Security convergence: Building the evidence base
By Emma Boakes, University of Portsmouth
Emma’s PhD at the University of Portsmouth focuses on how teams responsible for physical, cyber and personnel security work together in organisations to identify and mitigate vulnerabilities to security. Previously, Emma worked in industry, looking at how the design of systems impacts the behaviours and performance of people.
The boundary between cyber security and physical security is increasingly blurred. Organisations can no longer look at security vulnerabilities from just one perspective, and they need to adopt a more holistic approach to mitigate threats. Convergence, where security resources are integrated within an organisation, has been suggested as one way of achieving this. There is, however, very little published empirical research investigating convergence, with most literature based on experiential accounts of the approach. It is, therefore, questionable whether organisations seeking to adopt convergence have enough detailed, evidence based information to facilitate such a move.
This presentation will outline the process of identifying key factors that facilitate effective adoption of a converged approach. Key factors were identified from a thematic analysis of five in-depth interviews with security professionals, and from a rapid review of the literature using a concept synthesis. These lists were combined and put to an expert panel of twenty-three security professionals in a three round Delphi study. The key factors indicate the range of areas organisations need to consider when looking to adopt a converged approach, including organisational structure, leadership, engagement, communication and attitude. This presentation will share the findings from the first round of the Delphi study, which is currently underway. The first round of the study will highlight which key factors the expert panel has reached a consensus on, in terms of how important they are to effective convergence.
This research starts to build an evidence base for the converged approach by gathering together knowledge on convergence from the security industry, from both the experiential literature and the findings from primary research. Consequently, this research provides an empirical underpinning to convergence that has been missing from the literature to date.