ISE® Southeast Project Award Nominees 2011

IRS
Identity Management
Executive Sponsor: Scott Breece, Director of Security Strategy and Compliance
Project Team: Brenton Warner

CHS is challenged with managing user accounts across multiple technologies. The management of users includes user provisioning for new employees, account management for roles based access and termination of accounts. The existing technology, Novell Identity Manager (SIM); is currently implemented into the environment. The current version of this technology doesn’t provide the flexibility to meet all the business needs as the environment has evolved. But, the newest revision level of the application presents new and improved features that will assist CHS with meeting the needs of the business.


Department of Health and Human Services
The HHS CyberSecurity Technology Project
Executive Sponsor: Dan Galik, CISO
Project Team: Dan Galik, Mike Cox, Kevin Charest, Wally Wilhoite, Paul Son, Jeff Graham, Johnny Hughes, Nancy Lim, Ryan Chapman, Matthew Shallbetter, John Trauth, George Young, Robert Chamberlin, Duc Nguyen, Travis Richardson, Steve Swansbrough, Tim Wells, Drew Wagner, Stuart Carmichael, Robert Barczyinski

The HHS CyberSecurity Technology project provided HHS Operational Divisions with the supporting infrastructure to build secure enclaves to house management components of essential information security technologies. The enclaves are a combination of network taps, firewalls, routers,switches & authentication technologies to allow seamless integration of Intrusion Detection/Prevention Systems,Security Incident & Event Management for event correlation and Network Forensics tool for malware analysis.

Department of Health and Human Services
HHS/PSC Chosen as a Shared Service Center, Information Systems Security, Line of Business (ISS/LOB)
Executive Sponsor: John Stoute, Director, Division of Project Management Services
Project Team: Dara Murray, Errol Brown, Alan Smith, Frederick Gresham, Gail Becker, Darrin Lyles, Oki Mek, & PSC IT Security Services Branch Contractor Staff

The Department of Health and Human Services, Program Support Center has been designated as one of only seven Federal agencies that have been designated as a Center of Excellence represented by the Department of Homeland Security and endorsed by the Office of Management & Budget to support any Federal agency that require assistance in developing certification & accreditation packages in accordance with Federal requirements. This was successful since PSC won the ISS/LOB over larger organizations.


IRS
Global Governance, Risk, and Compliance (GRC) Platform
Executive Sponsor: David Hannigan, VP, Global Security Compliance
Project Team: David Hannigan, Jeff Jenkins, Jay Reid, Mohit Raut, Clarissa Banks, Hmong Vang, Robert Isaac, Ed Redmond
Location: Atlanta, GA

Equifax's Global GRC Platform project involved analyzing and automating security processes with a highly-customized application in order to provide the organization with a real-time view of its security and compliance efforts. The organization now has a central repository of information from functions such as policy exceptions, risk and compliance assessments, customer and regulatory compliance requirements, vulnerability tracking and application security reviews to enable the business to make more informed business decisions.


IRS
State of Georgia Security Transformation Project
Executive Sponsor: Dean Johnson, COO
Project Team: Sharon Mudd

In 2009, the State of Georgia started a major transformation for security services for the State network including 14 State Agencies. In 2010, the State’s Internet presence was migrated behind AT&T’s Managed Network Security Services offering. This included reengineering connectivity to AT&T’s AVPN service, failover capabilities, porting/testing firewall rules, and implementing new layers of externally and internally facing intrusion detection and prevention services. The migrations took place for a period of 12 months with very little negative impact to the customer Agencies business functions. In addition to the externally facing transformation effort, the State has also undergone an internal security transformation for infrastructure security. For the first time the state has implemented a set of baseline Information Security Controls. These controls include technical security specifications for all platforms being managed (by IBM?) on behalf of the in scope agencies. During this transformation, GTA has established a Security Risk Management Program in order to bring a more organized and transparent view of security and risk to internal stakeholders.

Health Ways
Security Integrated into the Application Lifecycle
Executive Sponsor: Daron Davis, Director, Enterprise Test Engineering & Integration
Project Team: Brooks Solomon, John Mellie, Steven Bardsley, Jonathan Card


IRS
IRS Cybersecurity Workforce Professionalization Initiative
Executive Sponsor: Devon Bryan, Deputy CISO
Project Team: Gary Ewing, Dana Hoffman, Mary Ann Hale

This team lead a forward leaning effort to improve and enhance the “bench strength” of IRS Cybersecurity employees’ in BOTH managerial as well as technical skills.


radiant systems
KSU Emergency Pop-Up System
Executive Sponsor: Robert Lang, Asst. VP of Strategic Security & Safety
Project Team: Lectra Lawhorn, Jonathan Higgins, Dustin Hartfick, Cheryl Hassman, Chris Ward, Nick Hassis, Stephen Gay, Chris Gaddis

The KSU Emergency Pop-Up System was developed in response to a known shortcoming of the University's other emergency notification systems. KSU has four (4) outdoor sirens to provide early warning notifications to the campus and surrounding community and a Mass Notification system to send SMS, Phone Voice, and email alerts to all 25,000+ university students, faculty and staff. After several tests, numerous 'cellular dead-zones' had been identified and which consisted of a lack of cellular reception for faculty, staff and students located within our larger buildings as well as areas which prohibited the use of cell phones. The development of the KSU Emergency Pop-Up System alleviated this problem by allowing for the deployment of a pop-up message to all Macs and PCs connected to the campus network.


radiant systems
Radiant Security Services
Executive Sponsor: Jeff Hughes, Vice President, Hosted Solutions
Project Team: Bill Beltz, Ray Gibson, Sherry Spreter, David Turner

In late 2009, it became clear that data security breaches in restaurants were on the rise. PCI DSS compliance and general security best practices in the level 4 restaurant space were sorely lacking. Radiant’s customers, in addition to others, were becoming the victims of cyber criminals intent on stealing credit card information. In the span of six months, we identified an unspoken yet urgent need in our customer base and built a product offering to address that need providing the key security elements to prevent a breach from a occurring. In the last quarter of 2010, the product has been modified to work with non-Radiant systems allowing us to offer these key security elements to a broader audience.


radiant systems
Integrated Assessment System
Executive Sponsor: Jerry Archer, Chief Security Officer
Project Team: Erin Anderson, Michael Blower, Karen Delozier, David Day, Stacy Davis, Mike Hamm, Deb Harrington, Amanda Horner, Ola James, Ken Lafata, April Morelock, Jamie Rucker, Riann Stroud

Sallie Mae initiated a plan in early 2010 to move to an automated solution to manage risk and compliance controls across IT. The existing control environment was built in silos based on individual regulatory requirements. The integrated approach required the use of a GRC tool to manage the hundreds of authoritative sources impacting Sallie Mae.


radiant systems
System Information Repository Security Crawl Project
Executive Sponsor: Randy Senn, CIO
Project Team: David Johns, Lewis Cook, Troy McCants, Michael Terpstra, Elaine Burton, Ali Masri, John Amick, Mary Stuckey, Jeff Wieland, Loretta Baldwin, Susie Martin, Annie Shamkhani, Andy Bowden, Bruce Yeske, Joanna Greene, Andrea Peterman

Our System Information Repository (SIR) manages the access approval process for IT supported applications. Information Resource Managers (IRMs) are assigned to each role and are responsible for approving security requests and reviewing the approved user list periodically. Access is granted by Information Security and includes combinations of Active Directory Groups, Database Permissions, Application Security, etc. An automated process was needed to verify actual security against the documented security present in SIR to ensure only approved users were granted the appropriate levels of security.


radiant systems
Thomson Reuters’ Application Assurance Program
Executive Sponsor: Tim Mathias, Sr. Director IT
Project Team: Erin Anderson, Michael Blower, Karen Delozier, David Day, Stacy Davis, Mike Hamm, Deb Harrington, Amanda Horner, Ola James, Ken Lafata, April Morelock, Jamie Rucker, Riann Stroud

Sallie Mae initiated a plan in early 2010 to move to an automated solution to manage risk and compliance controls across IT. The existing control environment was built in silos based on individual regulatory requirements. The integrated approach required the use of a GRC tool to manage the hundreds of authoritative sources impacting Sallie Mae.


radiant systems
Hoover Program
Executive Sponsor: Ronald Wilkey, Program Manager
Project Team: Trey Robinson, Chidi Obi, Christian Rohde, Pam Clark

The Hoover Program, comprising approximately 30 separate, but related projects, was developed to enhance the worldwide security posture of Travelport. It involves monitoring fraud and other incidents, making passwords stronger, securing external-facing websites, scanning Travelport applications for vulnerabilities and providing related reports and remediation plans, improving the coding practices of internal developers, enhancing security in the end-user agent environment for tens of thousands of clients, maintaining compliance with Payment Card Industry (PCI) standards, and much more.


TSYS
Fortify 360 Pilot Program
Executive Sponsor: Arnie Canada, Director of Risk and Compliance, Information Security
Project Team: Allan France, Bruce Jenkins, Greg Wolford

This was a pilot project to assess the viability, value, and “fit” of Fortify 360 Source Code Analyzer (SCA) and Fortify Governance Module in the complex and distributed TSYS application development environment.