T.E.N. Knowledge Base

Loading

T.E.N. and ISE® knowledge base 2010

ISE Central 2010 Nominee Showcase Presentations

USAA’s Info Sec Authentication Program
In this presentation, Jack Key will discuss how USAA was able to provide its mobile user community faster, more secure mobile logon access to their banking, insurance and investment accounts through its new quick logon and authentication security software for its popular USAA Mobile App which allows bank deposit functionality from the iPhone and Androids platforms. Almost 1.3 million of USAA's 7.4 million members access USAA's mobile platforms to conduct financial transactions.

jack key Presenter
Jack Key
Vice President, Chief Information Security Officer and Chief Privacy Officer
USAA
Biography >
Download the Presentation (pdf)   Discuss on Facebook


GRC – Governance, Risk and Compliance
Lee Parish will present how the Northrop Grumman team created a GRC: governance, risk, and compliance group within the Information Systems Sector and why. The team crafted a suite of risk management services for the InfoSec service catalog and developed processes for doing onsite risk assessments and stood up a robust automated GRC platform to enhance their service capabilities. Lastly, he will present how the team reached out to other business units to assist in their GRC solutions.

Presenter
Lee Parish
Director, Information Assurance
Northrop Grumman
Biography >
Download the Presentation (pdf)   Discuss on Facebook


TXU Energy Roles Rebuild
In this presentation, Chris Holm will discuss how the how the Roles Rebuild team successfully completed rebuilding individual user roles for SAP security for IT and then every functional organization at TXU Energy. The endeavor touched every employee at TXU Energy and was completed on schedule and within budget. In addition, Role Security Rule sets were developed for Segregation of Duties analysis and compliance for every Role, resolving IT controls deficiencies to achieve the highest controls effectiveness rates in company history.

Presenter
Christopher Holm
Director, IT Risk, Security & Controls
TXU Energy
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Self-Service Based Password Management
Bridget will present the design and implementation of a self-service based password management solution that provides a consistent, intuitive end user experience for setting and resetting passwords regardless of where and how it is accessed.

Presenter
Bridget Campbell
Manager Technology Security/Identity Management
Southwest Airlines
Biography >
Download the Presentation (pdf)   Discuss on Facebook

ISE Southeast 2010 Nominee Showcase Presentations

Keynote Address: CISO, CISE, CISL? About Information Security EXECUTIVES and LEADERS
Security is becoming less about tools and much more about business acumen and leadership skills. Successful CISO’s are engaged executive partners who understand the core business processes of the organization as well as the safety net that must be built around it. This presentation will engage participants in a discussion around business processes, related risks, and the best practice approaches to strengthening organizational security. Discussion will include top security issues and the evolving role of the CISO within the broader context of organizational governance.

Fernando Martinez
Vice President and Chief Information Officer
Jackson Health System
ISE® Southeast Award Winner 2009 – Executive Category
Biography >
Download the Presentation (pdf)   Download Verizon Data Breach Report (pdf)   Discuss on Facebook


The Self-Funded Courion Access Assurance Implementation
In this presentation, Jennifer Graham will discuss how SunTrust worked with Courion to come up with a plan in which all of its goals would be met, with the added bonus of structuring the deployment in such a way that the recognized benefits of the technology would literally negate the cost of implementation over a period of 36 months.  Based on SunTrust’s goals, Courion helped structure the sale of its Access Assurance Suite so that the capital expenditure could be amortized over the course of several quarters or years, relieving any impact whatsoever on the IT budget.  Jennifer will discuss how  this enabled the project to address their companies strategic, technical and financial goals.

Jennifer Graham Presenter
Jennifer Graham
Vice President User Groups
SunTrust Bank
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Northrop Grumman OneBadge
Mark Leary presents how the Northrop Grumman OneBadge project developed, implemented and deployed smart card technology across the corporation in order to provide enhanced protection from unauthorized access to company facilities, networks and data. The OneBadge smart card standardizes employee logical and physical access and is aligned to Homeland Security Presidential Directive (HSPD) 12, the identification standard for government employees and contractors. Mark will present how Northrop Grumman’s new identity badge is federated across the Department of Defense (DoD) and the Federal Public Key Infrastructure (PKI) Bridge to enable secure collaboration with Northrop Grumman’s government and commercial customers and partners.

Mark Leary Presenter
Mark Leary
Director & Deputy CISO
Northrop Grumman Corporation
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Automated Identity Governance
In this presentation, Chris Tuten will discuss how compliance mandates can be a quagmire for IT resources and budgets. In the past, Sallie Mae had spent several millions of dollars to comply with the Federal Information Security Management Act (FISMA) – one of several regulations the company is subject to – due to inefficient, manual processes. In December 2009, Sallie Mae began an aggressive identity governance project to address spiraling compliance costs. Within six months, the company completely re-architected its IT compliance processes related to identity management and established an automated, repeatable process that is projected to save the company significant expense while improving the company’s overall IT risk and compliance posture.

chris tuten Presenter
Chris Tuten
Vice President, Corporate Information Security
Sallie Mae
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Launching a Code Assurance Program and Saving Millions!
Ariel Silverstone will present how one company researched and decided on process and tools from scratch to assure best-in-breed software security quality, all while saving money in the process.

Presenter
Ariel Silverstone
Information Security Director
Travelport
Biography >
Download the Presentation (pdf)   Discuss on Facebook

ISE West 2010 Nominee Showcase Presentations

Deploying a Cloud Based Application Risk Management Platform
In this presentation, John Sapp will explain how he solved McKesson’s application security software and compliance issues with the implementation of a cloud-based application risk management solution. McKesson determined that its software-as-a-service (SaaS) model, coupled with its ease-of-use and scalability fit best with Veracode’s SecurityReview platform.  He will further discuss how the solution is empowering McKesson to have a comprehensive view of its application portfolio and the organization is now able to provide internal and external customers the highest levels of application assurance, while assuring regulatory compliance.

Presenter
John B. Sapp Jr.
Director, Product Development Standards - Security, Risk & Compliance
McKesson Corporation
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Automated Identity Governance
In this presentation, Bill Bonney will discuss how Intuit is subject to a multitude of regulatory and security requirements relating to the privacy and security of the sensitive financial data it processes, and as a public company, Intuit must also demonstrate compliance with Sarbanes-Oxley. Addressing those compliance and security requirements is exponentially complicated each year when Intuit’s employee ranks grow by almost 50 percent during tax season as it increases call center and other seasonal support staffing. Bob will share with the group that in order for Intuit to meet those challenges they implemented an identity governance program to proactively manage risks associated with user access controls while automating the process of supporting and managing the influx of access changes during the seasonal spike in employees.

Presenter
Bill Bonney
Sr. Manager Access Management
Intuit
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Enterprise Security Controls in the Call Center Cloud
Niall Browne will present the extensive build of Enterprise Cloud Security controls within the LiveOps Inc. PaaS and SaaS platforms and working to build and roll out data-centric and distributed security controls to more than 20,000 agents operating in distributed environments.

Presenter
Niall Browne
CISO & VP Information Security
LiveOps Inc.
Biography >
Download the Presentation (pdf)   Discuss on Facebook


Global Risk Management & Compliance Program
In this presentation, Matt Archibald will share how the Applied Materials team introduced the Program Risk Management methodology developed by the Global Information Services (GIS) , Security & Risk Management group to Applied Materials Corporate Business “Risk Vertical Partners” as well as Business Project Managers in conjunction with a major companywide transformation program.  The tools, process and methodology was used simultaneously in 12 major global programs, consisting of 95 projects and 240 initiatives by managers globally and the Centralized Program Risk office to manage track and mitigate risk across projects and programs. This included formation of the Global Risk Management & Compliance Committee (RMCC).

Presenter
Matthew Archibald
Managing Director and CISO
Applied Materials, Inc.
ISE® West Award Executive Nominee 2007
Biography >
Download the Presentation (pdf)   Discuss on Facebook

ISE Northeast 2010 Nominee Showcase Presentations

The Collaborative Cyber Security Response Project
In this presentation, these thwo distinguished institutes will discuss how they signed a Memorandum of Understanding for emergency preparedness and response, cutting across all service sectors. As the lead cyber security specialists they felt it was important to address the opportunities to share resources in the event of a large scale cyber security event.  They will  share their collaborative efforts, implementation and results.

Presenter
Cathy Hubbs
CISO
American University
Biography >
Presenter
David Smith
CISO
Georgetown University
Biography >
Download the Presentation (pdf)  


XL’s IT Sourcing Strategy

In this presentation, Tom Dunbar will discuss the key initiatives involved in how XL outsourced the monitoring of security devices including firewalls, intrusion detection, intrusion prevention, and log files to BT Counterpane.  Tom worked with Counterpane leadership through their customer advisory program to help improve the services provided by Counterpane.  Counterpane demonstrated their threat monitoring dashboard and Tom along with his VP, IT Security, suggested that the XL Group provide a similar dashboard for their customers.  Tom and his team worked with Counterpane to create a customer version and have a proof of concept running at XL.  Tom will share with the conception of this dashboard and provide explanations as to what the various metrics and threat levels represent. 

Presenter
Thomas Dunbar
SVP Global IT Chief Security Officer
XL Group
Biography >
Download the Presentation (pdf)  


Social Media

Daniel Conroy will present his role as the champion of a project to control BNY Mellon’s internal social media and collaborative tools. Many corporations have adopted and implemented policies concerning the appropriate use of web-facing social networking sites, such as Facebook, MySpace, and LinkedIn.  However, few, if any, organizations have established policies regarding the implementation and use of social networking sites resident on a corporate intranet.  These forms of social media, available only to internal staff, may contain personal profiles (usually offering basic biographical information, together with a photograph), blogs, chat forums, and other interactive features.  Because these internal sites may be readily accessible, and because they pose the risk of serving as repositories of sensitive information, Daniel will share how he and his team established and implemented a policy pertaining to the creation and use of internal social media.

Presenter
Daniel Conroy

Managing Director and Head of the Information Security Group
BNY Mellon Corporation
Biography >
Download the Presentation (pdf)  

ISE North America 2010 Presentations

USAA’s Info Sec Authentication Program
In this presentation, Jack Key will discuss how USAA was able to provide its mobile user community faster, more secure mobile logon access to their banking, insurance and investment accounts through its new quick logon and authentication security software for its popular USAA Mobile App which allows bank deposit functionality from the iPhone and Androids platforms. Almost 1.3 million of USAA's 7.4 million members access USAA's mobile platforms to conduct financial transactions.

jack key Presenter
Jack Key
Vice President, Chief Information Security Officer and Chief Privacy Officer
USAA
Biography >
Download the Presentation (pdf)  


San Diego Virtual Clean Room (VCR) Project

In this presentation, the Qualcomm team will discuss how the traditional approaches to malware protection in a high performance software build queuing and processing system were failing. They realized a new strategy was needed that, when executed, would not impact performance, availability or established business processes and workflows. The project team initially worked with stake holders to obtain a clear understanding of the environment and then developed a solution based on the principle of “Defense in Depth”. The team developed a “Virtual Clean Room” which included creating a secure perimeter using next generation firewall technology, minimum security standards and improved monitoring. This presentation will discuss the teamwork involved, the challenge of using new technology and a generalized statement of the business processes and issues they addressed. This project was the 2010 ISE® West Awards Project Winner.

Presenter
Joshua Davis
Director, Information Security and Risk Management
Qualcomm
Biography >
Presenter
Jeff Overbey
Staff IT Security Engineer
Qualcomm
Biography >
Download the Presentation (pdf)  


Key Initiatives at Department of Homeland Security
Join Dr. Douglas Maughan as he shares how his projects at the Department of Homeland Security advance through the full research and development lifecycle of research, development, testing, evaluation, and transition to produce the best unclassified secure solutions for public and private sector end users.  The results of the research initiated and supported by Dr. Maughan have had an enormous impact in every home and business in the United States, as well as throughout the Federal Government and beyond.  He will specifically discuss two major accomplishments—large scale research datasets and domain name system security.

Presenter
Dr. Doug Maughan

Cyber Security Branch Chief, Command, Control and Interoperability Division Science and Technology Directorate
U.S. Department of Homeland Security
Biography >
Download the Presentation (pdf)  


Northrop Grumman OneBadge

Russell Koste will present how the Northrop Grumman OneBadge project developed, implemented and deployed smart card technology across the corporation in order to provide enhanced protection from unauthorized access to company facilities, networks and data. The OneBadge smart card standardizes employee logical and physical access and is aligned to Homeland Security Presidential Directive (HSPD) 12, the identification standard for government employees and contractors. Russell will present how Northrop Grumman’s new identity badge is federated across the Department of Defense (DoD) and the Federal Public Key Infrastructure (PKI) Bridge to enable secure collaboration with Northrop Grumman’s government and commercial customers and partners.

Russell Koste Presenter
Russell Koste
Director, Identity and Access Management
Northrop Grumman
Biography >
Download the Presentation (ppt)  


Why Every CISO should have an Internet Standards and Governance Team

In this presentation, Michael Barrett will discuss the basic thesis that all Chief Information Security Officers (CISOs) need to look outside the four walls of their enterprise and determine where there are “broken” pieces of the infrastructure that need attention, and see how they can help improve the ecosystem.  Mr. Barrett will share his passion and commitment to helping shape the future of Internet security, including how information is transmitted and accessed.  With his unique focus on information risk management first and security second, his presentation will show how this reversal of the usual approach allows him to help company decision-makers make better decisions.

Presenter
Michael Barrett
Chief Information Security Officer,
VP Information Risk Management
PayPal
Biography >
Download the Presentation (pdf)  


The Voltage Project

Joe Bentfield will present will the Voltage Project at AT&T that enables these information security objectives: (a) do the right thing by the corporation, employees, business customers and consumers, vendors and suppliers; (b) meet internal corporate and security policies; (c) meet a broad set of legislative regulatory compliance mandates and other external initiatives such as PCI, GLBA, HIPPA, etc.; (d) satisfy business customer contracts; and (e) enable business efficiency. It involves two key initiatives: End-to-end Information Protection and Data Leakage Prevention. Joe will discuss these approaches that are game-changing in securing information from end to end, and leverage breakthrough technologies in innovative solutions that remove barriers.

Joe Bentfield Presenter
Joe Bentfield
Executive Director, CSI Infrastructure
AT&T
Biography >
Download the Presentation (pdf)  


Massachusetts ID Theft Regulation – The Toughest ID Theft Provision in the USA
 
In this presentation, Gerry Young will discuss the critical role he has played in the propagation of 201 CMR 17.00, the Massachusetts ID Theft Regulation that has captured national attention. This security regulation has rapidly become the toughest ID Theft provision within the United States, and has broken new ground that is being emulated in other states.  He will share how he worked to spearhead a statewide information campaign for business groups regarding the ID Theft regulation. While the US averages for ID theft data breaches have exploded over 200 percent during that timeframe, Massachusetts figures have shown a decline of 54 percent. This is directly attributable to the public campaign surrounding 201 CMR 17.00.

Presenter
Gerry Young

Secretariat Chief Information Officer,
Executive Office of Housing & Economic Development
State of Massachusetts
Biography >
Download the Presentation (pdf)  


Embedding Security into the Fabric of Business Processes and Increasing Your Scope of Influence

In order for your information security strategy to be most effective and for you to be seen as a trusted business partner, you need to work with business leaders in many different parts of your organization. Stacey Halota will discuss how she works with business leaders to create a culture that will both enable the business and meet information protection goals.

Session discovery topics:

  • Forming and sustaining business relationships
  • Understanding critical business drivers in different parts of your organization that influence information protection
  • Making information security an integral part of business processes
Stacey Halota Keynote Presenter
Stacey Halota
Vice President, Information Security and Privacy
The Washington Post
ISE® Mid-Atlantic Commercial Winner 2009
Biography >
Download the Presentation (pdf)  


Rafting the Rapids

In the constantly changing world of information security, 2009 ISE® North America Executive Category Winner, Paul Connelly, will discuss how CISOs stay on top and keep moving forward.   In his session, Paul will share the following:

  • Look back over the past ten years to illustrate how quickly priorities have changed in information security.
  • What are the constants the led to success for CISOs across that time?
  • How has the CISO role had to change to stay effective over that time?
  • How can CISOs keep pace with the inevitable changes in IS? 
  • Pitfalls to avoid
  • Preparing for what’s ahead
xx Keynote Speaker
Paul Connelly
Vice President and Chief Information Security Officer
Hospital Corporation of America (HCA)
Nashville, TN
Biography >
Download the Presentation (pdf)