Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
- john doe on An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)
- Adam Shostack on PCI DSS Position on Patching May Be Unjustified
- Jens Laundrup on PCI DSS Position on Patching May Be Unjustified
- Kris on Medical Identity Theft: Your Money or Your Life
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Draining the Swamp written by Patrick Foley
After career path that wound through journalism, secondary school administration and coaching, Pat Foley, while managing several customer service groups in Harvard University’s financial administration, began an increasing involvement in solving business challenges by linking extended technology with better transparency of business intelligence and enhanced operational processes. Several positions managing and implementing enterprise technology projects followed until he became the Program Manager for Fidelity Investments’ fledgling identity management program in 1999.
Armed with a management mandate to deploy a universal identifier, Pat worked closely with a small, talented technical team and an a large number of initially bemused business stakeholders to extend the CorpID program across Fidelity’s global reach and in three years had provided the “one number that does it all” for the widely distributed and diversified financial services firm.
Once CorpID was fully deployed, Pat became, first, the Principal Information Security Risk Analyst and later, Technical Risk Advisor for FMR Co., Fidelity’s investment arm. In these roles, Pat conceived, designed, documented and oversaw the delivery of an integrated access control tool called ARROW that combined fine-grained authorization for Web and fat client applications, databases and an AS400. ARROW enabled on-line access certifications, collected resource metadata and managed the company’s RBAC program.
After leaving Fidelity in 2006, Pat worked briefly in Symantec Corporation’s consulting group before becoming Senior Manager of Access Control and Risk Assessment at Starwood Hotels and Resorts Worldwide where he was involved in securing SOA deployments, identity management, data protection, and application and vendor risk assessments. He is now Director of Global Technology Compliance for Starwood and Program Manager of the Payment Card Industry (PCI) technology remediation program currently underway there.
Pat, his wife, Judi, and daughter, Micaela, live in Milton, MA, near Boston.
Crossing the Metrics Rubicon: Quest for the Perfect Measurement
July 18, 2008 – 6:00 am
–
Security metrics represent a great untamed wilderness for organizations trying to determine both their risk profile and the effectiveness of the resources they have allocated to their security program. When I first became a security person after a career managing customer service, finance, and…
Provisioning: Security’s First Step to Measuring Organizational Impact
July 8, 2008 – 6:00 am
–
Security is often accused, occasionally with merit, of being an obstacle to an organization’s business. While the drumbeat of cyber threats has at least raised the technology risk consciousness of many business managers, security professionals still have the challenge of quantifying how big an…
RBAC For More
June 20, 2008 – 6:00 am
–
Organizations that face significant regulatory scrutiny — or have large numbers of disparate systems containing highly sensitive data — are most likely to have, or at least to need, Roles-Based Access Controls (RBAC). These organizations are usually trying to accomplish two ends by…
R U RBACing?
June 5, 2008 – 6:00 am
–
Roles-Based Access Control is so basic a security control, like keeping your anti-virus definitions updated, that it hardly seems worth discussing. Even the least security-minded among us are unlikely to question the motherhood and apple pie concept of only giving associates those tools required…
The Final Step in a Homegrown IDM Solution (pt. 3) - So, let’s start hammering
May 29, 2008 – 6:00 am
–
To recap briefly, we have identified and analyzed all our primary sources of user data and the system and service providers who consume those data. We have funding, developers, and a project plan to follow. We understand our provisioning process, have identified or built a directory of user…
