Security Transformation Program
Executive Sponsor: Annessa McKenzie, Chief Information Security Officer, Baker Hughes
Location: Houston, Texas
Annessa McKenzie’s appointment to Chief Information Security Officer in August 2013 came with a strong focus on execution to close significant security gaps. In her short time in this role she has already done an outstanding job of rapid risk analysis, prioritization of gaps, building a team with the right talent, and executing on 25+ projects that significantly improved the security risk profile at Baker Hughes. Her team has delivered a comprehensive security program, aligning within IT and with the business to drive global improvement.
Continuous Improvements for Security Services
Executive Sponsor: Parrish Gunnels,Information Security Officer, IT Governance, Celanese Corporation
Project Team: Michael Kennemer, Don Borthwell, Jesse Noriega
Location: Irving, TX
This project created a sustainable method for evaluating and analyzing our security services, or portfolio of services, both from a cost and risk perspective. This also included benchmarking with peers and non-industry peers and determining an overall maturity level to achieve and maintain. It created the foundation from which we now have a platform for discussing our risks and costs and the trade-offs that occur because of the decisions we’ve made as a company.
CNA’s Enterprise Risk Register – Enterprise Adoption
Executive Sponsor: Robert Allen, VP, Service Management & CISO, CNA
Project Team: Mark Verheven, Larry Lidz, Greg Allen, John Sternberg
Location: Chicago, IL
The adoption rate of CNA’s Enterprise Risk Register has reached a tipping point, and is full embraced by the Enterprise Risk Management group as the de-facto risk repository and reporting tool for the company. The multi-tier risk register comprises a holistic risk management solution, directly tied to the new enterprise risk hierarchy, providing end-to-end risk information management from the detailed operational aspect to the balanced aggregate executive view. Each tier of the risk register offers the ability to fully evaluate risk components, substantiating the risk statements. The register is continuously active through ongoing evaluation of risk control effectiveness.
Enterprise SIEM: Locally Hosted Security Information & Event management & Co-Managed Security Services
Executive Sponsor: Scott Pettigrew, VP, Chief Security Officer, HMS
Project Team: Scot Miller, Joe Mobisa
Location: Irving, TX
The HMS SIEM and managed services project is centered on a need to meet the strict compliance requirements for HMS customers. With constantly evolving threats, the project needed to be started quickly and efficiently. After completing and RFP including Verizon, Secureworks, Solutionary, Symantec, McAfee, and Q1Labs, HMS decided on QRadar’s SIEM for its ease of use and compatibility with the company’s current infrastructure. As part of the project, HMS determined that a co-managed, locally hosted solution would be the best support model for the organization. HMS chose Accuvant as its managed services provider. Through Accuvant’s services, HMS was able to offload the 24x7 monitoring responsibility and refocus their internal resources on Security management as opposed to product administration.
Executive Sponsor: James Carpenter, CSO, Parkland Health & Hospital System
Project Team: Shibu Thomas, David Schorpp, Brenda Hight, Carolyn Foster, James Carpenter, Mary Beth Langston, John Zapata, Sampath Gorantla, Shelby Angel and Mari Martinez.
Location: Dallas, TX
Automation of eDiscovery across the HR system, the Identity Management System, Active Directory, and the IT ticketing system to ensure litigation holds for data and assets are logged, accurate, and performed in a timely manner.
IT Risk Management Framework
Executive Sponsor: Meg Anderson, AVP & CISO, Principal Financial Group
Project Team: Anita Hartman, Tim Peterson, Kim Herren, Loren Long, Mark Vernon, Abby Martin, Deidre Lane, Terri Poortinga and Eric Ware.
Location: Des Moines, IA
A variety of disparate tools and manual processes had been used to accomplish critical Information Security functions including: managing security policy/related variances, security assessments, supplier security profiles, compliance reporting. This resulted in uncorrelated data and an inability to cohesively report risk. The manual processing wasted time, and it was difficult for businesses to know where to initiate and monitor progress of our services. We implemented an IT Risk Management Framework to ensure data is stored in a single location and to provide cohesive reporting. The solution incorporates a workflow process, which streamlines submissions, eliminates manual work and enables better tracking.
Texas CISO Council – Security Program Essentials
Executive Sponsor: Brian Engle, Chief Information Security Officer, State of Texas
Project Team: Philip Beyer, Joel Scambray, Joe Krull, Mario Chiock, Mary Dickerson, John South, Brian Wrozek, Jack Key, Tim Youngblood, Parrish Gunnels, Jay McLaughlin, Shawn Irving, Cary Moore, Patsy Boozer and Dan Glass.
Location: Austin, TX
The Texas CISO Council seeks to create a comprehensive reference describing the core essentials of a modern information security program. There are six proposed focus areas which would constitute a Security Program Essentials framework. When ratified by members of the Texas CISO Council, this framework would be offered at no cost or obligation to any organization that seeks to build or improve their security program. The working group effort to advance this comprehensive reference will consist of products in Governance and Organization, Information Security Strategy, Information Security Framework, Security Risk Management, Metrics and Measures, Diagram and Illustration.
Next Generation Identity & Access Management
Executive Sponsor: Jack Key, Chief Information Security Officer & Privacy Officer, USAA
Project Team: BJ Hicks, Patrick Landry, Bradley Machicek, Paul Manz, Brandon Esplin, Randy Jenschke, Carla Rosas, Rudy Castro, Charles Smith, Ruth Shropshire, Christina Marin, Sherry Rakowitz, David Allen, Tammy O’Neal, Diana Teneyuca, Tim Crawford, Elizabeth Williams, Estevan Perez, Gary Pullen, Jediah Logiodice, Jeff Lewis, Jeff Speer, Laura Moran, Letty Sifuentes, Lionel Franklin, Marcie Swonson, Maria Flack, Martin Palmer, Michael Morris, Michael Wood, Pamela Strzelczyk
Location: San Antonio, TX
The Next Generation Identity & Access Management (NexGen IAM) Program is comprised of more than 30 complex interdependent projects aimed at efficiently enabling USAA’s business while creating a world class secure access management capability that meets the needs of USAA’s dynamic and growing business. The projects are developed and deployed by a dedicated highly skilled IAM Information Security team (with integrated IT and Consultant support) in an agile infrastructure development lab. The program has delivered on-time and on-budget since 2011. NexGen IAM projects are delivering exceptional security and business results aligned with the goals of the effort and the mission of the company.