Hamilton Square, NJ (PRWEB) September 20, 2009
On September 14, 2009, John Verry (CISA), Principal Enterprise Security Consultant at Pivot Point Security (Hamilton, NJ), addressed a gathering of international transportation regulators at the 22nd annual conference in New York City. The conference attendees, who came from all across the US and Canada, and as far away as the United Kingdom, were formally welcomed by IATR President, Malachi Hull of Atlanta and President-Elect Matthew Daus of New York City.
The feature presentation on Monday (9/14/09) shone a spotlight on the New York City Taxi and Limousine Commission's (NYC TLC) T-PEP program. Ira Goldstein, Chief of Staff of NYC TLC, facilitated speakers and panels, including Pivot Point Security (http://www.pivotpointsecurity.com), who addressed the myriad of components that comprise the city's Taxicab Technology Passenger Enhancement Program
Because T-PEP processes/transits data that is subject to Personally Identifiable Information (PII) and Payment card Industry (PCI) standards, security is critical. Focusing on the Key Challenges faced by transportation regulators, Verry explained the approach that was leveraged.
The approach emphasized:
- Understanding the risks to Owner, Driver, and passenger data
- Communicating Security Requirements to technology vendors (leveraging 3rd party standards wherever applicable: PCI, ISO 27001 (http://www.pivotpointsecurity.com/-iso-27001/), OWASP)
- Accrediting Systems into Operation via security testing
- Governing the ongoing operation
Verry wrapped his presentation by reminding the regulators that enforcing change control is critical. "Because technology, regulations, and threats evolve," Verry said, "You can never rest on today's solutions. Remember, you're in it for the long haul!"
To download a copy of the presentation click on the link below:
About Pivot Point Security
Pivot Point Security is a boutique information assurance firm providing independent and objective information security expertise to our varied client base. Our policy of not selling product and our absolute focus on four core practice areas; Security Assessments, Ethical Hacking, Compliance Assessments, and Security Information Event Management (SIEM) ensures that we have the highest possible levels of competence and independence. PPS currently consults on transportation regulation projects and welcomes inquiries. Visit us at http://www.pivotpointsecurity.com