FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
The weakest link in today’s physical security … and no, it’s not people
1.
2. The weakest link in today’s physical security
… and no, it’s not people
Bart Vansevenant
Co-founder Ticto (now part of RightCrowd)
3. ▪ Physical security is achieved by building hard perimeters.
▪ People cannot be trusted. Humans are the weakest link.
▪ Technical security controls are what we need. The more the better.
The (implicit) assumptions we have been making
4. ▪ 300k access cards still working but people no longer with company.
▪ More access levels than employees.
▪ Physical penetration test at Belgian bank.
A few anecdotes …
Our unconditional trust in technology
creates a false sense of security
6. ▪ 1995 – 2010: focus on building strong perimeter between the ‘bad’ Internet and the ‘trusted’ internal
network – the golden era of the ‘firewall’
▪ Realization that sole focus on perimeter protection did not solve the problems ;
▪ Shift towards more holistic and risk-based approach
▪ Still securing the network perimeter
▪ Also securing the internal network (databases, applications, end points)
The cyber security analogy
7. Introducing the next layer of security …
Perimeter Control
Access Control
Point in time decision
grant / deny
Physical barriers
protecting the facility
Presence Control
Continuous validation that
everyone on site is right
8. ▪ Use of active digital security credentials as opposed to current passive tags
▪ Smartphone app
▪ Security wearables
▪ Know for sure who that person is (strong authentication) and whether that
person is allowed to be there (authorization)
▪ Know where each person is inside of a building (by zone)
▪ Allows for myriad of applications also beyond physical security
▪ Safety, logical security, social, convenience, health, building automation
Presence Control
Example of security wearable
10. ▪ Physical security is achieved by building hard perimeters.
New presence control solutions allow a combination of a 'hard outer perimeter' and less expensive
and more flexible 'soft internal zones'.
▪ People cannot be trusted. Humans are the weakest link.
Engage your people to spot potential security incidents.
▪ Technical security controls are what we need. The more the better.
Ensure optimal use of existing controls by automating the rules and workflows that enforce your
security policies.
Conclusion