What the heck is PSIM anyway?


The security industry loves its acronyms and one of the most talked about acronyms in recent years has been PSIM, Physical Security Information Management system (or software). I think Steve Hunt was given credit a few years ago, by SSN anyway, for coming up with that particular acronym.

Today, IMS Research released a report about PSIM software, in which they define the acronym and, further,  forecast that "the world market for PSIM software will be worth around $200 million" by 2014.

IMS analyst Gary Wong said that the lack of an agreed-upon definition of PSIM has affected the growth of the PSIM market thus far. "The low awareness of what PSIM software is and its capabilities is a key limiting factor in the initial growth of the market," he's quoted as saying.

IMS Research staff contacted major vendors to help them define PSIM,  and they came up with seven criteria that they believe a software platform must meet in order to be considered a true PSIM.

Complete with some wacky British English spelling, here's the list from their press release:

1) Connectivity and Integration: A PSIM software platform must connect and manage multiple disparate security systems, examples include (but are not limited to) video surveillance, access control, intrusion, fire and life safety, perimeter protection, mass notification and building automation. The PSIM platform should be capable of integration with other business systems within a corporate IT-infrastructure such as ERP systems, data warehouses, provisioning systems, etc. The PSIM platform should be open, therefore hardware and vendor agnostic, and capable of connecting to any input sensors and external applications.

2) Real Time Policy / Configuration Management: A PSIM software platform must be able to define and change policies and parameters related to various connected devices in the underlying subsystems (such as access control, video, etc.).

3) Correlation and Verification: A PSIM software platform must be able to automatically connect and cross-reference multiple events from multiple disparate security systems in real-time and give the ability to flexibly set rules.

4) Visualisation: A PSIM software platform must be able to visualise the actual situation independently from active events. In case of an event, the PSIM platform must be able to graphically display situational information in a manner that provides responders with a picture of the nature of the event, the location and the scope of the threat it presents. It must be able to integrate real world information as a geo-spatial representation.

5) A Rules-based Workflow for Response: A PSIM software platform must be able to immediately offer a step-by-step action plan, based on pre-determined rules and policies, to respond, manage/counter the threat and control response operations. The rules based workflow should be sufficiently complex as to adapt to escalating situations.

6) Availability / Resilience: A PSIM software platform must have capability for redundant functionality (e.g. servers, communication gateways and databases) to support continuity of business and disaster recovery. This includes the ability to integrate backup systems to automate transfer of control room capabilities. It must be able to watch and monitor the functionality and integrity of the underlying subsystems and detect possible threats on the network.

7) Post-Event Reporting and Analysis: A PSIM software platform must provide an audit log that allows for post-event forensic review detailing the event situation and the action taken. It must be capable of developing customised reports that allow for analysis of multiple events in order to optimise policies and response.

IMS's Wong notes that products such as VMS and ACS software, which meet some, but not all, of the criteria above, are not considered to be PSIM for the purposes of the report. So, while IMS projects the PSIM market will be worth $200 million by 2014, "the combined global market for VMS and ACS will exceed $1 billion by 2014 ... It is important to note that IMS Research has measured the market in terms of PSIM software license revenue; if services, maintenance, design and consulting revenues were added, it is conceivable that the market for PSIM software would exceed $1 billiion by 2014."

IMS Research said: "The foundation of the [PSIM] definition should be credited to Steven Titch and Sharon J. Watson of SecuritySquared magazine."

Here's a link to the press release.




Good topic and good question.

OK, so when Steve put the acronym together he identified the opportunity (good thing to do) to leverage the information that results from the transactions, alarms, administration, images and the audit trail in security and related facility and physical systems. This opportunity is one that has resulted in a number of products developing functionality and solutions to address this. Many of them providing value by using this information.

That not withstanding the definitions here raise more questions. Some of them might be:

Is this an independent market or part of a larger command and control or other market? Another take could be that enterprise analytics might be an example of PSIM up a level.

Is PSIM a bridge until a more overarching capability comes to bear or until some of these other systems move up the food chain?

Unless you are putting together a market study with this title do you need a definition in the first place? Or should you be trying to place these solutions in context.

How did you manage to leave out SCADA and include building automation? Stuxnet showed that programmable logic controllers belong under some monitoring domain (at least at Iranian centrifuges..)

How can an enterprise solution not take into account the requirements around logical transactions? Is this just because some of this other "stuff" currently does not allows SNMP and can't easily be incorporated into existing security information and event management (SIEM). I haven't seen the report but SIEM and PSIM are pretty close (as it is to other categories). The same is true for most of the network monitoring infrastructure.

How do you do real time policy? Isn't this the case of events correlating to existing policy?

Redux first question. Aren't some of these things part of other markets categories and where is the overlap? As an example governance, risk management and compliance (GRC) sits in the middle of a lot of this, so back to the point about whether or not this is a market.

Thanks for the article and the opportunity to comment. And apologies for raising questions that may be addressed in the report.