Today we are going to briefly discuss politics. Don’t worry, I won’t ask you to show me your NRA membership card, or to discuss why the Democrats are running the country into the ground or why the Republicans only care about $ and helping the rich. Most Americans have become largely desensitized to these type of debates, as year after year, election after election, we seem to be getting the same old, same old from both sides of the aisle.
Here we will delve into the exciting world of Office Politics. Most companies, weather large or small are at least to some extent political in nature. Since the Security of a company is so important, it should come as no surprise that the Security Team, especially at the Executive or root level is also political.
Who should handle Physical Security? The Security Team? Building Operations? This is one of those areas where internal politics plays a role. Frankly from a pure security perspective it would be best, in my opinion, there are other opinions which are just as valid, for the security team to also handle physical security. If the Cyber Security Team also handles Physical Security ultimately, we will control all the security of the company so that you will have consistency in the decisions made as the management of both teams will be the same and you will have accountability at a single point.
Most if not all Security Teams I have worked on however are severely understaffed. So, in fact as a matter of practicality they will try to shift this over to the Building Operations Team to handle, as they more closely work with building facilities in terms of issuing access badges, fixing doors when they break, troubleshooting with the vendor the biometrics system, etc.
At the end of the day Information Security Professionals want what’s best for the company and any decision is fine if the role of each team is clearly defined, and it’s made clear by upper management what the responsibilities and accountabilities are for each key team member.