Accomplishments at Principal Financial Group                                                         
Rebecca helped build Principal Financial Group's (PFG) Information Protection department and
functions.  As a result of her efforts, PFG was awarded the Computer Security Institute Outstanding
Information Security Program of the Year award in 1998.  While at PFG, Rebecca:

  • Developed the corporate anti-virus strategy including a risk identification and mitigation process.  
  • Participated in new systems and application development projects to identify information security risks, then recommended and oversaw the
    implementation of controls to address the identified risks.
  • Developed the corporate strategy to identify and control the use of modems.
  • Created the Internet access strategy and the accompanying procedures for establishing and updating the Internet firewall settings.  Developed a
    quarterly and yearly report analyzing and evaluating the state of information security within the organization. Distributed the report to appropriate
    managers and executives.
  • Developed the strategy for non-employee access and risk reduction.
  • Developed and established e-commerce security requirements to reduce risks in web applications.
  • Created the information protection awareness and training strategy, framework and program aligned to business objectives.  Rebecca included
    training and awareness activities covering applicable laws and regulations.
  • Met regularly with corporate leaders and management to explain information security objectives and obtain their support and commitment for
    information security activities, technologies and policies.
  • Created the organization's corporate-wide information security and privacy policies and created the roll-out strategy and plan to ensure all
    managers were aware of their responsibilities and that personnel knew, understood and followed the privacy policies and procedures.
  • Created the corporate strategy for protecting customer information that included creating and leading a corporate group of business unit leaders to
    discuss the business goals and objectives for handling customer information in a secure manner that also allowed business objectives to be
    achieved.
  • Performed an analysis of non-employee access to the corporate network and created a non-employee access strategy and policies to support the
    information security program while allowing necessary connections from business partners to securely be established.
  
© 2009 Rebecca Herold & Associates, LLC.  All rights reserved.
 Privacy Policy  
 Email Rebecca Herold
Sign Up For Free Monthly Privacy Awareness Tips
Email:  
For Email Newsletters you can trust