The ISE® North America Leadership Summit and Awards was held on November 6-7, 2013 at the Sheraton Premiere at Tysons Corner in Vienna, VA. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.
The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.
ISE® North America Executive Award Winner 2013 - Commercial Category
Chief Information Security Officer
The Walt Disney Company
ISE® Southeast People's Choice Award Winner 2011
ISE® Southeast Executive Award Finalist 2011
ISE® North America Executive Award Winner 2013 - Academic/Public Sector Category
Chief Information Security Officer
ISE® North America Executive Award Winner 2013 - Health Care Category
Information Security Officer
ISE® North America Project Award Winner 2013 - Commercial Category
Unstructured Data Governance Project
Executive Sponsor: Donna Nemecek, VP, Manager Technology Risk Assurance & Senior Information Risk Officer, BNY Mellon
Project Team: Susan Wade, Tijuanna Beckles and Gina Grisaffi
Location: New York, NY
BNY Mellon’s Risk and Compliance Group has developed a governance process to provide security and user access certifications over high risk data stored in network shared drives, which are scrutinized by Regulatory Agencies, external and internal auditors.
ISE® North America Project Award Winner 2013 - Academic/Public Sector Category
University Cyber-security Initiative
Executive Sponsor: Larry Wilson, CISO, University of Massachusetts
Project Team: Todd Glover, Chris Misra, Larry Wilson, Gene Kingsley, Andrew Darling, Brian Sullivan, Jim Packard, Anthony Kolodziej, Jake Cunningham, Wil Khouri and Dan Jones.
Location: Shrewsbury, MA
The University of Massachusetts Cyber-security initiative involves planning, designing, implementing and managing a University-wide technology-based program based on the SANS 20 Critical Security Controls (CSC). The main deliverables include IT asset management, software asset management, system and network configuration, malware defenses, vulnerability management, log management, security administration, data loss prevention, etc. The primary goal is to establish technology, implementation and security monitoring standards that are implemented and managed across all five campuses (Amherst, Boston, Dartmouth, Lowell, Worcester Medical School), UMASS On-line and the President’s Office. Successful implementation of this program will ensure the University reduces the impact and exposure of a Cyber-security threat.
ISE® North America Project Award Winner 2013 - Health Care Category
Executive Sponsor: Terry Rice, AVP, Service Delivery & Risk Management, Merck & Co.
Team Members: (Merck) Phyllis Post, Andy Porter, Jason Victor, Keith Respass, Andrea Kirby, Terry Bauman, Steve Borst, Vish Gadgil, JoAnn Weitzman, Cathy Carfagno, Maria Pascual, Brian Swartley and John Litvinchuck. (Exostar) Tom Johnson, Dan McConnell, Vijay Takanti, Raju Nadakuduty, Paul Rabinovich, Rob Sherwood and Lisa Sullivan
Location: Whitehouse Station, NJ
Merck partnered with Exostar to redefine business-to-business engagements by creating a Life-Sciences Identity Broker in the Cloud. This secure cloud-based hub is where teams from multiple companies can access any number of technology services through a multi-tenant identity broker, protecting sensitive data and intellectual property from unauthorized access. The result included the reduction of time to stand up business-to-business collaborations, minimized administrative cost, and elimination of the need to replicate redundant technology infrastructure. In addition, the model improves the security and risk profiles for these teams by moving away from point-to-point engagements to a highly-scalable service model that can be monitored and protected from outside threats.
ISE® North America People's Choice Award Winner 2013
Senior Vice President, Information Security
Texas Capital Bank
ISE® North America Luminary Leadership Award Winner 2013
Retired Special Assistant to the President, Cyber Security Coordinator
The White House
ISE® North America Executive Award Finalists 2013 - Commercial Category
VP and Chief Information Security Officer
Senior Vice President and Chief Information and Infrastructure Security Officer
ISE® North America Commercial Executive Award Finalist 2012
ISE® Northeast Executive Award Finalist 2012
ISE® North America Executive Award Finalists 2013 - Academic/Public Sector Category
Executive Director, Security and Compliance
University of Miami
Chief Information Security Officer
University of Massachusetts
ISE® North America Project Award Finalists 2013 - Commercial Category
Workspace Virtualization and Containment for Sourcing Providers
Executive Sponsor: Dan Tigar, Managing Director Citigroup Architecture & Technology Engineering (CATE) CitiSecure Platform
Project Team: Matt Ramey, Bill Sztabnik, Brian Firlein, Vincent D’Onofrio, Sean Hunnicutt.
Location: Melville, NY
The solution utilizes a containment approach that satisfies a requirement to establish a controls framework to secure Citi’s Desktop Virtualization strategy for Third Parties. The containment strategy ensures that “least privileges” entitlement is enforced, including Application and Network access controls, at a desktop level.
QRadar SIEM Implementation for Threat Intelligence and Security Monitoring
Executive Sponsor: Ray Archer, SVP & CISO, Scotiabank
Project Team: YRob Knoblauch, Adam Evans,& Alain-Desire Kamenyero, Vicky Laurens, David Tozer, Egor Burnashev, Ify Ajokubi and Kelvin Lomboy
Location: Scarborough, ON
Qradar SIEM was deployed at Scotiabank to collect, correlate and index data from thousands of sources around the globe. Data is ingested into the SIEM platform and provides security analysts with a correlated and contextualized view of the Scotiabank network in real-time allowing them to detect anomalies in near real-time. The SIEM solution has moved Scotiabank closer to an “Intelligence Based Security” model which provides analysts with the ability to respond quicker to emerging threats while reducing impact to their users and customers by leveraging internal and external intelligence sources during threat remediation activities. This implementation has allowed Scotiabank to react to new threats more quickly and armed with deep intelligence.
Twitter Domain Authentication Service
Executive Sponsor: Josh Aberant, Postmaster, Twitter
Location: San Francisco, CA
The Twitter Domain Authentication Service was deployed to prevent malicious unauthorized use of Twitter domains and brands in email communications across the Internet. Prior to deployment of the service, Twitter customers had no way of knowing if the email they’d received purporting to be from Twitter was actually from Twitter or was from a criminal impersonating a Twitter server. Since the rollout of the project, Twitter users have been able to know that emails claiming to be from Twitter.com and other Twitter domains are really from Twitter, and the level of email phishing attacks against Twitter have dropped over 95%. This represents over 110 million malicious emails per day being blocked from reaching Twitter users.
ISE® North America Project Award Finalist 2013 - Academic/Public Sector Category
KSU Identity and Access Management Initiative
Executive Sponsor: Lectra Lawhorne, Executive Director of Information Technology Services, Kennesaw State University
Project Team: McCree Lake and Stephen Gay
Location: Kennesaw, GA
An implementation of IBM Security Identity Manager and other systems that creates and manages a centralized repository with key data elements about every person in the organization merged together from multiple sources that in turn fully automates the management and creation of accounts and services on multiple systems in the enterprise. The project substantially automated existing business processes which were previously not easily enforceable through workflows managed by defined and business-drivenworkflows. Additionally, the system creates a single sign-on environment across the entire enterprise by synchronizing passwords and users across all systems and enforcing password standards for regulatory compliance.
ISE® North America Project Award Finalist 2013 - Health Care Category
EPCS for Electronic Prescription Pharmacy Compliance
Executive Sponsor: Jeffrey Pettingill, Enterprise IT Risk & Compliance, PharMerica Corporation
Project Team: Michael LaMondra, Michael Krok, Muhammad Amjad, John Davis, Daniel Teklu, Sherry Walts, Christopher Aloi, team at McGladrey LLP, Joseph Benfatti and Aris Baghoumian.
Location: Louisville, KY
The goal of this project was to obtain Electronic Prescription Controlled Substance certification to dispense controlled substances electronically for our patients located in long-term care facilities. Compared to paper or fax prescriptions, e-prescribing improves medication safety, better management of medications costs, improved prescribing accuracy and efficiency, increase practice efficiency while improving health care quality and reducing health care costs through the reduction of adverse drug events and increased prescribing of generic medications. Making the process of prescription filling easier for patients will improve patient compliance with their medications. E-prescribing will help decrease the number of unfilled prescriptions by removing one step in the traditional prescription filling process, but also build a more complete medication history for our US pharmacies which a patient may use.