Security Management Strategies for the CIO
-
Ernest N. Hayden (Ernie), CISSP, CEH, is managing principal, critical infrastructure protection/cybersecurity with Verizon. He has extensive experience in the power utility industry, critical infrastructure protection/information security, cybercrime and cyberwarfare. His primary focus is on supporting customer projects regarding smart grid security, energy supply security, and electric grid security with special emphasis on NERC Critical Infrastructure Protection (CIP) standards. Ernie is a noted writer and speaker on the topic of smart grid security.
Prior to joining Verizon, Ernie was the information security strategic advisor in the compliance office at Seattle City Light. Ernie was also the chief information security officer for the Port of Seattle, one of the nation's largest combined airport and seaport operations.
Previously Ernie held several significant management positions in both the business management and the information security management arenas. He was president and CEO of Bellevue, Wash.-based MCM Enterprise, an advanced sensor technology company for the hydroelectric sector; he was IT security lead for the Seattle Justice Information System in the Seattle Municipal Courts and Seattle Police Department; he was director of security services for Alstom ESCA software; executive director for the Electric Power Research Institute (EPRI) covering Western U.S. and Canadian operations; and commissioned officer in the US Navy qualified as a nuclear engineer and surface warfare officer.
-
Do you have a question for our experts?
Contributions from Ernie Hayden, Contributor
- How to manage compliance as Chief Information Security
- FFIEC security requirements: Physical security management and logging
- Penetration test methodology: Creating a network pen testing agreement
- Privacy laws in the workplace: Creating employee privacy policies
- McAfee update problem: Dealing with bad antivirus DAT f
- Employee compliance: Creating a compliance-focused work
- How to determine the net value of an asset for risk impact analysis
- The cost of an audit: Choosing a competent PCI DSS QSA
- Negotiating an IT security budget for a data loss prevention tool
- How to enforce a USB security policy with support from management
- Credit card data storage: Virtual terminal protocol for PCI compliance
- Gap analysis methodology for IT security and compliance
- Information security program development: Security vs. compliance
- Should national information security standards be enforceable?
- How to update a disaster recovery, contingency planning strategy
- HIPAA password policy: Managing Windows stored usernames and passwords
- SOX data retention policies: What to do with old software archives
- A written information security policy (WISP) example for compliance
- Risk prioritization: DLP for data loss or laptop full disk encryption?
- Remote webcam security surveillance: Invasion of privacy?