Winning formulas in IT security

Last week I had the pleasure of presenting the first of a new breed of SC Award that rewards excellence in IT security.

While in the US or UK the SC Awards are handed out to suppliers on the basis of months of exhausting product evaluations undertaken by a panel of experts, I'm hoping our local Award can mirror the work we've done over the past few years on the iTnews Benchmark Awards, where we recognise technology leaders on the basis of their innovative use of IT or on the success of their projects.

We call for nominations, we vet them with executives and direct reports, and we put the finalists before a panel of their peers for a final vote.

To kick things off for the Australian SC Award, we polled about 40 of the nation's top CIOs with a set of criteria for putting their CSO or IT security manager forward for an Editor’s Choice award. My thanks to McAfee/Intel Security for coming on board to sponsor this inaugural award.

I had the great honour on the night of presenting Troy Braban, CISO at Australia Post, the SC Award, for reasons I went into in some detail on the day after the ceremony.

Today I thought it also worthwhile to list two IT security managers that were Highly Commended on the night, to better illustrate what we’ll be looking for when the awards submission and voting process rolls around again later this year.

The first highly commended was awarded to David Zagorsky, IT Security Manager at ING Direct.

David was put forward by both the bank’s global head of infrastructure and local team. He has had a very busy 12 months. David designed, from the ground up, all security aspects of a radical banking infrastructure consolidation and simplification program, including everything from:

Network segmentation, to
Application and storage security
Access control
Testing
Compliance, and
Security monitoring tools

This came off the back of ING releasing a mobile app that did away with PINs for low risk functions like account balance, and did away with SMS as an authentication factor.

The second Highly Commended was awarded to Matthew Sirotich, service assurance security manager at Businesslink.

Businesslink is a NSW Government shared IT services function that is now being absorbed into NSW FACS (Family and Community Services).

As you might expect, an agency like FACS takes data privacy very seriously. So when it comes to assessing third party service providers that wish to host Businesslink’s applications and services, a great deal of research and due diligence is required.

Matthew developed an exhaustive external service adoption framework to help the agency navigate cloud and other external services, taking into consideration the privacy imperative, the agency’s compliance obligations under state and federal law, and many others. It also sets in place the thresholds that need to be met and boxes that need to be ticked before any such proposition can be approved.