The security industry has accumulated vast amounts of data , much of it within the sort of experience. This sometimes-sensitive information is that the glue that holds our profession together and protects our clients. This information has prevented countless tragedies, defended businesses and schools from disaster, secured our nation and saved innumerable lives.
We need to share this data to propagate the continued evolution of the safety industry; however, it might be in our greatest interests to guard this information the simplest we will , from getting freely into the hands of those who can use it to harm others. We cannot assume that simply because the solution to any question lives online that we don’t have to be vigilant and protect the knowledge we’ve . Breakthroughs and advancements in security emerge a day , and there’s no better time than now to start out being careful with the safety information we share with others.
While recently researching information on access control systems online, specifically card access, I stumbled across multiple videos that instruct people on the way to defeat these systems. I watched videos on the way to alter current technology to realize door access, the way to steal wireless credentials from unaware individuals and even where to get devices that are wont to activate card readers. People experimenting and trying to crack card access technology uploaded a number of these videos, but what blew me away was the amount of videos uploaded by security professionals, either who belong to a security organization, or who were invited to a security organizational event and videoed a seminar. I learned tons from these videos, but who else learned with me? Perhaps the knowledge we release is what we are defending our clients against.
There is no thanks to keep unwanted eyes faraway from the safety industry, but it should be our duty as professionals, hired to guard life and assets, to not advertise those details that keep our facilities safe. this is often one among the good benefits of joining knowledgeable security organization or group. this is often the right place to exchange that kind of data through meetings, seminars and conferences. The groups that hold these sorts of conferences should work diligently in ensuring that only credentialed security personnel attend these meetings. Universities also offer an excellent environment to find out cutting-edge security technology. this is often where we learn and share the secrets of our profession.
As a security professional, you’d not offer the PIN to the front entrance or the mixture to a lockbox to anyone who asked. Likewise, when it involves security, the primary thing we should always secure is that the information we use to guard our assets. an honest security professional knows the vulnerabilities within the security systems they maintain and will not share this information with just anyone. that’s what we do once we publicize the “how to’s” of our security. We are sharing the weaknesses, not only to the systems we are liable for except for the systems other security professionals are liable for also . Not only are we sharing current weaknesses, but we also are inadvertently creating new ones.
I will soon be attending yet one more conference and expo. Security vendors will fill stage , and there’ll be breakout sessions for specific security topics. Discussions will include security vulnerabilities, the newest and greatest door locking hardware, and lots of other cool security gadgets. Anyone can check in and anyone can enter the conference.
A few simple measures can help:
Practice need-to-know. Only share security-related information with those that got to know.
Practice compartmentalization. For larger security entities, don’t permit everyone to understand everything about the operation.
Employ the utilization of Non-disclosure Statements. People will realize you’re serious about your security information if they need to sign a legally binding agreement.
Be sure those in your audience are within the security profession. If you’re getting to speak at a security event about detailed information regarding security vulnerabilities and mitigation, make certain those within the audience are security professionals.
Know the difference between general security information the general public should know and knowledge that’s specific to your technology and your processes.
Ensure there are effective security policies in situ to guard important security information.