The Elsag Datamat approach for postal industry security management needs
For postal industry security managers that want to preserve value by governing all postal security concerns with a mature approach, Elsag Datamat offers a unique portfolio in terms of consultancy services, systems and products based on competences matured both in security and postal markets.
Today Elsag Datamat is in fact, at the same time:
- the Italian center of excellence for physical, logical and communication network security,
- an international leader in automatic sorting systems for letters and flats, OCR and coding infrastructures, advanced postal logistics systems and turn key plants.
After the anthrax attacks of October 2001 in US security is always near the top of the agenda in all postal administrations. However today security objectives list to reduce the overall risk has increased with new topics. In fact, besides the following:
- physical security (including safety) of postal employees and building/facility occupants,
- physical security of the postal pipeline,
a very important newcomer, due to digital technology advance (especially toward IP-enabled applications), is:
Postal Security Integration Challenge
- physical and logical security solutions (better) integration.
Today main challenge in postal security scenario is the logical and physical security assets integration. This means:
- achieve a single security governance framework,
- analyze and understand security-related cost-benefit trade-offs,
- reduce the overall risk.
For example physical access control has similar characteristics to IT systems/applications access:
1. you need to identify a person,
2. you need to grant them access to buildings and rooms, systems and databases, which may be different
levels of access (i.e. according on a Role Based Access Control policy).
3. you then need the person to carry a token or know passwords
So the move towards "logical and physical security integration" simply means to manage:
Postal security critical elements
- one set of processes and procedures,
- one database,
- one password
- and, finally, one (unified) Security Operation & Control Center.
The basic measures of physical access control and surveillance are what most postal industries are using as the core of their security in fixed premises and, in many cases, with different technologies/vendors and low-skilled personnel. Today a complete definition of postal security mission could be "the protection of the personnel, mail, assets and services from criminal, malicious or terrorist threats, thefts and abuses, perpetrated by third parties or employees".
As we stated before, the scopes of postal security must be both physical and logical; in particular the scope of physical security has to include:
- mail processing premises (sorting centres, acceptance and delivery offices),
- vehicles carrying mail (collection, delivery),
- retail premises (post offices)
- other premises (head office, IT centers)
The scope of logical security could be divided into two areas too:
- postal IT applications
- critical IT systems (servers, data storage systems)
- data communication networks (IP systems, wired and wireless)
What we can do
- Financial/money transactions,
- Accounting data
- Tracking databases,
- Large Mailer data,
- Other critical data.
Elsag Datamat faces global risk reduction need following its proven Securbusiness solution path:
Postal Securbusiness "starting point"
- Consulting: professional services for risk assessment and business security intelligence (large mailer revenue protection and tracking database investigation).
- Products: ICT security products (network and workstation protection), video surveillance, identity and access control, fixed and mobile license plate systems.
- System Integration: third party and proprietary systems integration with a homogeneous centralized management platform.
- Managed Services: Security Operation Centre infrastructure for postal security architectures outsourcing services.
- Certification Support: support for security systems compliance assessment based to international standards or internal regulations.
MIGRA (Integrated corporate risk management methodology) is a uniquely innovative web-based application for integrated risk assessment of both corporate information (data) and tangible (physical) assets, using a proprietary risk analysis methodology applied in many successful works for large organizations.