Game on: Case study with Electronic Arts and Allgress

Share this article:
Game on: Case study with Electronic Arts and Allgress
Game on: Case study with Electronic Arts and Allgress

It's anything but a game when adversaries seek to break into the network of gaming company Electronic Arts, reports Greg Masters.

Video game players are used to fending off alien invaders or fierce linebackers and maneuvering past all sorts of obstacles to attain ever more glorious levels of achievement.

But, back at the drawing board where these challenges are dreamed up, the IT staff at Electronic Arts (EA), one of the world's largest gaming companies, faced a new adversary, something so insidious that even its own software developers couldn't have imagined it a few years ago. The tables turned. Or rather, the door opened. And that's because the staff no longer was solely creating digital content and developing entertainment. With its global headquarters in Redwood City, Calif., and facilities all over the world where more than 9,000 employees keep the action going, the need to reduce cyber risk within its own environment became a priority.

That is, somewhere out there lurking in the nether regions, enemies were at the gate. Perhaps having already mastered the tactics of a skilled video game player, growing legions of attackers are turning their focus away from the game console and applying their talents to penetrating inner sanctums from which they can derive real treasure in the form of intellectual property.

The company faced a need to make good investment trade-off decisions around security and risk management, says Eddie Borrero (left), director of security and risk management at EA, who joined the company a year ago to lead management of EA's cyber threat management and IP protection programs.

"In today's world, security executives need to be able to align their investments with business goals and be able to show that there is some sort of return – be it risk reduction, business enablement and or financial savings," says Borrero, who previously led security and risk management strategy at Pacific Gas and Electric and served a CISO role at Robert Half International, a global staffing firm.

Borrero and his IT department, consisting of 900-plus employees, began the process of identifying, measuring and communicating the cyber risks the firm was facing so smart risk mitigation investment decisions could be put in place, he says. "In addition, we really needed to be able to show our business owners that the investments we are making are a value-add and have actual benefits that will support our overall business goals and objectives."

A number of executives were involved in reviewing and approving the cyber risk framework his team was using to articulate and measure cyber risks, but only his IT and security teams were involved in deciding on a solution to automate and support the company's risk framework process.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in Features

Sign up to our newsletters

More in Features

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

Forward progress: How the Denver Broncos really play defense

Forward progress: How the Denver Broncos really play ...

Off the field, demand for bandwidth and protection from network threats set the ball in motion for the Denver Broncos. Greg Masters reports.

Smart defense: A talk with industry veteran Gene Fredriksen

Smart defense: A talk with industry veteran Gene ...

Today's CISO must stay ahead of attackers, says Gene Fredriksen, CISO at PSCU. Teri Robinson talks one on one with the industry veteran.