart Vansevenant Co-founder Ticto (now part of RightCrowd)
  • 3. ▪ Physical security is achieved by building hard perimeters. ▪ People cannot be trusted. Humans are the weakest link. ▪ Technical security controls are what we need. The more the better. The (implicit) assumptions we have been making
  • 4. ▪ 300k access cards still working but people no longer with company. ▪ More access levels than employees. ▪ Physical penetration test at Belgian bank. A few anecdotes … Our unconditional trust in technology creates a false sense of security
  • 5. So where do we go from here?
  • 6. ▪ 1995 – 2010: focus on building strong perimeter between the ‘bad’ Internet and the ‘trusted’ internal network – the golden era of the ‘firewall’ ▪ Realization that sole focus on perimeter protection did not solve the problems ; ▪ Shift towards more holistic and risk-based approach ▪ Still securing the network perimeter ▪ Also securing the internal network (databases, applications, end points) The cyber security analogy
  • 7. Introducing the next layer of security … Perimeter Control Access Control Point in time decision grant / deny Physical barriers protecting the facility Presence Control Continuous validation that everyone on site is right
  • 8. ▪ Use of active digital security credentials as opposed to current passive tags ▪ Smartphone app ▪ Security wearables ▪ Know for sure who that person is (strong authentication) and whether that person is allowed to be there (authorization) ▪ Know where each person is inside of a building (by zone) ▪ Allows for myriad of applications also beyond physical security ▪ Safety, logical security, social, convenience, health, building automation Presence Control Example of security wearable
  • 9. Restoring the balance People Technology Process Engaging people in security Automating access rules and workflows
  • 10. ▪ Physical security is achieved by building hard perimeters. New presence control solutions allow a combination of a 'hard outer perimeter' and less expensive and more flexible 'soft internal zones'. ▪ People cannot be trusted. Humans are the weakest link. Engage your people to spot potential security incidents. ▪ Technical security controls are what we need. The more the better. Ensure optimal use of existing controls by automating the rules and workflows that enforce your security policies. Conclusion
  • 11. Q & A