CSO50 2017: 50 forward-thinking security projects

The annual CSO50 conference in May will showcase cutting-edge technologies.

cso50 intro

Aligning proactive security with modern threats

The business risk landscape is changing at breakneck speed. While enterprise technology rapidly advances and exposes new threats, the number of Internet-of-Things (IoT) and other devices is growing exponentially and by the billions.

Meanwhile, businesses continue to transform themselves in the digital economy and face countless security threats across a new digital landscape. How do you proactively find and deploy new and innovative approaches to minimize threats and risk to your enterprise?

CSO editors will award the following organizations at the CSO50 Conference + Awards, on May 1-3, 2017 at The Scottsdale Resort at McCormick Ranch in Scottsdale, Ariz.

ALSO: International Association of Certified ISAOs

CSO50 2017: A step ahead of the threats

cso50 slides1

Changing the information security landscape

The International Association of Certified ISAOs (IACI) is an international non-profit Association fostering trusted information sharing, cooperation, coordination and collaboration among certified Information Sharing & Analysis Organizations (ISAOs). IACI was launched by the GICSR, DIB ISAC and Webster University. IACI is assisting ISAOs to launch at little cost and supports their operations. IACI and its membership advance information sharing for security situational awareness and coordinated response. IACI provides ISAOs and their members with a collaborative infrastructure supporting a global cybersecurity unity of effort with access to expertise, resources, products, services.

The activities of IACI which create a large association of cybersecurity "neighborhood watch" groups will fundamentally change the information sharing landscape. IACI is creating a model of inclusion to let all entities (Including small and medium sized businesses), take part in cyber intelligence activities designed to expand cyber resilience.

cso50 slides2

Protect K-C & Me

Protect K-C & Me is a global, corporate-wide Information Security Awareness program at Kimberly-Clark Corporation (K-C). Its objective is to strengthen the human firewall by increasing the understanding of all workers on information security principles and their responsibility to protect company information assets, as well as influencing attitude and behavior change to help mitigate risks posed by applicable threats. The brand name and tagline, “Securing our most valuable information,” were coined to resonate with users on the importance of staying safe both at work and at home.

cso50 slides3


The primary goals of the NEXTINTRUST identity life-cycle management project were to:


  • Minimize risk of intellectual property loss
  • Lower the risk of a data breach
  • Strengthen enterprise security
  • Facilitate compliance with privacy regulations
  • Build automated unified on-boarding and off-boarding processes


  • Deploy Single Sign On for increased productivity
  • Build a scalable identity management framework
  • Enable rapid integration and authentication to new cloud applications
  • Strengthen role based access control and user rights management
  • Facilitate user provisioning and deprovisioning
  • Deliver identity intelligence analytics to enhance governance
cso50 slides4

Using public data to alert organizations of vulnerabilities

The State of Missouri's Office of Cyber Security (OCS) launched a program in May 2016 to identify vulnerable, Internet connected systems belonging not to just state and local governments, but also to businesses, utilities, and academic institutions across the State of Missouri. The overall goal of the program is to identify the most vulnerable, high-risk systems that if left insecure, could lead to disruptions within our critical infrastructure or significant data loss of citizen, student, and customer data. Key objectives include identifying vulnerable systems, contacting the owners of impacted systems, and showing risk reduction over time.

cso50 slides5

TransUnion Enterprise Security Ratings Platform (SRP)

The TransUnion Enterprise Security Ratings Platform (SRP) gathers terabytes of data from security sensors around the world and provides insight to indicators of compromise, infected machines, improper configuration, poor security hygiene and harmful user behavior. The data is analyzed to determine the severity, frequency and duration of incidents and then mapped to known networks, resulting in an overall security rating for each selected organization. The ratings provide intelligence and insight into each organization's security posture on an ongoing basis and is used in TransUnion's third party security program, self-assessment exercises, security benchmarking (competitive and internal) and mergers and acquisition activities.

cso50 slides6

A new take on an old problem - GCU's Cybersecurity Awareness Program

Grand Canyon University’s IT Security department developed a cybersecurity awareness program that improved employees’ ability to treat suspicious emails, phone calls, and websites with an appropriate level of skepticism. In-person training was reduced to only 15 minutes in total, and was replaced with brief, regular communications designed to engage and entertain while encouraging employees to take the desired action of submitting questionable items to the IT Security department. Employee awareness has improved while decreasing instances of successful phishing and malware attacks, resulting in cost savings and increased employee productivity. The capstone of the awareness campaign is the GCU Phishing Derby.

cso50 slides7

Cybersecurity via intra-network visibility

Jackson Health System chose not to share the details of their award-winning project due to privacy concerns.

cso50 slides8

Identity and Access Management Lifecycle Management (IAM-LCM)

The Identity and Access Management Lifecycle Management (IAM-LCM) program established automated processes to 1) create new worker accounts and provision ‘birthright’ accesses immediately, 2) monitor and react to transfers that occur within the organization, and 3) ensure terminated worker accounts are handled in such a way that there is no risk to the enterprise of malicious or accidental activity.

cso50 slides9

Managed File Transfer (MFT) Realignment Project

Blue Cross and Blue Shield of North Carolina (BCBSNC) is in a highly regulated industry with many business and trading partners with whom we share data. Like most companies, BCBSNC developed governance processes on the intake side of new file transfers, but lacked the same level of controls to ensure the transfers were decommissioned when no longer needed. Our Managed File Transfers (MFT) Recertification project was initiated to recertify all existing transfers and develop a sustainable, automated model for the future that leverages our existing processes and technology used for certifying user access.

cso50 slides10

Chief Security Office Storm 2.0 Threat Analytics Platform

The Storm 2.0 Threat Analytics Platform collects, processes, stores and analyzes network security data for the AT&T internal enterprise. Storm 2.0 is an effort to redefine the implementation and capabilities of this threat analytics platform to transition to big data technology, collect a broader dataset, increase performance and add analytical capabilities. The platform's mission is to utilize this data to collect events, detect security threats, initiate remediation, and, ultimately, protect AT&T and its network from compromise and malicious activity.

The Storm 2.0 threat analytics project created a custom big data implementation. The CSO Storm team designed a Hadoop-based cluster, creating a unique big data stack.

cso50 slides11

Information security "Network Visibility"

Tom August, CISO, was hired in April 2015 to develop, implement and manage a strategic information security program at John Muir Health, a 1,000 bed health system in east San Francisco bay. Tom completed a risk and threat assessment identifying an inability to identify who was connecting to their network and whether suspicious activity was occurring on it. Tom worked with his company’s leadership, industry peers and federal law enforcement to identify solutions to provide visibility over the entire network.

John Muir Health has since been implementing a comprehensive, self-healing network containing both preventative and detective network controls.

cso50 slides12

Creative Artists Agency leverages operational intelligence and user behavior analytics to migrate to the cloud

Creative Artists Agency (CAA) chose not to share the details of their project due to privacy concerns.

cso50 slides13

UNICC Continuous Security Improvement Suite

The UNICC Continuous Security Improvement Suite (CSI) project began in late 2014 to deliver solutions to support continuous improvement, including 1) One ICTbox, a rapidly deployable modular infrastructure for UN field offices with built-in security controls, 2) Common Secure, a cyber security information sharing/threat analysis community network, 3) Common Connect, a common trust for UN Agencies to collaborate and share information assets, and 3) Information Security Governance and Operations (UNICC CISO-sharing, IS advisory support and operational solutions for smaller UN Agencies to implement and manage ISMS standards and processes.

cso50 slides14

Gurucul Risk Analytics Project

Increasing employee turnover and contract-based positions have amplified the insider threat problem. Traditional approaches to security are unable to detect attacks by malicious insiders and outsiders impersonating insiders. A new approach, that combines machine learning, analytics and predictive anomaly detection to user behavior and access privileges can detect and protect against insider threats and external attacks that use compromised “insider credentials”. This project will achieve two important objectives: (a) reduce the attack surface for user accounts by eliminating unnecessary access rights and privileges, and (b) identify and predict behaviors associated with insider/outsider attacks so breaches can be prevented.

cso50 slides15

Cloud Control Point

AstraZeneca put collaboration at the center of their IT security strategy. What data is in the cloud, where is it going, and who can access it? AstraZeneca answered all of these questions with a secure, global cloud collaboration platform. The IT department has granular visibility into every kilobyte of data sent to the cloud and control with data loss and collaboration policies. At the same time, they removed friction by taking away the need for VPN access. Now employees, patients, and medical professionals across 100 countries can securely share data in the cloud.

Cloud solutions are powerful, easy to use tools that employees love. Until now, moving to the cloud meant losing the control security has over data on the corporate network. AstraZeneca implemented all the security controls they traditionally had over data in their own data center, removed the friction of a VPN, and provided employees with a best-in-class global collaboration platform.

cso50 slides16

45 minutes to 45 seconds: Automating malware investigation

Using Phantom as its automation and orchestration platform, Blackstone has been able to dramatically reduce the time required to investigate malware alerts. Once a manual process that required 30 to 45 minutes per alert, they have automated malware investigations using a Phantom Playbook. Investigations now take 45 seconds, freeing the team to focus on analysis and resolution instead of performing tedious and repetitive tasks. This automation drives accuracy and consistency in the incident response process, ensuring a fast, accurate result.

cso50 slides17

Protect API

Protect API was designed to create a service that could be used to protect applications and services through automatic calls of an API service. It gives the owners of an application the control to mitigate traffic they have detected as bad and either drop or mitigate that traffic as needed.

The intent was to abstract away the mitigation devices and make creating a mitigation or blackhole easy for anyone to create. Protect API also made it possible to automate the creation of mitigations and blackholes by exposing the mitigation appliances as an service through a REST API. This allows the owners of services, infrastructure and application who know the traffic patterns to best identify malicious traffic and mitigate it before an outage occurs.

cso50 slides18

Build security in and measure the success

Cyber-attacks and data leakage are daily threats to organizations globally, reminding us that we are all potential targets of this type of threat. Today they have Compliance, Operations, Incident Response, Application Security and Pen testing programs to address and monitor threats. They are building upon what they have accomplished by doubling-down on application security and implementing the Build Security in Maturity Model framework. This framework allows them to measure the program against peers, make improvements across the software lifecycle and monitor our risk posture.

cso50 slides19

Smart Docs Cyber Custodian

BNY Mellon is the number one provider of third party and the designated document custodian for all Government Sponsored Enterprises (GSE) loans to control and manage these documents. Documents under custody require management throughout the term of the loan. The previous process had weak tracking capabilities and a manual audit procedure of the documents. The Smart Docs Cyber Custodian product combines the internet of things technology with digitization for compliance and risk management.

Smart Docs is the first time BNY Mellon has adopted an automated tracking feature for loan instruments from the time it is delivered. This means a reduction in product cost and an increase in productivity due to fewer errors, improved quality and the reduced training needed by our team members.

cso50 slides20

Bug Bounty

United Airlines manages over 93 million Mileage Plus accounts containing hundreds of millions of miles. Its customers' miles are of significant value to not only their customers but also to malicious outsiders intent on stealing and converting the miles to other products such as travel or consumer electronic equipment.

Bug Bounty program offers compensation (miles) to individuals for finding and reporting security bugs on United.com and other web properties by crowdsourcing independent cyber security testers around the globe.

cso50 slides21

SIFT Fraud Detection

SIFT is a fraud-detection and prevention engine, focused on the content-specific use cases, that looks at historically "normal" user usage, and learns and evolves its definition of normal usage as customers continue to use the system. It provides a credit score-style report to subscribing applications giving them an indication of the validity of any requests for content. The subscribing application can then enforce as appropriate based on the score and acceptable risk to that application and content set on a per-user or per-content set basis.

cso50 slides22

Ransomware inoculation

Amkor, like many companies, was subject to a continuous ransomware campaigns that created significant damage requiring significant resources and effort to resolve. Amkor InfoSec group created a comprehensive project with the objective to mitigate damage from future ransomware campaigns and allow for quicker recovery. Ransomware is a highly scripted attack virus. Amkor first analyzed the way ransomware performed after detonation then specifically tailored a custom solution that both retarded the effects of ransomware and allowed for easier and faster recovery. Similar to an inoculation, this program doesn’t prevent the infection, but rather blunts the virus capabilities and allow for faster recovery.

This program allows companies to be proactive in their approach to ransomware and not wait for the next attack or spend millions trying to block attacks.

cso50 slides23
REUTERS/Jonathan Bainbridge

Mastercard phishing tournament

The Mastercard Phishing Tournament was designed to engage employees to actively look for spam and social engineering messages in their inboxes, and report them for further investigation. Each email reported is scored based on a variety of factors and monetary awards are given each quarter to the highest-scoring participant. It supplements existing programs that the team offers. By using a positive approach instead of the traditional testing and re-training programs, Mastercard is turning employees into active members of the information security team.

cso50 slides24

Cagey - Financial crime insight mapping

Knowing who your good customers are versus those who are cybercriminals is key for any financial institution. Usually this data remains siloed in various departments and does not include relationship data. Our security, fraud, and financial crimes teams were able to uniquely code and develop software that analyzes all customers based on their risk, financial crime status, relationships with other companies and displays who may be someone we want to watch, take off the platform, or allow to continue transacting business. As a result, their graphical display map has cut down fraud and is beating banks by two to three days.

The key outcome for this project was to be able to ensure the company reduced its risk of fraud, met the compliance expectations of our banking partners, and did not allow on the platform those companies or individuals who may use the platform for illegal purposes.

cso50 slides25

Capture the Flag with Sports Update

In the past when we sat developers in a room for two days and trained them on secure coding techniques we found that improvement was modest. Not all of the developers used what was taught them and those that did slipped into old habits soon enough. To reduce the risk to our applications we needed a creative approach to engage our developers and get them to retain and continually use those techniques. The solution was a Capture the Flag (CTF) event with a little something added that made training less tedious and more fun, while achieving the results we wanted.

cso50 slides26

Access management automation

Rapid7’s internal IT and IS teams were struggling with two aspects of identity and access management: 1) manual access reviews and 2) manual access provisioning/deprovisioning. Both of these processes were extremely time consuming, left room for error, and didn’t scale. To combat these issues they developed Access Hero and ReTAP (Remote Temporal Access Protocol) -- two completely home-grown tools built by our internal security team. These tools leverage automation to save our organization over 160 hours per year, and they reduce their risk exposure by ensuring access to critical business applications is limited to users who need it.

cso50 slides27

Domain Security Platform

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) continuously seeks to advance its cyber security posture, and recently implemented the “Domain Security Platform” which automatically identifies, monitors and blocks potentially malicious, newly registered external domains and websites likely to pose an elevated risk to Horizon BCBSNJ. Project objectives were to reduce Horizon BCBSNJ’s visible attack surface to “unclassified” domains, and thus reduce the risk of malware infection, credential exploitation and data exfiltration to and from those sources.

cso50 slides28

Ducking threats

In response to the significant increase in the volume and velocity of significant new security threats, Aflac embarked upon a mission to create a custom-built threat intelligence system capable of consuming large amounts of threat data and, in turn, using that data to protect the environment and inform security decisions. As a result, Aflac has successfully developed a system that not only tackles the daily operational feed of threat data, but provides key process automation and allows for system integration into the current security infrastructure for maximum use of the data.

cso50 slides29

Systems Management Center (SMC): Integration of FDA Cybersecurity and Network Operations Centers

The Systems Management Center (SMC) project is the integration/unification of the Network Operations Center (NOC), Security Operations Center (SOC), systems/application monitoring, and other related cybersecurity threat management activities and operations and is the central command and control center for the monitoring, triaging, troubleshooting, and the escalation of all detected or reported or potential security incidents, performance issues, enterprise services, and infrastructure operations. General SMC function includes monitoring of network, systems, infrastructure and applications for incidents or potential outages and to rapidly detect, analyze, investigate, contain, and report on cybersecurity incidents.

cso50 slides30

Security training improved flexibility and cost reduction

This project reduced by 50 percent the scheduled time-blocks of security training classes that required employees to set time aside to complete training. Classes now focus only on key statutory, regulatory, and policy-based requirements and imperatives that must be covered annually with validity checks for all employees, and include mastery checks for mastery/understanding, saving over 3,500 resource-hours annually. To ensure adequate training effectiveness and frequent awareness touch-points, the program is augmented with dynamic 2-minute monthly hot-topic security awareness videos featuring corporate executives delivered direct to the workstation via email, and continuous presence of security messaging on the intranet home page.

cso50 slides31

Creating a cyber security culture that protects Monsanto's digital assets

As technical security controls improve, human vulnerabilities are becoming the fastest growing method of threat for corporations globally. No company is immune. Monsanto's security priority is to ensure they reduce the risk for loss of intellectual property, customer information and employee data. From a people perspective, our strategy is to deter threats through education and awareness and to create a "Human Sensor Network" that proactively identifies and reports potential threats.

By focusing on developing a comprehensive strategy to change organizational culture, they shifted away from traditional education and progressed toward targeted measurable awareness that was engaging and achieved the desired result of changing behaviors.

cso50 slides32

HITRUST Business Associate Awareness Program

Five healthcare organizations, representing 7,500 business associates (as defined by the Office of Civil Rights) and 90 percent of the US population, collaborated to launch the HITRUST Business Associate (BA) Council with the mission to instill confidence, manage risk and inspire excellence in healthcare IT by driving innovation throughout the third-party vendor supply chain. Under their leadership the group is advancing practices for measuring and mitigating cybersecurity risk, gaining operational efficiencies, and raising consumer confidence - and helping thousands of BAs gain certifications and participate in programs that demonstrate they are safeguarding critical information for individuals and the nation at large.

cso50 slides33

The Hershey Company’s Global Identity Governance Initiative

Hershey needed a centralized process enabling a global identity governance infrastructure. It was critical to secure the Hershey infrastructure from unwanted access to critical applications and breaches that encompasses both on-premise and cloud.

Hershey’s main objectives were to improve ROI and cost savings by moving from manual processes to automation, help with breach prevention through operational efficiency and reduce business risk. This initiative allows Hershey to be more agile, bring on new applications and improve security and business processes. Identity Governance was a key strategic initiative for Hershey to enable secure automated growth from both organic and in-organic / acquisitions.

cso50 slides34

SOC Reinvigoration – Increase efficiency of SOC Operations

Esri is a global organization that helps more than 350,000 customers around the world solve tough problems through advanced geospatial technology. As a result, Esri has implemented a portfolio of security products to protect the many diverse digital assets of both the company and its customers.

Esri’s security product portfolio identifies more than 10,000 incidents/alerts per week. This presents the company with significant challenges when trying to analyze and respond to these alerts with limited resources and time.

cso50 slides35

Security Analysis Architecture (SAA) project

Timely knowledge of attacks on The Nature Consevancy are the cornerstone of risk operations. Absent accurate knowledge of attack profiles, many tasks (risk management, determining what to secure, identifying layered controls) become impossible. This lack of knowledge (visibility) leads to misappropriated spending on security. The organization is left procuring solutions based on instinct rather than data driven decisions. The team has worked to develop a comprehensive solution to address this. The solution contains two components; a sensor infrastructure that is embedded at field offices and a centrally managed log/visualization infrastructure which serves as the focusing system for aggregation, parsing, visualization, and analysis.

cso50 slides36

BCIS - Business Continuity Information Security

This project is the implementation and integration of LAWAs Cyber Incident Response Capability and Business Continuity/Disaster Recovery Capability. The objective is to use technology to enhance collaboration among these two disparate functions. Data collected during the BIA process is used to determine critical business processes and the technology that supports them. This information is then used to calculate the priority of incidents as well as helping provide awareness of the impacted systems to include their priority and dependencies. From the incident response side, the crises response process may be activated directly from the Incident Response team allowing for faster recovery.

cso50 slides37

IT controls GEAR implementation

Companies face increasing challenges with providing information security and evidence to a growing number of auditors, regulators, clients, and vendors in an efficient manner, while maintaining quality and consistency. Voya Financial (Voya) has implemented an innovative solution that not only provides accurate and current information, but also gives Voya an end-to-end view of its control posture and compliance with policy. Voya is now able to respond to inquiries based on a variety of frameworks, while providing faster and more accurate responses. In turn, this has freed up a significant number of man hours to dedicate to higher value work.

An easy-to-use tool was implemented to help auditors connect their requests directly with the right responder. The result was the GEAR tool – Guidance for Evidence, Artifacts and Responses.

cso50 slides38

Improving your employees ability to spot phishing emails by 300% in 18 months

We designed a phishing awareness program that focused on raising awareness, reducing the fail rate, helping employees understand how to get help and feel no shame in clicking phishing emails along with fostering an engaged culture to shift the mindset of our workforce and embed security in our DNA.

cso50 slides39

Michigan Cyber Disruption Response Plan

To keep pace with evolving cyber threats, Michigan developed the Cyber Disruption Response Plan (CDRP). This plan protects health, safety, and economic interests of Michigan’s residents and organizations by reducing the impact of disruptive cyber-related events through response, mitigation, planning, awareness, and implementation. The CDRP provides Michigan’s emergency management and information technology personnel, as well as stakeholders, with a framework to coordinate preparedness, response, and recovery activities related to large-scale or long-duration cyber disruption. The plan allows Michigan to establish a common framework though which all private sector and local government partners can easily and effectively protect their IT systems.

cso50 slides40

DLP 2.0

Data leakage prevention (DLP) is a technology aimed at stemming the loss of sensitive information. Our current DLP processes were creating a lot of false positives causing inefficiencies in the process and we also felt reporting to senior management could be improved. We undertook this project with below objectives

1. Reduce false positives and increase coverage

2. Provide useful reporting to management – Contextual information, business level reporting

3. Putting Genpact/Client information to the core of policies

4. Use DLP as a mechanism to make each employee realize the importance of protection of Genpact/Client information

We leveraged DLP not just a technical tool to detect the leakage but also to drive culture transformation and change employee behavior. Using the alerting feature of the software, whenever a user tries to send confidential information on a personal ID (e.g. gmail) he/ she will get a pop-up notification asking him to be sure about the transmission for business purpose – with an option to abort sending or send with a business justification.

cso50 slides41

Asset Management on Steroids [AMOS]

Without identifying the assets, we are forced to make generalized assumptions to apply security as a blanket instead of using a risk-based approach. An oversimplified view of asset management establishes a CMDB (Configuration Management Database), but AMOS (Asset Management on Steroids) goes beyond this by ensuring consistency of information for risk management, business operations reporting, and procurement services. AMOS is a program that forces groups to document their processes, to eliminate information silos, and to establish standards. Ultimately, we will lower risk, save money, and meeting compliance objectives.


Fun fact: We leveraged common psychology (Pavlov’s dog) to get people to show up at our meetings. Famous Amos cookies were distributed during meetings as a reference to the Asset Management On Steroids project.

cso50 slides42

Indian Health Service, Cybersecurity Program

The Indian Health Service (IHS) Cybersecurity Program is an initiative to protect health service data, critical to comprehensive primary health care and disease prevention services to approximately 2.2 million American Indians and Alaska Natives. IHS is the principal federal healthcare provider and health advocate for American Indian and Alaskan Native people, which makes it unique from any other government agency that currently exists. The objective of the IHS Cybersecurity Program is to establish a world-class cybersecurity program in support of a vast healthcare network spanning over 679 hospitals, clinics, and health stations across 38 states and 567 sovereign nations.

The purpose of the project is to strengthen the cybersecurity posture of IHS by establishing an organizational culture of responsible stewardship, promoting governance, providing expertise, and fostering awareness of Tribes to support the improvement and quality of access to care.

cso50 slides43

Modernizing infrastructure security through micro-segmentation

Flowserve provides services to some of the most essential organizations in the nation, including nuclear and military facilities. Physical or cyber attacks on these organizations could be catastrophic, so traditional focus on perimeter security would not suffice. Flowserve needed to modernize its security posture to address future threats and protect heavily regulated production facilities that provide services to nuclear and military facilities, as well as services to other mission-critical commercial environments for the purpose of oil and gas production.

Flowserve decided to leverage micro-segmentation software to isolate its most important and regulated environments through cryptographically enabled virtual micro-segmentation that provides access on a need-to-know basis, and cloaks endpoints from unauthorized users.

cso50 slides44

We ARE Safe - Information Security Awareness and Training

CTCA’s enterprise-wide initiative, “We ARE Safe”, created the perfect avenue for raising awareness and making all employees responsible for patient safety, and thereby, information security. Malicious software or a cyber-attack at CTCA would directly impact patients and their treatment. At CTCA, security technologies protect our assets, but the key defense is educating employees about cyber-attacks and creating a culture of safety. “We ARE Safe” is the framework for addressing incident response through security awareness training. The program develops essential competencies and establishes a process to stay ahead of potential breaches.

cso50 slides45

Develop and implement a comprehensive security solution to prevent, monitoring and control of the transactions in the Internet Banking Service in Banesco Banco Universal

This project involves the implementation of a comprehensive security solution for the prevention, authentication, monitoring and control of financial and non-financial transaction in the Internet online Banking service of Banesco Banco Universal. The project objectives are to prevent and reduce the impact of fraud losses, reputational risk, improve security processes, compliance with regulators and cost savings through the use of intelligent and efficient customer notifications. This solution was developed in a short time, at low cost and with human and technological resources within the organization. This tool was called the Predictive Console.

cso50 slides46

Securing the software development lifecycle (SDLC)

ETS develops, administers and scores more than 50 million tests annually in over 180 countries across 9,000 locations worldwide. ETS developed a systematic and repeatable process that helps the company detect and correct vulnerabilities and security flaws in the software it develops. The project significantly reduced ETS’s security risks by integrating new services and tools into the ETS software development process.

cso50 slides47


The key to successful cyber defense is understanding an attacker’s tactics and techniques. In a huge breakthrough, MITRE has developed an adversary playbook called ATT&CK (Adversarial Tactics, Techniques and Common Knowledge). It’s a way for defenders to fight cyber invaders after they gain access to a network’s perimeter. ATT&CK is the first detailed “battle plan” for understanding how cyber adversaries get into a network, and what they do after they’re in. It helps identify and categorize an intruder’s moves inside the network. In addition, ATT&CK addresses how an organization’s technologies and information can confront the attack.

The overall benefit to organizations using ATT&CK is to have a reference point model to align with their current defenses.

cso50 slides48

Organizational security management

Beebe established a dedicated Security team to focus on all areas of cybersecurity threats, compliance, risk assessment and mitigation, effectively going from 0-100 in a very short span of time. The successes accomplished by the team have resoundingly improved security awareness, threat reduction, and proactive incident response efforts.

One area identified as lacking organizationally was a cohesive and robust security awareness and training program. To that end, in addition to personal, departmental, and community outreach programs, Beebe introduced a phishing assessment program.

cso50 slides49

Data Loss Prevention

A DLP solution is the combination of data classification, business processes, and technology solutions that identifies information that needs to be protected, specifies who should have access to information, defines how information is to be stored and how long to retain it, defines how information can be used by employees, contractors and third parties and specifies how information can be transported outside of the organization.

cso50 slides50

Automated Indicator Sharing

The Automated Indicator Sharing (AIS) initiative allows bidirectional sharing of cyber threat indicators and defensive measures between the public and private sectors at machine speed. Created and managed by DHS, AIS receives, sanitizes, and redistributes indicators and defensive measures, allowing participants to identify and mitigate cyber threats in real-time. These automated processes reduce the amount of required analyst involvement, which dramatically speeds up the rate of exchange. A significant hurdle in this achievement was developing an automated system that assured the protection of sensitive information to prevent violation of the privacy and civil liberties of any individual.

Head over to Facebook to let us know who got snubbed from the CSO50.

Copyright © 2017 IDG Communications, Inc.

Related Slideshows