Physical and Cyber Security Leaders Collaborate to Promote Industry-Wide Security Management

CA, Gemplus, HID and Tyco Fire & Security's Software House Lead Initiative To Define Best Practices And Deliver Open Security Management Specifications

SAN FRANCISCO, April 14, 2003 -- RSA Conference -- Four leading security solutions providers today announced the formation of the Open Security Exchange, a collaborative group that is defining best practices and promoting vendor-neutral specifications for integrating the management of security devices and policies across the enterprise. By promoting more effective exchange of enterprise-wide security data, the Open Security Exchange will enable organizations to significantly reduce both their exposure to a diverse range of threats and their total operation costs.

Initially, the Open Security Exchange will focus on the integration of physical and cyber security technologies. Lack of assimilation between these two primary aspects of enterprise security is perhaps the most glaring example of how security management remains fragmented at most organizations today.

Founding members of the Open Security Exchange are leaders in cyber and physical security: Computer Associates International, Inc. (CA), the leading provider of security management software; Gemplus, the world's leading provider of smart card solutions; HID Corporation, the largest manufacturer of contactless access control readers and cards for the security industry; and Tyco Fire & Security's Software House, a leading provider of integrated physical security management systems.

"Most corporate security managers wouldn't dream of having separate security systems for their Windows and UNIX servers. Yet they often have no linkage between their building security systems and their cyber security systems," said Russell M. Artzt, executive vice president of CA's eTrust security brand. "The Open Security Exchange is committed to remedying this situation by delivering an interoperability specification to support the effective integration of these diverse areas of security management."

According to a recent research report by Pinkerton Consulting and Investigations, only 36% percent of all companies surveyed have formal procedures in place for the collaboration between the physical and cyber security departments. The lack of security management results in increased exposure, limited situational awareness, poor accountability and higher operating costs. The Open Security Exchange believes that the interoperability resulting from the use of its specifications will allow organizations to develop formal collaboration between different security functions and will enhance organizational security and operational efficiency.

The Open Security Exchange's initial specifications for physical and cyber security management convergence, which are available at, provide technical integration on three levels:

-- Common administration of users, privileges and credentials.

-- Common strong authentication for access to physical facilities and cyber systems through the use of dual-purpose credentials.

-- Common point of security management and event auditability.

This convergence will eliminate many of the risks created by separate physical and cyber security management. For example, without physical/cyber security integration, security teams cannot readily determine if someone is trying to use a computer system while its owner is not physically present in the building. This leaves organizations vulnerable to insider abuse including password stealing.

BAE SYSTEMS North America, one of the top 10 suppliers to the U.S. Department of Defense, has joined the Open Security Exchange as a contributing member.

"BAE SYSTEMS works closely with international customers in the defense industry -- as well as in civil aircraft and other commercial markets -- to design solid security management infrastructures that effectively protect their physical and IT assets," said Richard R. Schieffelin, BAE SYSTEMS vice president, National Systems Group. "The Open Security Exchange delivers the industry's first practical guidelines for the complex systems-integration required for truly holistic organizational security management."

About the Open Security Exchange

The Open Security Exchange was founded by Computer Associates International, Inc. (, Gemplus (, HID Corporation ( and Tyco Fire & Security's Software House ( to address today's most significant security management challenges. The Open Security Exchange does this by developing vendor-neutral interoperability specifications and defining best practices guidelines. The first technical specifications issued by the Open Security Exchange address interoperability between physical and cyber security technologies. Membership in the Open Security Exchange is open to all qualified organizations. For more information, please visit

All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

SOURCE Open Security Exchange

Web Site: