An Introduction To Pivot Point Security
Upcoming SlideShare
Loading in...5
×
 

An Introduction To Pivot Point Security

on

  • 1,378 views

We Make It Simple to Know You’re Secure and Prove You’re Compliant ...

We Make It Simple to Know You’re Secure and Prove You’re Compliant

Our mission is to simplify the complexities of security information management:

- Focus on the core group of security assessment services you need
- Take the time to understand your business and then optimize our approach for your unique situation
- Deliver reports and guidance that are easily understood and acted on by both management and technical personnel
- Base your assessment and recommendations on trusted, “open” (non-proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System after we leave

Statistics

Views

Total Views
1,378
Views on SlideShare
1,208
Embed Views
170

Actions

Likes
0
Downloads
21
Comments
0

5 Embeds 170

http://www.pivotpointsecurity.com 157
http://www.linkedin.com 5
https://www.linkedin.com 4
http://dev.pivotpointsecurity.com 3
http://www.ask.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

An Introduction To Pivot Point Security An Introduction To Pivot Point Security Presentation Transcript

  • Our mission is to simplify the complexities of securityinformation management: Focus on the core group of security assessment services you need Take the time to understand your business and then optimize our approach for your unique situation Deliver reports and guidance that are easily understood and acted on by both management and technical personnel Base your assessment and recommendations on trusted, “open” (non- proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System after we leave
  •  10+ Years purely focused on Information Assurance • Information Security Management System Assessment (35%)  Design Reviews/Gap Assessments /ISO27001/ Compliance Testing  Experienced with dozens of standards/frameworks • Penetration Testing/Ethical Hacking (40%)  Network/Application/Database/Physical/Social Engineering • Security Information Event Management (25%) • Regional Focus/National Reach
  • Experience • Hundreds of Security Assessment engagements • Personnel Security Experience (12+ years on average ~ 6 years as a team) • Education & Certification (all major certifications relevant to our focus)Results • Focus on communicating results in an understandable/actionable manner • Demonstrable body of successIntegrity • Commitment to doing what is right • Pride in our work product • Respect for our “extended” team • Independence (we sell no products)Intent • Focus on mutual benefit • Straight Talk -- Always
  •  City of New York:  Verizon Wireless • Financial Services  Depository Trust & Clearing • Taxi and Limousine Commission Corporation (DTCC) • City Time • Electronic Justice Project  Bank of New York  Savient Pharmaceuticals Wyndham Worldwide  County of Sussex (NJ) Oklahoma Gas & Electric  Pennsylvania Power & Light Barnes & Noble  National Student Time Warner Cable Clearinghouse Bristol Myers Squibb  Woodbridge Township (NJ) NJ Motor Vehicle Commission  Banco Estado of Chile Philadelphia Parking Authority  Target
  •  System Certification &  Incident Response Accreditation (NIST 800-37) • Forensics PCI Compliance  Security Assessments Sarbanes Oxley • Vulnerability Assessments • Penetration Testing Identity Theft  Internal / External Third Party Attestation  Application  Physical Penetration • ISO 27001/27002 • Social Engineering • BITS • SAS70  Design Reviews • HIPAA • Application  Code Review Risk Assessment • Network • Database • Systems
  •  Information Technology/Security professionals that became auditors (not accountants) Highly experienced – average 12+ years Highly certified – ISO 27001, CISA, CISSP, CEH, CHFI, MCSE, CCNA, OCP, etc. Core team has been together ~ 6 years Consistent commitment to excellence – we are passionate about what we do
  •  Concerns: Protect Critical Data • Passenger Credit Card Data • Passenger, Drivers, & Owners Privacy • Advertising, Entertainment, & PSA Feed Key Challenges • Highly Complex Solutions  In-Cab Architecture  Wireless & GPS Architecture  Multiple Data Centers Taxicab Security Presentation http://s.pvtpt.com/TaxicabSecurity  Web Applications to service TLC, Drivers, Owners • A “moving” target (13K of them) • 4 Unique Vendor Solutions • Accountability
  • for leading US Electrical Utility Company“The problem wasn’t a lack of guidance, rather it was an overabundance of guidance.” -John Verry, Principal Consultant Over 20 Standards to Consider Testing of Hard to Secure Distributed Environments  Radio Networks  Smart Meters  In-Home Devices  Command Response  SCADA Systems Electrical Utilities: Information Security Blackout http://s.pvtpt.com/InfoSecBlackout
  •  Major PA Electrical Utility • SIEM Solution Implementation (Novell Sentinel) Major Regional Transmission Organization (RTO) • Network, Application & Physical Vulnerability Assessments / Penetration Testing • WLAN Assessments
  •  Burlington County Bridge Commission (NJ) • Concerns: Segregation and Protection from EZ-Pass Systems • Vulnerability Assessments / Network Architecture Assessments NYC Financial Information Services Agency (FISA) • Concerns: Security of Personally Identifiable Information (PII) of NYC’s 400k Employees • eHire: Implementation of PeopleSoft Recruiting Software Across all NYC Agencies NYC Department of Finance (DOF) • Concerns: Security of an $8 Billion eCommerce Application with Payment Card Industry (PCI) Compliance • NYCSERVE: Online Payment System
  •  Sussex County (NJ) • Concerns: Managing Personally Identifiable Information (PII) and HIPAA Regulations for New Jersey Consumer Affairs • Vulnerability Assessments / Penetration Testing • ISO 27001 Gap Analysis & Implementation Leading to ISO 27001 Certification Woodbridge Township & Board of Education (NJ) • Concerns: Collapsing Network Infrastructure and Protecting from Malicious Individuals  Education  Law Enforcement  Taxes  Etc. • Incident Response / Vulnerability Assessments / Penetration Testing
  •  Testing of Hard to Secure Distributed Environments  Radio Networks  Smart Meters  In-Home Devices  Command Response  SCADA Systems
  •  New Jersey Based New Jersey SBE Type 2 Backdrop Services Contracts • NY State OGS • NJ Administrative Office of the Courts • WSCA (Western States Contracting Alliance) 90% of Projects $6-30k, Falling Under Direct Purchasing Authority (DPA)