Sun Sep 14 19:45:53 PDT 2014

Technology: Physical/Logical Nexus: How do physical and logical controls interact and integrate?


Options:

Option 1: No interaction between physical and logical controls exist.
Option 2: Physical controls feed into logical controls.
Option 3: Logical controls feed into physical controls.
Option 4: Logical and physical controls are bidirectionally integrated.


Basis:

No interaction between physical and logical controls exist.
Integration of physical and logical controls eliminates the separation of duties between these otherwise independent systems thus causing risk aggregation and the potential for common mode failure as well as individual attacks bypassing both sets of controls. Operating these controls jointly also requires sophisticated management infrastructure and supporting customization and integration efforts.

Physical controls feed into logical controls.
Many physical control systems provide feeds that can be used for logical controls if the enterprise4 wishes to integrate those controls. To the extent that this is directly available, it is quite helpful to, for example, prevent logical access to high consequence systems when physical presence is required and not determined by the physical system to be the case. If a user is physically badged into a facility in another city, it is not reasonable to allow them console access at a different location in most cases.

Logical controls feed into physical controls.
In some cases, logical controls are made available to physical security operations so that physical responses are available in case of a detection or other related issue. In these cases, the logical alerts typically trigger physical alerts that associate locations with access and allow physical teams to identify the individual, gather surveillance and other evidence, and constrain the individual.

Logical and physical controls are bidirectionally integrated.
In many cases, some amount of information passes in both directions between the physical and logical systems, allowing more integrated and faster incident detection, and response. As long as this integration is carefully done it can be highly effective, however; it takes considerable expertise and internal resources today because integration is still in early adoption.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved