Cigna's Craig Shumard: One Man's Security MissionCigna's Craig Shumard: One Man's Security Mission
This security chief has his hands full locking down all the personal data that flows through a big benefits provider's operations. We spend a day with him finding out just how he does it.
May 11, 2007
LONG DAY'S END
The day is in the homestretch. Shumard meets again with Shepard and Marc Brown, Cigna's manager of IT operations. They review 26 security-related IT projects, including backup tape encryption, software for cleaning up temporary files, and e-mail encryption services.
Shumard inquires whether a vendor--unnamed at his behest--has included anti-spyware in the latest version of its software. Neither Brown nor Shepard knows. "Have you made sure they know we're not happy with them?" Shumard asks. "The riot act was read," Shepard responds.
Then, as promised, Shumard asks Brown to follow up on Lee's spam concern by creating a list of who's receiving the most spam in the company. "We have people who sign up for stuff but don't check off that they don't want to be contacted by that vendor for other products, so we wind up having to change their e-mail addresses," Shumard says. His BlackBerry buzzes several times, but he doesn't even glance at it. Brown has his full attention until the meeting breaks shortly before 4:30.
It's back upstairs to his office for a couple of hours of answering e-mail and voice mail before heading to the Marriott at Hartford's Bradley International Airport for the night. At his desk, Shumard acknowledges that all of his work and planning would go for naught without the full cooperation of Cigna's employees.
"We're only as strong as our weakest link," he says, "and the weakest link is the person who doesn't know what they're doing." That person might carelessly toss a document with a customer's name and other personal data on it, rather than shred it, or send an unencrypted e-mail containing someone's personal information to a colleague or business partner. Stopping this sort of carelessness, along with malicious insiders and hackers, is what the endless meetings, countless discussions, and the persistent attention to every detail are all about.
Continue to the image gallery:
Cigna's CISO Craig Shumard Continue to the sidebars:
PayPal's CISO's Psychological Warfare,
Mozilla's Window Snyder: A CISO With A Different Agenda
PCI Standard Drives Some CISO's Work This Year
About the Author(s)
You May Also Like
Perspectives on Security for the Board: Edition 3
The New Frontier of Cyber Security: Securing the Network Edge
KVM Switch High Performance Applications with Dominion KX III
Ultimate Guide to Building a Data Governance Program
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend