Global Security Awareness Campaign 2013
Executive Sponsor: Roland Cloutier, Chief Security Officer, ADP, Inc.
Project Team: Anthony Morton, Samantha Aldridge Taylor, Caroline Rouhier, Debbie Cieslick, Mike Minwell, Jim Carpenter, Colleen O’Neil, Carolyn Munoz, Prasad Bhallamudi and Joanna Huisman.
Location: Alpharetta, GA
ADP’s Global Security Awareness Campaign was designed to drive associate behavior and knowledge of ADP security policies, standards and practices. The theme of the campaign, “Security is Our Shared Responsibility,” was selected to reinforce the knowledge that every associate is charged with protecting the sensitive and confidential information of our 600K+ clients, their employees, ADP’s assets and associates. The awareness material was delivered via various information sessions, lunch & learns, town hall meetings, and informational videos. Events were coordinated globally and were launched jointly by ADP’s Chief Security Officer, Roland Cloutier, and Chief Financial Officer, Jan Siegmund.
PCI Compliance Remediation – Post-merger
Executive Sponsor: Shaun Hunt, Vice President, IT Governance, The American Cancer Society
Project Team: Michelle Stewart, Brian Livingston, and Linda Nelms.
Location: Atlanta, GA
The American Cancer Society merged 12 chartered Division organizations with the National Home Office organization in late 2012. Prior to this official merger, there were various credit card handling processes and multiple PCI Compliance attestations from the disparate organizations. With no centralized governance, these processes and attestations were inconsistent. As one organization, ACS undertook multiple Society-wide projects to reduce PCI scope and risk and prepare for a single, onsite PCI audit in late Q2 2013.
Scraping Defense
Executive Sponsor: Tony Spurlin, CISO, AutoTrader Group
Project Team: Regina Clark-Herring, John Sewall, Dan Cary, Jerry Johannesen and Gary Burpo.
Location: Atlanta, GA
Identify and deploy a solution to proactively monitor and provide analytic support to respond to web site content scraping across all AutoTrader Group digital properties and assets. The successfully implemented solution will support the business through the following capabilities:
- Proactive analysis of scraping techniques leveraged across the World Wide Web Deep inspection of packet payload to determine if the activity is legitimate or scraping
- Support evaluation and implementation of preventive measures to identified scraping techniques
Enterprise HR System Consolidation and Controls Integration Project
Executive Sponsor: Kyle Duke, CISO, Cigna-HealthSpring
Project Team: Anthony Mannarino, Chris Fuller, Michael Parrish, Chris Kornmann
Location: Nashville, TN
This project was intended to bridge the control and process gaps in the SoX landscape for Cigna and Cigna-Healthspring and ensure that all Cigna-Healthspring resources would be able to access Cigna HR resources.
Enterprise Board Portal
Executive Sponsor: David McDermitt, Assistant VP, ISO
Project Team: Dave McDermitt, Tom Costin, Julie Buyer, Travis Light, Teddy Payne, Eulalia Roel, Leslie Williams, Carole Starkey, Tony Lowbridge, Angela Dirr, Rebecca Gunn, Sharon Boucher, Donna Whitfield, Bruce Ralston and Jim Steed
Location: Atlanta, GA
The Federal Reserve Bank of Atlanta (FRBA) identified the need for a system that would allow members of the Board of Directors to share and collaborate on sensitive documents. The Enterprise Board Portal Project devised a solution to provide board members with the ability to securely view meetings, agendas, logistical information and restricted documents electronically from their own devices. The project scope included the development of system functionality for secure login and download of classified documents to the Board members’ personal devices while the documents are still encrypted.
2013 PCI DSS Merchant Compliance Program
Executive Sponsor: Brandon Lowther, Director, Information Security & Compliance, Hilton Worldwide
Project Team: Michael Leidinger, Levena Baily, Roger Lin, Hector Dominguez, Julian Daniel, Kevin Namey & dozens of others deserving recognition but not identified here.
Location: Tampa, Florida
The 2013 PCI Merchant Compliance Program positioned the company to obtain a compliant Report on Compliance (ROC). Due to various factors, the on-site assessment was a “first-time-through” audit in many ways. Preparation activities and the resulting on-site assessment represented one of the largest PCI efforts in the country, involving:
- More than 175 Hilton IT staff and dozens of staff across two large IT service providers.
- Ten IT departments and seven business groups.
- 46 applications.
- 37 audit locations from a sample of hotels, resorts, call centers, operations centers, and data centers.
- Dozens of infrastructure components, user accounts, and other auditable areas.
Enabling HireRight Security Teams with Advanced Risk Analysis and Vulnerability Management Solutions
Executive Sponsor: David Barton, Sr. Director, Head of Security, HireRight, Inc.
Location: Nashville, TN
David Barton of HireRight was looking to implement new technologies to enable his information security and IT operations teams to execute vulnerability assessments of housed customer data more efficiently. Protection of customer data is paramount at HireRight, and there was a need for a solution that was responsive to the changing threat landscape, providing visibility into the security gaps within the organization. The goal was to deploy a technology and security program that provided best of breed analytics and reporting of vulnerability data in order to proactively patch flaws, fix configurations and automate several operations for ease of compliance. Mr. Barton partnered with security vendor BeyondTrust, launching a new risk analysis and vulnerability management solution called Retina CS. This in effect allowed the HireRight security team to make smart decisions, effectively communicate risk, and report vulnerability management progress to executives and compliance auditors.
Web Application Access Management for Corporate Users
Executive Sponsor: Mark Gibaldi, VP, Cyber Security & Risk, Travelport
Project Team: Jerry Liu, Josette Dzencelocz and Louie Green.
Location: Atlanta, GA
Travelport deployed a Siteminder web access management platform to define an enterprise-level approach to manage and protect web-facing applications hosted internally and externally. The project substantially automated the provisioning process by consolidating user directories. Five key applications were integrated into the platform in Phase One. Synchronizing user credentials across the five applications created a single sign-on experience which improved the usability and security of all applications and saves 2,500 hours login time annually across the organization. Furthermore, the project has been a resounding “hit” with employees and reaffirmed Travelport’s security program as a business partner and enabler to the organization.