Attack the Attack Surface: Aegon's Global Information Security Strategy Implementation
Executive Sponsor: Steve Jenson, Global CISO
Project Team: More than 150 Security Profressionals were involved in delivering our Global Security Strategy. Leaders of the effort were:
Steve Jensen (Global Chief Information Security Officer), Chris Delaney (Senior Director, Infrastructure Security Services), Karen Hunt (Director, Data Security), Joyce Leek (Senior Director, Identity & Access Management), Tom Mooney (Director, Cloud Security), Paul Nickelson (Senior Director, Global Security Operations Center), Eric Svalstad (Global Tech and Corporate Center Information Security Officer), Rob Tourt (Transamerica Information Security Officer), Marijke Witteman (Director, Information Security Analytics), Jesus Gomez (Aegon Spain Information Security Officer), Tony Povoas (Aegon UK Information Security Officer), Herman Stoker (Aegon Asset Management Information Security Officer), Philip Wong (Aegon Asia Information Securty Officer)
Completed an ambitious 2-year, risk-based global Security Strategy implementation by focusing on our highest risk categories: External, Internal, Data and Unavailability of Systems and establishing a cross-organizational collaboration model.
Data Governance
Executive Sponsor: Elliott Franklin, CISO
Project Team: Rafal Baran (VP of Information Security Operations), Harlan Harris (IT Security Architect), Brianna Toney (Project Manager), Elliott Franklin (CISO)
As a backbone of cyber security and privacy programs, data governance allows for clear understanding of the key risk areas. The team has developed and implemented a data governance processes connected with the Data Loss Prevention controls across in-house data and information stored by third parties. This includes ownership of data, classification, encryption, and backups with DLP over web, hardware, and email.
I-Shield: Simplified Secure Access
Executive Sponsor: Swatantr Pal, Deputy CISO
Project Team: Asad Lambate (Assistant Vice President)
To adopt a risk-based approach to Identity and Access Management (IAM), ensuring the highest level of assurance for privileged users, simplify the process for non- privileged users and vigilantly monitoring user identity configurations and actions.