Security Convergence Audit

Recently recognised as a weak link in many organisations, our expert partners bridge the gap between physical security devices and the computer systems and networks on which they are increasingly reliant, providing a comprehensive audit of both areas

Many companies are seeing the benefits of converging their historically separate physical and  electronic security departments, but with those benefits there are also potential risks. Staff well  versed in physical security technologies are unlikely to have the same depth of knowledge of IT security, and vice-versa. This can lead to grey areas or blind-spots, particularly where technologies literally converge, and an element of IT is being used to control a physical security system, such as a door entry access controller or a network enabled alarm system etc.

IT Security audits have been available for many years, including Penetration Testing or “Pen-Testing” for short, but up until now there has been little attention paid to the very real threat of data compromise through theft of equipment or unauthorised physical access to data centres or office networks. This audit addresses these issues by taking a view of the business as a whole, and looking not only at each individual component, but also at each point of intersection or interaction in order to identify potential weaknesses or misconfigurations.

Companies that have not yet converged or are not planning to do so will also benefit from the full physical security component of this audit.

● Create a snapshot of your current physical security status
● Identify elements that intersect with or depend on IT services
● Identify elements that use electronic security components
● Identify elements that use physical security only
● Identify roles, responsibilities and processes
● Attempt to compromise IT components
● Attempt to compromise electronic components
● Attempt to compromise physical components
● Document findings in comprehensive report

● Find and correct weaknesses before loss or intrusion
● In-depth customised testing tailored to your site(s)
● Knowledge transfer of tools & techniques
● Raise awareness of IT issues within Physical Security groups
● Raise awareness of Physical Security issues within IT groups
● Ensure all security responsibilities have been correctly designated
● Confidential service
● Security Cleared individuals available if required

● Audit Executive Summary
● Audit Detailed Technical Report

© Computer Network Defence Limited 2019