Example Cases

Leadership and Organizational Issues
Governance, risk and compliance Fiserv's GRC process and software implementation (2012) GRC is a process, not a technology. Fiserv identifies the benefits and challenges of its GRC work.

Alignment with corporate mission and profitability Dunkin' Brands security focuses on making dough (2010) Aligning corporate security with corporate priorities makes everyone's fortunes rise. A look behind the counter at Dunkin' Donuts' parent company. [Full article requires Insider registration.]

E-discovery NBC Universal takes e-discovery inhouse (2010) NBC Universal saw requests for e-discovery services soar in just a few years. The company's CISO, Jonathan Chow, knew there had to be a more efficient and cost-effective way to handle it.

Digital and Physical Security Convergence:  Constellation Energy (2005) What does it take to make security convergence happen? One secret is to sneak up on it, the way Constellation Energy did, by seeming to be doing something else entirely.

Enterprise Risk Management: All systems go at Georgetown University (2010) ERM might seem a lofty concept, but Georgetown University provides an example of turning that concept into specific systems and projects that reduce risk.

Information Risk Management:  Harland-Clarke Rechecks Risk Management (2007) New security program adds more systematic processes for evaluating, prioritizing and mitigating risk.

Departmental Organization: Reinventing T-Mobile's Security Function (2006) T-Mobile needed to reinvent its security function, so it recruited a veteran team to shape a new asset protection division. The goal: Inject risk calculations into every business decision.

Safety and Community Relations:  Boston's Infectious Disease Research Lab (2006) When controversy hit, Kevin Tuohey became the public face of a high-profile plan to study deadly diseases in Boston. To succeed, the security director would have to become part diplomat, part great communicator.

Security Metrics, Budgets and ROI
Cost management:  IT security on a shoestring budget (2011) Michael Dent, CISO of Fairfax County Government in Virginia, created an enterprise-wide IT security program with a fraction of the budget he wanted.

Budgeting, Metrics and Security Value:  American Water (2006) How American Water's Bruce Larson uses a simple metric to build bridges with business partners and justify security spending at the same time.

Project ROI:  Digital Video Surveillance at Intel (2005) Allen Rude, security manager at Intel, invested more than four years in an ROI study to justify the cost of digital video surveillance.

Threats and Defenses
Situational Awareness:  Inside the new World Trade Center (2011) Louis Barani leads the construction of an integrated system to help identify security and safety issues by connecting the dots faster.

Cloud security: More tales from the cloud (2011) Challenges and solutions at three companies moving into cloud-based IT services: Identity management: How DTCC took on ID management (2011) A look at why DTCC deployed identity and access management software from Hitachi ID Systems to automate its password management processes.
 * Mohawk Fine Papers
 * BuildFax
 * Inavero

Access control:  Policy-based access control at a university (2010) One school's approach to maintaining security in an open environment.

Virtualization Security:  Virtual Server Security at Schwan Foods (2010) When it comes to sampling innovative technology, Schwan Foods, a multibillion-dollar frozen food producer, digs right in.

DDOS and Online Extortion:  How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack (2005) Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. [Also read What it's like to get hit with a DDoS attack (2010)]

Fraud:  Anatomy of a Fraud (2004) Most fraud victims clam up. In this check-tampering case, the victim-a small-business owner-decided to speak out. The resulting cautionary tale offers a rare, detailed look into the mechanics and psychology of fraud. And its aftermath.

Phishing and Incident Response: Midsize Bank (2005) What happens after a phishing attack? Here's one midsize bank's phishing incident response plan.

Product Counterfeiting:  Drug Busters: Novartis (2005) Novartis deploys a global team to track down counterfeit drugs and help authorities prosecute counterfeiters.

Video Surveillance:  Surveillance Cameras at Secaucus Junction (2005) New Jersey Transit's new station finds additional benefits in its security cameras.

School Security:  Securing the Suburban High School (2007) Privacy, safety, security and budgeting considerations collide.

Business Continuity
Crisis Communication: Gale Global Facilities Services (2006) With good planning, Web and mobile technologies can help find and inform employees in the event of a disaster. A global company shows how.

Simulations and exercises: USAA's Disaster Drill: Practice Makes Perfect (2003) As one of the nation's largest insurance companies, USAA is in the business of managing risk. So it makes sense that the company uses exercises, simulations and drills to learn how to respond in the event of a disaster.