Ver Suplemento Temático...


Seguridad de la Información y Protección de Datos.

 

Revista de Prensa: Artículos

lunes, 6 de julio de 2015

Understanding Physical Security Information Management Systems (PSIMs)

William Plante
Security Executive Council Emeritus Faculty member


Q. I have noticed a good deal of talk on social media about PSIMs.  Can you give me some insight on what a PSIM is, what is involved in implementing this system in my organization and what are some of the benefits and costs? 

A. Many corporations over the past several years have made – or are preparing to make – a significant investment in a PSIM. PSIMs fill a very important gap by bridging security systems, other enterprise systems, information correlation and operator interactions together under one unified platform. Among other things, PSIMs help drive compliance adherence, operational efficiencies and effectiveness and an overall risk mitigation management through improved company “Common Operating Picture” awareness. However, you should understand that PSIMs are not a panacea for everything that ails within the organization, and they are not cheap to acquire and maintain. There can be some fundamental problems with organizations considering a PSIM implementation right from the beginning. Consider the following.

A recent report from Research and Markets/TechNavio indicates a 7.22% Compound Annual Growth Rate (CAGR) through 2019 based on projected growth from $3.6 billion to $4.9 billion. Others have the growth even higher. In 2014 IHS pegged it to be considerably smaller but with a higher CAGR. So, market researchers have defined the PSIM market with a wide spread in vendors, product definition, revenues and growth based on how they defined the market. And that is a fundamental problem with PSIMs. One article, A Broader Market is Embracing PSIM, asked three different manufacturers to define a PSIM. All three had different but relevant answers.  Indeed, I have my own perspective about what a PSIM is and when to consider one.

The main thing any organization considering a PSIM should NOT do is look at the PSIM market and vendors. It’s been my experience that companies can either focus too quickly on a vendor product because it looks “sexy” (I worked with one buyer who wanted sexy), or focus too narrowly on an immediate fix to a problem without thinking about the broader needs that are less pressing at the moment. Both approaches frequently end up creating function and/or integration problems later on. I would recommend that you consider the following approach.

Vision Development: Undertake a series of activities to develop and solidify the concept of what the organization needs based on what it is attempting to solve. Defining what needs to be solved and how with an objective process is critical to getting a solution correctly defined.

Strategy Development: Undertake a series of strategy sessions to identify a range of options. Then, narrow down to a preferred one based on any given set of criteria that you have developed. It demonstrates due diligence in the process and (hopefully) avoids costly decisions that may need to be reversed later. This stage can include cost modeling such as return on investment and operational/technical efficiencies to be gained. It forms the basis for a capital and operating expense budget and the business case for the proposed solution.

Scope of Work (SOW) Development: Begin with the development of a SOW. I approach this by developing a series of phases and steps that inventories and baselines all current systems, processes and people; defines the integration effects to be designed for; an implementation plan; and proposes the diligence process to identify and select a PSIM vendor.

Business Case Development: Sometimes the business case fits with the strategy for development, but some organizations want a well-developed SOW before they undergo the review and acceptance process.  It looks different for many organizations but there are a few key components that definitely should be included, e.g., vision, strategy/options with primary option recommended, key assumptions, objectives, cost modeling including capital and operating budget, efficiencies/ROI and other business case items. In particular, the objectives can be lengthy. I like to have no more than a dozen that include the objective and the intended result.

In my experience, all PSIM projects are different but there are a few essential commonalities that should be adhered to, e.g., the concept and strategy development, the scope of work development and the means by which the organization gets acceptance and buy-off of the project. The best PSIM implementations I’ve seen have started with a vision and strategy that didn’t start off with a PSIM in mind.

Esta noticia ha sido vista por 511 personas.