Traveling ISAAC (Information Security Action Awareness Character
Executive Sponsor: Ken Kilby, Corporate Information Security Officer, BB&T
Project Team: Richard Langford, Brett Parker, Christine Kenly
BB&T developed a campaign to increase awareness of information security practices. Die -cut posters of our Information Security mascot were sent throughout the enterprise to represent Corporate Information Security. The posters included instructions to discuss information security and/or visit Information Security on the company’s intranet.
DoD Cyberscope Enterprise Reporting Service
Executive Sponsor: Alice Fakir, Senior Associate, Booz Allen Hamilton
Project Team: John Hunter, Robby Carter, Melody Balcet, J.C. Wilson, Alice Fakir, Greg McCullough, Blake Stephens, Kate Schnabe, Jason Ma, Brian Maxwell, Matt Houy, Josh Anderson, Bonnie Lee, Richard Reilly,Todd Hamlin
Location: Atlanta, GA
The DoD Cyberscope is a GOTS capability that leverages existing DoD capabilities to facilitate reporting, aggregation and analysis of the DoD’s Information systems for improved Information Assurance (IA) Awareness, and maintain Federal Information Systems Management Act compliance through automation. It is the first Government off the shelf (GOTS) product that provides machine-to-machine reporting of IA data for DoD entities.
QA Code Scan Integration
Executive Sponsor: David Moses
Project Team: John Bell
In a marked departure from “old-school” thinking on software security assurance, Delta’s QA group has taken over code scanning responsibilities for the company’s critical delta.com website, integrating HP WebInspect with HP Quality Center to provide a single version of the truth with regard to defect tracking. This change makes it possible for the Security group to focus on resolving issues rather than running scans, while ensuring that consistent, accurate information on all quality and security defects is readily available at every level of the company.
HealthSpring Identity and Access Management Project (HS Secure and HS Access)
Executive Sponsor: Kyle Duke, CISO, HealthSpring
Project Team: Anthony Mannarino, Christopher Korman, Chris Fuller
Business Objectives: Streamline and perform timely user attestation to achieve compliance with industry and government regulations. Improve compliance accuracy, speed and scalability. Save on administrative overhead and streamline operational efficiencies.
Identity Management Project with Courion Suite
Executive Sponsor: Guy Barnard, Vice President, Healthways Inc.
Project Team: Bob Quandt, Rick Harvey and Alex Schjelde
The project consisted of two sub projects, provisioning and compliance. The provisioning sub project was implemented to help streamline the onboarding of new colleagues and contractors and ensure that the Healthways HR system was utilized as the company’s system of truth. In addition, users were removed from our systems in a timely manner upon termination in our HR system. The compliance sub project was implemented in order to have a more streamlined and user friendly approach to our quarterly access review process. This project was led by a Healthways team and implemented by Courion Professional Services.
Hotel Security Program
Executive Sponsor: David Billeter
Project Team: David Billeter, Jonathan Card, Steve Bardsley, Chad Strange
IHG implemented Trustwave’s hotel security program for its 700 managed and 3,000+ franchised locations. Project included implementing a combination of firewalls, IPS, scanning, log monitoring, POS software agents and other supporting technology across their global infrastructure. The goal of the Hotel Security Program was to reduce breaches within the hotels and help the hotels comply with the PCI-DSS requirements.
Security Guy Roadshow
Executive Sponsor: Peter Hill
Project Team: Jamie Galioto, Sheila Austin, Jeff Johnson, Doug Everson, Ryan Massey
Security Awareness at ING has traditionally been accomplished via annual mandatory compliance courses and ad-hoc emails. Despite all the many layers of defense deployed at ING, we recognized that without informed employees, our risk was much greater. In an effort to improve security awareness and reach our customers in a different manner, we created an animated character named "Security Guy". Using this character, we created videos that discussed information protection topics. We also conducted ING Security Guy Road Shows at each of our major sites. At the sites, we setup convention style in a large area, with booths manned by various security and risk professionals. The Road Shows had great attendance and received positive feedback from all employees and made a visible impact on the ING security and risk culture.
Security Operations Center
Executive Sponsor: Peter Hill
Project Team: Tim Hillyard, Brian Withrow, Dmitriy Bliznyakov, Michelle Joseph, Adam Markuson, George Toro, Joshua Gordon, Tom Limber, Kyle Fenzel, Derek McGowan
ING is putting customers’ minds at ease and living up to the expectation that companies should do more to protect personal and financial information with the opening of its security operations center in Minneapolis in late 2010 and its new security operations center in Jacksonville in late 2011. The culmination of five years of investment, the centers are staffed with employees 24 hours a day, seven days a week, 365 days a year. It relies on a robust set of tools to detect and prevent inappropriate activity and provide an integrated view of that activity across the environment. As more sophisticated threats evolve, the center can expand its capabilities by integrating new tools into the environment or enhancing the ways in which existing tools are used. The expert team is also experienced in recognizing signs of potentially abnormal behavior. The combination of skilled resources and quality tools allows for the high-performance response the company’s customers expect, ensuring threats do not even make it through the "front door."
ISSA International Chapter of the Year: 200+ Category
Executive Sponsor: Damien Suggs, Former President
Project Team: Damien Suggs, Keyaan Williams, Ben Sholes, Keith Deininger, Carl Holton, William Peach, Amy Dean, Anne Payton, John Lister, Robert Skinner, Jason Lawrence and Timothy Bloomer
The Metro Atlanta Information Systems Security Association is a non-profit group dedicated to providing educational and networking opportunities. We promote the exchange of ideas and knowledge for each member's growth within the information security profession.
Nielsen Online Campaign Ratings (NOCR)
Executive Sponsor: Tim Chase, Performance Test Lead, Testing Center of Excellence
Project Team: Steve Splaine, Alex Deliyannis, Tim Chase
Campaign Ratings was designed to help advertisers and online publishers determine how effective their campaigns are at reaching the intended audience. For example, if an advertiser wants to reach males 18-49, NOCR provides an overnight report with reach, frequency, and Gross Rating Points (GRPs) that shows how well the ad reached the desired demographic on a particular website. This measurement works in-flight, allowing optimization of advertising during a campaign. NOCR is the first Internet measurement system accredited by the Media Rating Council that provides GRPs for online campaigns, consistent with those used for TV.