Announcement

Collapse
No announcement yet.

IP Surveillance Ownership

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Surveillance Ownership

    We have a number of networked DVR's which for the most part support IP cameras, although there are still a few analog cameras connected via mux's. Some are vendor appliances/servers and others have the software installed on corporate servers. My feeling is ownership should reside with the I.T. department. Others feel that Maintenance and/or Security should own it. I hesitate to go that way due to their lack of I.T. and IP knowledge. Any thoughts?

    I appreciate everyone's replies. I must clarify though that our Security department is comprised of city police officers and hospital security staff, of which neither has a technical background. Most are lucky to just understand how to navigate the client software which gives them access to the cameras and the ability to search recorded images. That is the reason that I hesitate to open up access to admin functions to those who clearly do not understand the issues with bandwidth, IP, licensing, etc. I agree that there needs to be cooperation, but at this time, feel that control needs to remain with those who truly understand it. What makes this even more of a mess is that I am in neither department, although I have 20 years in the IT world, but still managed to find this on my plate.
    Last edited by thaze; 01-06-2009, 08:41 AM. Reason: Further clarification

  • #2
    Originally posted by thaze View Post
    We have a number of networked DVR's which for the most part support IP cameras, although there are still a few analog cameras connected via mux's. Some are vendor appliances/servers and others have the software installed on corporate servers. My feeling is ownership should reside with the I.T. department. Others feel that Maintenance and/or Security should own it. I hesitate to go that way due to their lack of I.T. and IP knowledge. Any thoughts?
    Dual ownership between IT and Security. IT has the knowledge and training to maintain the server hardware, wiring, software, etc., while Security has it for the cameras, MUXs, DVRs, and usage.

    The departments are just going to have to learn to work together.
    "I don't do judgment. Just retrieval."

    "The true triumph of reason is that it enables us to get along with those who do not possess it."

    Comment


    • #3
      I agree with Darkenna. Most installations that use IP cameras and NVR's ussualy let the IT department handle JUST the networking and adressing issues while a security department works on the NVR's,cameras and other hardware.

      Comment


      • #4
        As soon as the IT department understands proper camera placement, lighting, lenses, criminal psychology, CPTED theory, and housings, they can claim ownership of the cameras and the DVRs.

        Of course, Security is in the dark when it comes to switches and servers and whatnot. Security and IT needs to work together on any CCTV project.

        In the future, IT will own CCTV project, because in the future the camera guy will be specialized version of a networking technician, just as in the past the alarm guy was a specialized type of electrician. But that day is not here yet.
        The CCTV Blog.

        "Expert" is something like "leader". It's not a title that you can ever claim for yourself no matter what you might know or might have done. It's a title that others bestow on you based on their assessment of what you know and what you have done.

        -SecTrainer

        Comment


        • #5
          As Darkenna said, they need to work together. And really, all that needs to be done is the IT dept approve the networking specs of the cameras. Then give the security tech the info they need, typically IP, Subnet Mask and Gateway; and security tell them the general area they are locating it, so they can decide together where the cable is going. There may even be reasons for IT not to know the exact location of the camera.

          From a true security standpoint, it's not a bad idea to keep IT security and physical security (including access control and cctv) separate. Kind of like the 2 man rule.
          sigpic
          Rocket Science
          Making everything else look simple, since 1958.


          http://my.opera.com/integrator/blog/
          One Man's Opinion

          The Future. It isn't what it used to be.

          Comment


          • #6
            "Ownership" is an unfortunately vague term that has been popularized in the more general "touchy-feely" school of management where employees "own" their jobs, etc. and it was exceedingly unfortunate when this vague notion spilled over into corporate information systems.

            What made this worse was that there was already a specific concept of "ownership" in the IT world (for instance, file and other resource ownership) that hasn't always played well with the various organizational notions of "ownership". Now, the term can mean anything from "full authority to evaluate, select, commission and decommission major information assets" down to merely "the right to create an entry in the accounting database" or "the ownership of my email account". There are so many different meanings that the word really means nothing at all without some sort of explanatory context.

            Ultimately, of course, there is only one "owner" of information (and other) corporate assets - i.e., the executive. One of his duties is to clearly delegate and distribute his ownership prerogatives - meaning, responsibilities and corresponding authority - so that there is as little overlap and as little confusion as possible about who is responsible for what. This is done by means of formal policies - not "ad hoc".

            In delegation, the implied condition is that the different units will cooperate with one another in exercising their delegated "ownership" prerogatives and in resolving whatever minor conflicts may arise, and the corrollary expectation that unresolvable conflicts will be elevated to the next higher decision level, rather than units struggling with one another for "ownership". These implied expectations are necessary because no matter how carefully ownership is delegated, there will always be some "nondelegated space" being discovered where such struggles can arise due to a lack of clear delegation.

            Cooperation does not mean "co-ownership", however. Nothing could be worse, because "co-ownership" provides no practical means of resolving disputes, especially in the "nondelegated space". When Security says "we need 100 Mbps of bandwidth" and IT says "You can't have it", or when Accounting says "We need priority on the wire because we're losing transactions in the server" and Security says "the access control system needs priority because employees are complaining about entry delays" there must either be cooperation to resolve the issue or the conflict must be elevated to the next decision level and, if necessary, on up to the ultimate owner (or usually his designee, the CIO/COO).

            If "ownership" is to mean anything at all, it can only mean something in the context of the formal flow of authority and responsibility from the executive. In situations where questions like the OP raised exist, it's a pretty sure sign that the delegation of the real owner's authority has not been properly implemented or that we have a "nondelegated space" struggle for control that should be taken to the next level and resolved. The reasons this is so important are:

            1. A "nondelegated space" has been identified and requires delegation. Only someone with authority to delegate can do so.

            2. ...OR, confusion exists in the "delegated space" and should be clarified. Again, only someone with such authority can do so.

            3. Unresolved struggles among units over asset control are exceedingly damaging to the organization in a variety of ways. The authority to resolve such conflicts obviously cannot rest with either of the units themselves.

            4. There may be other issues involved - perhaps involving other business units - that neither of the struggling units knows (or cares) about.

            5. Units cannot be permitted to simply usurp or preempt ownership authority "by default", as a fundamental principle of good management.

            Bottom line: Don't speculate about who owns what (or should own what). Take it straight to the level that is authorized to make such decisions for clarification.
            Last edited by SecTrainer; 01-06-2009, 07:59 AM.
            "Every betrayal begins with trust." - Brian Jacques

            "I can't predict the future, but I know that it'll be very weird." - Anonymous

            "There is nothing new under the sun." - Ecclesiastes 1:9

            "History, with all its volumes vast, hath but one page." - Lord Byron

            Comment


            • #7
              IT department vs. security department

              I am an information security guru that is delving into the world of physical security and the issues of security guards. My new interest area is the merger of these two communities. You will need to get I.Y. engaged and one way might be to approach the issue as security guards that are users of the CCTV system. As users, I.T. supports you; just as I.T. supports the executives. I would start discussions as a user community that I.T. needs to support. That is the vocabulary that I.T. will understand.

              David Sweigert. CISSP, CISA, PMP

              Comment

              300x250

              Collapse

              Mid 300x250

              Collapse

              Taboola

              Collapse

              Super Leaderboard

              Collapse
              Working...
              X