Symantec.com
Partners
About Symantec
cartCart
  CIO Digest Logo  
  Current Issue
 | 
 Back Issues
 | 
 Subscribe
 | 
 Advertise
 | 
 Online Only
 | 
 About
 | 
 Contact

Craig Shumard, Senior Vice President, Information Protection, CIGNA

Scuttling Scalawags

CIGNA's Craig Shumard on battling 21st-century pirates

On the 11th day of February 1794, two years after the Insurance Company of North America (INA) was formed in Philadelphia, the United States Senate held its first-ever open session. The first marine insurance company in the fledgling democracy, INA issued its first life insurance policy to Captain John Collett, a private, master, and merchant seaman. The policy would pay benefits to Collett's heirs should he perish at sea or meet an untimely fate at the hands of Barbary Coast pirates as he made his way from America to London and back.

More than 200 years later, the insurers and employee benefits providers at CIGNA (company heir to the INA legacy) are protecting their clients from pirates of a different kind: those who plunder data in the ocean of cyberspace. "The pirates we're battling today," explains Craig Shumard, CIGNA's senior vice president of information protection, "are the trusted users. As the technology environment has evolved, it's becoming less about viruses and hackers (though these still warrant vigilance) and more about our trusted users, our business partners, the people we're doing business with and how they care for sensitive information." A constantly changing global economy and the increased incidence of organized criminals trading in black market data also contribute to the challenges Shumard and other information security executives face.

I'm OK, You're...?

With the protected health information (PHI) of 9 million members and the brand reputation of a US$16.7 billion-per-year enterprise at stake, ensuring the trustworthiness of the IT infrastructure and protecting data are top priorities. To this end, Shumard and his team have developed some resilient and broad-reaching information security protection policies and procedures.

"We conduct business with several thousand third parties, so we created an extensive process to vet and triage those organizations that access, store and/or process our information," Shumard says. "For those handling the most sensitive information, we perform security reviews at their sites to ensure their processes are effective and up to our standards."

Measure. Improve. Repeat.

"We recognized before a lot of folks how important cybersecurity was going to be and began looking at the issues and investing in how to address them," Shumard recalls. "I was asked to establish a risk-based model that ensured we focused on aligning our security efforts with the business risks, that we offered cost-effective solutions to protect our information assets, that we had metrics to gauge our progress, and that we made security awareness a high priority.

1 2 3 4 next>>


Article Finder
>



TOP ENTERPRISE LINKS

ENTERPRISE RESOURCES
Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2007 Symantec Corporation