CSO50 2017: A step ahead of the threats

The CSO50 awards honor innovative security projects that demonstrate thought leadership and outstanding business value.

cso50 intro
Steve Traynor

Each year, the CSO50 awards honor organizations for a security project or initiative that demonstrates innovation and outstanding business value in security. Winners will be recognized in a ceremony that will take place at the CSO50 Conference + Awards, on May 1-3, 2017 at The Scottsdale Resort at McCormick Ranch in Scottsdale, Ariz. Below is the list of our 2017 winners.

Voya Financial
Proof of information security

The financial services industry’s information security practices are under tight scrutiny by auditors, regulators, clients and vendors. Voya Financial faced increasing challenges to provide security information and evidence to these groups in an efficient manner while maintaining quality and consistency.

Voya implemented a tool called GEAR (Guidance for Evidence, Artifacts and Responses), a highly searchable database for internal auditors that provides accurate and current information, and gives Voya an end-to-end view of its control posture and compliance with policy.

Prior efforts to create the database focused primarily on the questions that auditors might ask. Different auditors could word the question differently, resulting in individualized responses. The new approach focuses on the answers – taking the position that controls are what they are. If Voya understands the control being asked about, it can supply the answer quickly and easily.

Project leaders say the tool has sparked a significant culture change within the audit reponse team as it moves away from “reacting to audits” to proactively reporting on the effectiveness of controls.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)