In Depth

The Security Case Study Collection

Got depth? Selected case studies on security challenges from CSO.

October 17, 2008 — CSO — Selected in-depth explorations of how single organizations have approached critical security challenges. Learn from your peers. Exclusively from CSOonline and CSO Magazine.

Leadership and Organizational issues

Digital and Physical Security Convergence:
Constellation Energy
What does it take to make security convergence happen? One secret is to sneak up on it, the way Constellation Energy did, by seeming to be doing something else entirely.

Information Risk Management:
Harland-Clarke Rechecks Risk Management New security program adds more systematic processes for evaluating, prioritizing and mitigating risk.

Departmental Organization:
Reinventing T-Mobile's Security Function
T-Mobile needed to reinvent its security function, so it recruited a veteran team to shape a new asset protection division. The goal: Inject risk calculations into every business decision.

Safety and Community Relations:
Boston's Infectious Disease Research Lab
When controversy hit, Kevin Tuohey became the public face of a high-profile plan to study deadly diseases in Boston. To succeed, the security director would have to become part diplomat, part great communicator.

Security Metrics and ROI

Budgeting, Metrics and Security Value:
American Water
How American Water's Bruce Larson uses a simple metric to build bridges with business partners and justify security spending at the same time.

Project ROI:
Digital Video Surveillance at Intel
Allen Rude, security manager at Intel, invested more than four years in an ROI study to justify the cost of digital video surveillance.

Threats and Defenses

DDOS and Online Extortion:
How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack
Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them.

Fraud:
Anatomy of a Fraud
Most fraud victims clam up. In this check-tampering case, the victim-a small-business owner-decided to speak out. The resulting cautionary tale offers a rare, detailed look into the mechanics and psychology of fraud. And its aftermath.

Phishing and Incident Response:
Midsize Bank
What happens after a phishing attack? Here's one midsize bank's phishing incident response plan.

Product Counterfeiting:
Drug Busters: Novartis
Novartis deploys a global team to track down counterfeit drugs and help authorities prosecute counterfeiters.

Video Surveillance:
Surveillance Cameras at Secaucus Junction
New Jersey Transit's new station finds additional benefits in its security cameras.

School Security:
Securing the Suburban High School
Privacy, safety, security and budgeting considerations collide.

Business Continuity

Crisis Communication:
Gale Global Facilities Services
With good planning, Web and mobile technologies can help find and inform employees in the event of a disaster. A global company shows how.

Simulations and exercises:
USAA's Disaster Drill: Practice Makes Perfect
As one of the nation's largest insurance companies, USAA is in the business of managing risk. So it makes sense that the company uses exercises, simulations and drills to learn how to respond in the event of a disaster.

Want more case studies? Let us know what subjects you need to explore. Email Editor Derek Slater at dslater@cxo.com.