Cigna's Craig Shumard: One Man's Security Mission

This security chief has his hands full locking down all the personal data that flows through a big benefits provider's operations. We spend a day with him finding out just how he does it.

Larry Greenemeier, Contributor

May 11, 2007

2 Min Read

LONG DAY'S END

The day is in the homestretch. Shumard meets again with Shepard and Marc Brown, Cigna's manager of IT operations. They review 26 security-related IT projects, including backup tape encryption, software for cleaning up temporary files, and e-mail encryption services.

Shumard inquires whether a vendor--unnamed at his behest--has included anti-spyware in the latest version of its software. Neither Brown nor Shepard knows. "Have you made sure they know we're not happy with them?" Shumard asks. "The riot act was read," Shepard responds.

Then, as promised, Shumard asks Brown to follow up on Lee's spam concern by creating a list of who's receiving the most spam in the company. "We have people who sign up for stuff but don't check off that they don't want to be contacted by that vendor for other products, so we wind up having to change their e-mail addresses," Shumard says. His BlackBerry buzzes several times, but he doesn't even glance at it. Brown has his full attention until the meeting breaks shortly before 4:30.

It's back upstairs to his office for a couple of hours of answering e-mail and voice mail before heading to the Marriott at Hartford's Bradley International Airport for the night. At his desk, Shumard acknowledges that all of his work and planning would go for naught without the full cooperation of Cigna's employees.

"We're only as strong as our weakest link," he says, "and the weakest link is the person who doesn't know what they're doing." That person might carelessly toss a document with a customer's name and other personal data on it, rather than shred it, or send an unencrypted e-mail containing someone's personal information to a colleague or business partner. Stopping this sort of carelessness, along with malicious insiders and hackers, is what the endless meetings, countless discussions, and the persistent attention to every detail are all about.

Continue to the image gallery:
Cigna's CISO Craig Shumard Continue to the sidebars:
PayPal's CISO's Psychological Warfare,
Mozilla's Window Snyder: A CISO With A Different Agenda
and
PCI Standard Drives Some CISO's Work This Year

About the Author(s)

Larry Greenemeier

Larry Greenemeier

Contributor

See more from Larry Greenemeier
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Bald eagles, eagle in flight.
Cyber Resilience
9 Ways CISOs Can Stay Ahead of Bad Actors9 Ways CISOs Can Stay Ahead of Bad Actors
byLisa Morgan
Jul 24, 2024
9 Slides
Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.
Data Management
How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?
byCarrie Pallardy
Jul 22, 2024
11 Min Read
CrowdStrike Holdings, Inc. logo is displayed on a smartphone screen.
Cyber Resilience
CrowdStrike Aftermath: Lessons Learned for Future RecoveryCrowdStrike Aftermath: Lessons Learned for Future Recovery
byJoao-Pierre S. Ruth
Jul 24, 2024
6 Min Read
Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI2024 InformationWeek US IT Salary Report
byInformationWeek Staff
Jun 4, 2024
1 Min Read
Digital Security and Threat of a System
IT Leadership
11 Ways Cybersecurity Threats are Evolving11 Ways Cybersecurity Threats are Evolving
byLisa Morgan
Jun 13, 2024
11 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports