CSO50 2015

CSO50 winners announced

1 2 3 4 5 Page 4
Page 4 of 5

31. Data Sharing Network Helps Reduce Crime
New York State Division of Criminal Justice Services

New York’s Division of Criminal Justice Services serves 11 counties and over 84 separate law enforcement agencies. The Crime Analysis Centers' Data Sharing Network Initiative helps the state reduce crime, especially violent and firearm crime, through intelligence-driven law enforcement.

Nearly 52% of the population lives outside New York City, so DCJS organized the N.Y. Crime Analysis Centers in these communities in order to better deter crime and build safe communities. The centers are centrally located, multijurisdictional units serving multiple state and local law enforcement agencies throughout New York's major metropolitan areas.

The centers are built around a sophisticated single-query Google-like search tool that can perform in-depth searches, analysis and sharing of all information that may be related to local crime. This analysis provides a comprehensive picture of the criminal environment within a particular county. It allows law enforcement to make informed decisions on strategic planning and tactical deployment, and helps solve crimes.

32. Grid Security Exercise
North American Electric Reliability Corp. (NERC)

The North American electrical grid is the largest machine on the planet and requires constant maintenance, monitoring and continuous learning. NERC’s mission is to ensure the reliable operation of the bulk-power system and help the almost 1,900 registered entities that make up the North American bulk-power system develop dynamic cybersecurity programs.

NERC’s biennial Grid Security Exercise, GridEx, is designed to test the industry's readiness to respond to a physical or cybersecurity incident. This is a North America-wide exercise that brings together more than 230 organizations. The event allows participants to check the readiness of their crisis action plans through a simulated security exercise, which in turn provides an opportunity for NERC and the industry to self-assess response and recovery capabilities and to adjust actions and plans as needed. NERC has hosted the event twice, in 2011 and 2013. The next exercise planned for November 2015.

33. Windows XP End of Life

Quintiles - see story here.

34. Teaming Endpoint Visibility, Access and Compliance and Behavior-based Perimeter Defenses

At relocation company SIRVA Inc., trust is essential to winning new clients and maintaining current ones. It provides the best mobility experience possible for clients by processing critical client personal data via world-class relocation service applications.

SIRVA set out on a project to enhance global data security and privacy protection and to safeguard its networks from advanced persistent threats, malware intrusion, rogue devices and unauthorized or insecure system access.

SIRVA implemented a network access control and intrusion prevention system that provided greater endpoint visibility, access and compliance, and behavior-based perimeter defenses to protect its infrastructure and critical data from outside and inside the environment. It also gave SIRVA more flexible control enforcement depending on the region, user and issue. What’s more, it didn’t require re-architecting or upgrading of SIRVA's infrastructure.

Since the intrusion prevention system was implemented, the relocation business application has reported no zero day attacks or intrusions.

35. Completing a Five-Year MARS-E Implementation in One Year
South Carolina Health and Human Services

The South Carolina Department of Health and Human Services faced a massive challenge. To comply with the Centers for Medicare and Medicaid Services Minimum Acceptable Risk Standards for Exchanges (MARS-E), the organization had to move aggressively from relatively simple HIPAA compliance standards to full-blown FISMA-based ones. An entirely new paradigm for a state government agency, MARS-E includes the NIST 800-53 Rev. 3-based controls in FISMA combined with HIPAA, HITECH and IRS-1075 — and an implementation of this magnitude traditionally takes more than five years to complete. But the department was mandated to fully implement MARS-E in just one year.

The implementation and documentation phase lasted approximately eight months. Today, each control is currently met, and the organization continues to refine how it thinks about each solution in the highly dynamic security process.

36. Portfolio Security - Linking Security Risk with Financial Risk
Stroz Friedberg

Security risk is increasingly contributing to financial risk. Global investment firm KKR Co. L.P. wanted to minimize its financial risk and measure the strength of the security programs at its portfolio companies through a high-level process that would yield meaningful results.

KKR approached Stroz Friedberg, a global leader in investigations, intelligence and risk management, which had experience in performing in-depth security assessments, but most require six to eight weeks to complete because of the complexity involved. This was a new type of request. Reducing the rigor of its assessments into a rapid-fire operation would require fresh thinking and innovation.

Over the course of two months, the team developed a new methodology as the standard across all types of companies. The measures provided KKR with a greater understanding of the risk posture of its investments, and delivered a global average of all of the portfolio companies' scores and an immediate snapshot of KKR's overall investment exposure.

37. Healthcare-Centered Threat Management
Texas Health Resources

Texas Health Resources found itself needing to better detect threats in its highly complex environment. As they explored the challenge further, they realized that they required unique threat management functions based on the complexity of their systems, the uniqueness of their specialized business processes, and the varied interactions of players involved. All of this required a freshly designed way to manage threats, not only at the enterprise level, but how in ways it would be operationalized.

The organization applied key threat management concepts and translated them in their highly specialized environment.

38. Texas.gov Security and Compliance Goes Agile
Texas Government NICUSA

Since 2002, the Texas.gov program has grown to offer more than 1,000 online services that securely processed more than 214 million transactions — all worth over $31 billion. The program's mission is two-fold: deliver the state's official website for constituents to access information and complete online services, and provide enterprise technology services to Texas government. The Texas.gov portal provides hosted online applications and payment processing for many consumer-facing government services like driver license renewals, vital record orders, vehicle registration renewals, and more. The challenge is nonetheless daunting: to provide transaction-based online services that are fast and accessible, but also secure and fully compliant with state and federal requirements. This CISO’s office enlisted agile development efforts to reduce cycle time and effort for vulnerability management, and also to mitigate risks associated with software releases.

Today, the state has cut in half the cycle time for vulnerability management and remediation. It also reduced the time to deliver security services by 90%.

39. Improving Customer Financial Security with Transparency
TruStone Financial

Banking institutions are often cautioning their customers to self-monitor their own account activity for fraud. But not every banking institution provides the kind of transparency needed to effectively watch for fraudulent activity. In fact, many institutions simply show their account holders deposit activity in the form of a composite, simulated check — rather than providing image-based evidence of check deposits in and withdrawals out of a holder’s account. TruStone Financial Federal Credit Union is changing all that. They're one of the first institutions to successfully provide their account holders immediate access to all check images. All of this improves customer service while simultaneously enhancing security and reducing fraud risk.

40. A Human Firewall

UL LLC - read the story here.

1 2 3 4 5 Page 4
Page 4 of 5
7 hot cybersecurity trends (and 2 going cold)