Collaborative Cyber Security Response
Project Team: Cathy Hubbs, David Smith, Krizi Trivisani
Our three institutes, American University, Georgetown University, and The George Washington University signed a Memorandum of Understanding for emergency preparedness and response, cutting across all service sectors. As the lead cyber security specialists we felt it was important to address the opportunities to share resources in the event of a large scale cyber security event.
The Voltage Project
Project Team: Joe Bentfield, Janet Kerns, Dan Madsen, Daniel Schulte, Mike Sterner, Larry Abram
The Voltage Project at AT&T enables these information security objectives: (a) do the right thing by the corporation, employees, business customers and consumers, vendors and suppliers; (b) meet internal corporate and security policies; (c) meet a broad set of legislative regulatory compliance mandates and other external initiatives such as PCI, GLBA, HIPPA, etc.; (d) satisfy business customer contracts; and (e) enable business efficiency. It involves two key initiatives: End-to-end Information Protection and Data Leakage Prevention. It utilizes approaches that are game-changing in securing information from end to end, and leverage breakthrough technologies in innovative solutions that remove barriers.
Automated User Access Certification for SAS 70 Compliance
Project Team: Donna Durkin, Shany Porras, Nick Whittome, Glenda Johnson, Robin Parkes
Computershare is subject to a variety of regulatory requirements. Based on the sensitive data the company manages for its clients, Computershare is experiencing growing demand from institutional customers and auditors to prove they have a secure environment with the proper IT controls in place to monitor access. The company recognized that continuing its manual certification process was not sustainable. In early-2010, Computershare selected SailPoint IdentityIQ to automate its identity governance processes and underwent an aggressive project to automate its 11 most high-risk applications accessed by 4,000 users – in time for a September SAS70 audit.
Shared Services Security Initiatives
Team Members: Pat Corless, Jim Albolino, Gareth Hendrickson, Manny Soto, Jimmy Wang<
A set of security initiatives were identified and needed to be addressed to drive lower risk in our security landscape and meet regulatory requirements. The coordinated approach combined tasks that focused on end-point security, encryption, anti-virus, privacy acts, and external facing web applications.
Project Team: Steve Elefant, Sarah McCrary, Larry Godfrey, Paul Minutillo, Dustin Francis
E3™, Heartland Payment Systems’ end-to-end encryption solution, is designed to protect all stakeholders in the payments industry — including merchants and consumers — with the highest degree of security available … with no extra fees. Only E3 technology safeguards cardholder information from the moment of card swipe — and through the Heartland network — not just at certain points of the transaction flow.
Security Monitoring Project (SMP)
Project Team: Peter Hill, Patty Long, Jim Bearce, Jen Gonzalez, Shane Swanson, Chuck Kirk, Tim Hillyard, Jairo Orea, Cory Crawford
To better monitor and protect the environment, we identified security monitoring risks and gaps in our server, network and database monitoring. We implemented an organizational Security Monitoring Project (SMP) that monitors servers, application, network devices and databases 24x7, including integrating the Incident Response to contain incidents, risks and threats across the organization. The SMP allowed ING to address the lack of a consolidated monitoring infrastructure across data centers and standardize the diverse portfolio of monitoring tools. Additionally, the SMP allowed us to develop and implement database security monitoring controls for non-SOX systems that are not in scope for SOX testing.
The I Campaign
Team Members: Ty Christopher, Cheryl Conley, Bob Davidson, Trent Flood, Phil Nicholas, Scott Rush, Debbie Stuckey, Christina Valecillos
Lockheed Martin launched an internal communications' program called The I Campaign in October 2009. The campaign is focused on educating employees about how to protect the Corporation’s information assets and minimize cyber security risks through proper behaviors. In addition to helping mitigate several real cyber attacks, employee testing has shown the campaign has driven significant improvement in employee response to known adversarial tactics used in targeted e-mails.
IT Risk & Compliance Management Integration
Team Members: Denise Hucke, Ash Khan, Keith Respass, Sean Finnerty, David Van Skiver, John Tryon, Keith Heilner, Mark Kramer, Susan Rakus, Kenia Rincon, Melody Kromer, Tom Meyer, Kathy Doty
On March 9, 2009 - Merck & Co., Inc. and Schering-Plough Corporation announced their plans to merger. An IT Integration Team was created to prepare the two companies for Day 1. The IT Risk & Compliance Management team was lead by a legacy Merck and legacy Schering Plough employee. The project included preparing a new Corporate IT Risk Policy; conducting a Risk Assessment to identify the IT Risks associated with the merger; creating a new Active Directory Trusts to allow cross-company user identification & management of network accounts; and harmonizing the Threat & Vulnerability Management Process and Incident Management Teams.