The Security Industry Association recently partnered with the ASIS Foundation and the Building Owners and Managers Association (BOMA) International to release groundbreaking, first-of-its-kind guidance for practitioners in the security and building management fields. Intelligent Building Management Systems (IBMS): Guidance for Protecting Organizations provides a framework to help decision makers assign a risk-based criticality or impact to their building and asks relevant security questions to develop appropriate mitigation strategies. It also serves to establish a common language between the many intelligent building stakeholders.
The IBMS mitigation guidance defines and provides examples of IBMS and vulnerabilities. Additionally, the resource identifies and mitigates IBMS risks through a facility level checklist. The security questions answered are dependent on the risk level of the facility. Questions are divided into criticality levels, from level 1 (low) to level 5 (critical). To use the IBMS guidance, follow these steps:
- Identify your organizational criticality level
- Respond to the IBMS security questions for your identified criticality level
- Check off compliance with each question
- Where compliance is not achieved, define a responsible person and date of action
These parameters and the rest of the guidance are based on original research, Building Automation & Control Systems: An Investigation into Vulnerabilities, Current Practice and Security Management Best Practice, by David J. Brooks, Michael Coole and Paul Haskell-Dowland of Edith Cowan University in Perth, Australia. The research provides an exhaustive overview of identified intelligent building critical vulnerabilities and mitigation strategies.