Addressing the weakest link: Implementing converged security

Reliance on technology presents one of the weakest links in contemporary organisational security, as certain threats can fall into the functional gaps between physical and information technology (IT) security departments. These can be described as 'converged threats' when an IT-based attack delivers an impact, such as a virus attack that halts the operation of critical infrastructure, or a physical attack on a system that compromises the security of data, such as an intruder or dishonest employee installing devices on computers to enable the stealing of electronic data. The aim of this article is to present and reflect on a converged approach to organisational security risk management as a means of addressing blended threats. We discuss this idea of converged security in the context of wider trends towards enterprise-wide approaches to risk management, and present a model demonstrating how converged security can be undertaken without a fundamental restructuring of these two key functions.