The ISE® West Executive Forum and Awards 2018 was held August 16, 2018 at the Westin St. Francis in San Francisco, CA. The ISE® West Award recognizes the information security executives and their teams who have demonstrated outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.
The ISE® West Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.
ISE® West Executive of the Year Award Winner 2018
ISE® West Project Award Winner 2018
The Aetna Entitlements, Identity, & Risk System (AEIRS)
Executive Sponsor: Kurt Lieber, Vice President, CISO, Global Security Aetna Core, Aetna
Team Members: Jon Backus (Product Manager), Candice Chang, Jason Cruces, Shazia Khan, Jeffrey Graff, Jeffrey Harris, Nathan Harris, Cheryl McCarthy, Angelique Nix, and Barbara Troutman
Location: Phoenix, AZ
The team at Aetna is using leading-edge technology that uses machine learning to provide early detection of anomalies in user behavior. The Aetna Entitlements, Identity, & Risk System (AEIRS), is a User and Entitlement Behavior Analytics (UEBA) program that evaluates millions of event records looking for anomalous or unusual behavior and alerts when detected. The analytics engine, AEIRS, determines and tracks normalized behavior for every Aetna user and then uses it to look for abnormal breaks from pattern, as well as rules-based criteria through behavior models. It also calculates a risk score for each individual user that has access to an Aetna system. The risk scores will change based on anomalous or unusual behavior detected by a model. The models and risk scores can then be used to trigger control changes in real-time.
ISE® West People's Choice Award Winner 2018
ISE® West Executive Award Finalists 2018
Vice President, Information Technology and Chief Information Security Officer
Vice President, CISO, Global Security Aetna Core
ISE® West Project Award Finalists 2018
PCI Submission Relief
Executive Sponsor: John Kirkwood, CISO, Albertsons Companies
Team Members: Frank Steele (Senior Manager Governance & Compliance), Charles Yap (Director InfoSec), Kent Lourenzo (Director InfoSec), Ezekiel Constantino (Risk and Compliance Manager), Jenny Kwok (IAM Manager), John Vaux (Security Architectural Engineer), Gary Zempich (P2PE Analyst), Philip Saint (InfoSec Engineer), Jose Abrain (Compliance Analyst), and Catherine Buerano (InfoSec Risk and Compliance Analyst)
Location: Phoenix, AZ
PCI, as a “point-in-time” assessment process can be extremely disruptive and costly to the business while not guaranteeing compliance. To tackle this issue, the Albertsons Companies team created The PCI Submission Relief program. As a result, while Albertsons must remain PCI compliant, they are no longer required to submit an annual Report of Compliance (ROC) for PCI. Rather than the “point-in-time” annual PCI compliance, Albertsons maintains a continuous compliance control program which ensures that PCI compliance can be continually demonstrated.
Kaiser Permanente’s Vendor Risk Management Program
Executive Sponsor: George DeCesare, Chief Technology Risk Officer & Senior Vice President, Kaiser Permanente
Team Members: Michelle Nix (Vice President), Chetana Sankhye (Director), Thanh-Thien Nguyen (Manager), Soula Moua (Manager), George Macaulay (Sr. Engagement Mgr), Mark Franklin (Sr. Engagement Mgr), Anu Deshpande (Sr. Engagement Mgr), Jim Bleasdell (Sr. Engagement Mgr), Peter VanDeMortel (Sr. Engagement Mgr), Nga Dang (Sr. Engagement Mgr), Derrick Oden (Sr. Engagement Mgr), Nathan Louie (Sr. Engagement Mgr), Brin Henderson (Engagement Mgr), Jose Karlo Pajota (Engagement Mgr), Sirak Medhane (Sr. Engagement Mgr), Anumeet Budwal (Sr. Engagement Mgr) and David Peterson (Executive Director)
Location: Oakland, CA
Kaiser Permanente’s Vendor Risk Management Program (VRM) established the capabilities necessary to effectively manage and prevent vendor control risks across the enterprise through a series of key elements. First, was the creation of an inventory of vendors for privacy and security risks to understand the vendor service locations, data types, data access, etc. through inherent risk assessments for thousands of existing vendor engagements. Next was the completion of controls assessment for high-risk new and existing vendors, and management of risk remediation and acceptance from controls assessment efforts. Finally, the team implemented automation, reporting, and process improvements to scale efforts enterprise-wide.