Goverance Gauge: Security Drives Compliance at Chevron - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
News
11/16/2005
12:55 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Goverance Gauge: Security Drives Compliance at Chevron

On its way to becoming the fifth-largest energy company in the world, Chevron made its share of acquisitions, inheriting dozens of technology platforms and applications in the process.

On its way to becoming the fifth-largest energy company in the world, Chevron made its share of acquisitions, inheriting dozens of technology platforms and applications in the process. At the start of the decade when its purchase of Texaco loomed, Chevron needed more consistent IT standards and practices to make sense of complexity. The resulting IT risk management initiative is helping the company meet a range of compliance demands around the globe.

In 2001, Chevron adopted the Enterprise Security Architecture System (ESAS), an IT risk management framework developed by PricewaterhouseCoopers and since spun off to Brabeion Software. The Web-based system has helped Chevron define IT policies, standards and controls. Chevron's information security policy sets high-level guidelines for treating information as a corporate asset in compliance with laws and regulations. Multiple standards support each policy. So, for example, Chevron's companywide standard for passwords is eight alphanumeric characters that change every 90 days. Technical details are left to controls detailing how to support the standards within, say, Windows or Unix.

"With every advance of software and new means of communication, we go back to ESAS and update what is, in effect, our security strategy," says Jay White, Chevron's global information protection architect.

Chevron has used ESAS to set policies and standards for everything from encrypting sensitive information to preventing or recovering from IT systems failures. Associated business risks range from financial losses and negative publicity to loss of life and environmental damage.

Chevron now has some 85 pages of standards and more than 1,500 pages of technical controls that have helped it comply with existing mandates and emerging regulations. "When the Sarbanes Oxley Act emerged, we already had a set of controls in place and being enforced, so all we had to do was align those specific controls back to the SOX Section 404 requirements."

— Doug Henschen


IT Governance and Globalization: How to Halt Chaos

At the CA Niku 2005 Global User Conference in November, Rick Davidson, Manpower's SVP and Global CIO offered a hard-boiled definition of governance: "a feeble attempt to deny the laws of physics." He was talking about entropy, the always increasing measure of disorder in a system. Manpower, which does most of its business outside the United States, is using CA's Clarity (formerly Niku) tools to halt entropy and gain visibility and control over global software development. "We have a rational process of deciding what ought to be done," says Davidson.

Identity Theft And New Laws Drive Software Demand

Led by California, state legislatures are responding to rising costs and damages caused by identity theft. The Federal Trade Commission says that the problem affects 10 million Americans every year at a staggering cost of $52.6 billion (in 2004). Vericept, focused on information protection and misuse prevention, has introduced software to help businesses comply by tracking, monitoring and controlling Internet-based transmissions of personal information.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll