Our mission is to simplify the complexities of securityinformation management:   Focus on the core group of security asse...
   10+ Years purely focused on Information Assurance    • Information Security Management System Assessment (35%)        ...
Experience   • Hundreds of Security Assessment engagements   • Personnel Security Experience (12+ years on average ~ 6 yea...
   City of New York:                      Verizon Wireless    •   Financial Services                 Depository Trust &...
   System Certification &           Incident Response    Accreditation (NIST 800-37)       • Forensics   PCI Compliance...
   Information Technology/Security professionals that    became auditors (not accountants)   Highly experienced – averag...
   Concerns: Protect Critical Data    • Passenger Credit Card Data    • Passenger, Drivers, & Owners Privacy    • Adverti...
for leading US Electrical Utility Company“The problem wasn’t a lack of guidance, rather it was an overabundance of guidanc...
   Major PA Electrical Utility    • SIEM Solution Implementation (Novell Sentinel)   Major Regional Transmission Organiz...
   Burlington County Bridge Commission (NJ)    • Concerns: Segregation and Protection from EZ-Pass Systems    • Vulnerabi...
   Sussex County (NJ)    • Concerns: Managing Personally Identifiable Information (PII) and HIPAA      Regulations for Ne...
   Testing of Hard to Secure Distributed Environments        Radio Networks        Smart Meters        In-Home Devices...
   New Jersey Based   New Jersey SBE Type 2   Backdrop Services Contracts    • NY State OGS    • NJ Administrative Offi...
An Introduction To Pivot Point Security
An Introduction To Pivot Point Security
Upcoming SlideShare
Loading in …5
×

An Introduction To Pivot Point Security

1,327 views
1,186 views

Published on

We Make It Simple to Know You’re Secure and Prove You’re Compliant

Our mission is to simplify the complexities of security information management:

- Focus on the core group of security assessment services you need
- Take the time to understand your business and then optimize our approach for your unique situation
- Deliver reports and guidance that are easily understood and acted on by both management and technical personnel
- Base your assessment and recommendations on trusted, “open” (non-proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System after we leave

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,327
On SlideShare
0
From Embeds
0
Number of Embeds
186
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

An Introduction To Pivot Point Security

  1. 1. Our mission is to simplify the complexities of securityinformation management: Focus on the core group of security assessment services you need Take the time to understand your business and then optimize our approach for your unique situation Deliver reports and guidance that are easily understood and acted on by both management and technical personnel Base your assessment and recommendations on trusted, “open” (non- proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System after we leave
  2. 2.  10+ Years purely focused on Information Assurance • Information Security Management System Assessment (35%)  Design Reviews/Gap Assessments /ISO27001/ Compliance Testing  Experienced with dozens of standards/frameworks • Penetration Testing/Ethical Hacking (40%)  Network/Application/Database/Physical/Social Engineering • Security Information Event Management (25%) • Regional Focus/National Reach
  3. 3. Experience • Hundreds of Security Assessment engagements • Personnel Security Experience (12+ years on average ~ 6 years as a team) • Education & Certification (all major certifications relevant to our focus)Results • Focus on communicating results in an understandable/actionable manner • Demonstrable body of successIntegrity • Commitment to doing what is right • Pride in our work product • Respect for our “extended” team • Independence (we sell no products)Intent • Focus on mutual benefit • Straight Talk -- Always
  4. 4.  City of New York:  Verizon Wireless • Financial Services  Depository Trust & Clearing • Taxi and Limousine Commission Corporation (DTCC) • City Time • Electronic Justice Project  Bank of New York  Savient Pharmaceuticals Wyndham Worldwide  County of Sussex (NJ) Oklahoma Gas & Electric  Pennsylvania Power & Light Barnes & Noble  National Student Time Warner Cable Clearinghouse Bristol Myers Squibb  Woodbridge Township (NJ) NJ Motor Vehicle Commission  Banco Estado of Chile Philadelphia Parking Authority  Target
  5. 5.  System Certification &  Incident Response Accreditation (NIST 800-37) • Forensics PCI Compliance  Security Assessments Sarbanes Oxley • Vulnerability Assessments • Penetration Testing Identity Theft  Internal / External Third Party Attestation  Application  Physical Penetration • ISO 27001/27002 • Social Engineering • BITS • SAS70  Design Reviews • HIPAA • Application  Code Review Risk Assessment • Network • Database • Systems
  6. 6.  Information Technology/Security professionals that became auditors (not accountants) Highly experienced – average 12+ years Highly certified – ISO 27001, CISA, CISSP, CEH, CHFI, MCSE, CCNA, OCP, etc. Core team has been together ~ 6 years Consistent commitment to excellence – we are passionate about what we do
  7. 7.  Concerns: Protect Critical Data • Passenger Credit Card Data • Passenger, Drivers, & Owners Privacy • Advertising, Entertainment, & PSA Feed Key Challenges • Highly Complex Solutions  In-Cab Architecture  Wireless & GPS Architecture  Multiple Data Centers Taxicab Security Presentation http://s.pvtpt.com/TaxicabSecurity  Web Applications to service TLC, Drivers, Owners • A “moving” target (13K of them) • 4 Unique Vendor Solutions • Accountability
  8. 8. for leading US Electrical Utility Company“The problem wasn’t a lack of guidance, rather it was an overabundance of guidance.” -John Verry, Principal Consultant Over 20 Standards to Consider Testing of Hard to Secure Distributed Environments  Radio Networks  Smart Meters  In-Home Devices  Command Response  SCADA Systems Electrical Utilities: Information Security Blackout http://s.pvtpt.com/InfoSecBlackout
  9. 9.  Major PA Electrical Utility • SIEM Solution Implementation (Novell Sentinel) Major Regional Transmission Organization (RTO) • Network, Application & Physical Vulnerability Assessments / Penetration Testing • WLAN Assessments
  10. 10.  Burlington County Bridge Commission (NJ) • Concerns: Segregation and Protection from EZ-Pass Systems • Vulnerability Assessments / Network Architecture Assessments NYC Financial Information Services Agency (FISA) • Concerns: Security of Personally Identifiable Information (PII) of NYC’s 400k Employees • eHire: Implementation of PeopleSoft Recruiting Software Across all NYC Agencies NYC Department of Finance (DOF) • Concerns: Security of an $8 Billion eCommerce Application with Payment Card Industry (PCI) Compliance • NYCSERVE: Online Payment System
  11. 11.  Sussex County (NJ) • Concerns: Managing Personally Identifiable Information (PII) and HIPAA Regulations for New Jersey Consumer Affairs • Vulnerability Assessments / Penetration Testing • ISO 27001 Gap Analysis & Implementation Leading to ISO 27001 Certification Woodbridge Township & Board of Education (NJ) • Concerns: Collapsing Network Infrastructure and Protecting from Malicious Individuals  Education  Law Enforcement  Taxes  Etc. • Incident Response / Vulnerability Assessments / Penetration Testing
  12. 12.  Testing of Hard to Secure Distributed Environments  Radio Networks  Smart Meters  In-Home Devices  Command Response  SCADA Systems
  13. 13.  New Jersey Based New Jersey SBE Type 2 Backdrop Services Contracts • NY State OGS • NJ Administrative Office of the Courts • WSCA (Western States Contracting Alliance) 90% of Projects $6-30k, Falling Under Direct Purchasing Authority (DPA)

×