IT security experts have something to contribute to the physical security information management (PSIM) discussion
When evaluating a PSIM (physical security information management) software solution, focus on output not input. Garbage in, garbage out. That’s one of the suggestions from Greg Shipley and his Neohapsis colleagues in their November 10 Information Week article. Well, Greg and his team were writing about IT vulnerability management, but the principle applies to physical security and critical infrastructure protection as well. Keys to PSIM success which we can infer from the Neohapsis article?
- Integrate data sources with workflow, display and reporting. That means actively managing the quality of the data being aggregated and being sure that the correct policies are governing the influx of data. “Is this data source producing data normally? Is the data relevant right now? Is the data reflecting some larger situation?
- Prioritize both the data and the people and groups who need to know about it. Some data matters more to the incident response team than other, but some matters more to business units. Creating policies and organizing data into actionable recommendation for a variety of people and groups makes the difference between a PSIM solution with a pretty user interface and a solution that cuts operations costs and speeds security response.
- Refine policies continually. Reducing false positives and improving response rely on accurate correlation and interpretation of data. Put a process in place to review the rules and policies governing how data is imported and interpreted.
As the HuntBI team evaluates PSIM solutions this Winter, we will be looking closely at solutions that “feed the machine” with the highest quality security data.