Content

Structure and infrastructure

Interdisciplinary study has always been a focus in information assurance (IA) curriculum. Combining computer science with criminal justice, psychology, programming, policy and security is the sign of a solid IA program.

This semester I have been looking at information security aspects of building information modeling (BIM). BIM is a way of designing buildings with a specific slant to addressing the needs of the architects, owners, construction contractor, subcontractors, engineers, surveyors and others involved in the design and construction process. The CAD software used to manage the total building model and process can aid in the construction of homes, large office buildings, and a host of other structures. Great idea? Absolutely.

When looking at this integrated project concept, my first concerns are as follows: With all of this information and all of these players involved, who is securing the system and the data? Is there someone who is going to be guiding the process from an information assurance standpoint?

The dilemma for BIM and information security is the multitude of people who are using, changing and transmitting the data. There are also implications in the BIM model for physical security. These include homeland security implications, as BIM software can be used for military or government buildings that may need additional structural requirements.

When we teach IA professionals in our programs, they should be made aware of this important opportunity for information security in a large and multi-faceted environment. BIM has the potential to have a big impact on IA and we should make our students aware of data, as well as the stakeholder roles. After all, information security is a people issue.

As standards for the BIM concept and implementation are solidified and the major players come together to implement structural models, the massive amounts of data involved needs to be protected.

Other IA issues of BIM are sure to emerge and I certainly look forward to further investigating the information security aspects of this fast-growing building development method.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.