A presentation of the outlay for the action plan required for the security certification plan compliance. Includes the necessary stakeholders and their roles as well as the implementation schedule.

1. Security Certification Plan
Compliance
Washington Metropolitan
Area Transit Authority

2. • The Metro is the second largest and the second busiest transport network in
the US. Reportedly, 1.2 million commuters use the service daily.
• The central command center is responsible for ensuring commuter safety at all
times. The service outage lasting five minutes would result in massive losses.
• It is reported that the command center is chronically understaffed and the staff
ignore the rules. The authority has no formal checklist to vet the staff for their
fitness to serve at the command centers.
• The Metro system relies on a server system that updates data in real time. Any
server downtime that would result in an outage lasting more than five minutes
would cause loss in revenue and cause disrepute among the commuters.
WMATA in Brief

3. • This project seeks to identify the loopholes present in the data
management system within the WMATA servers and recommend the
plans to be implemented to ensure the Metro system complies with the
provisions of the Federal Security Control System.
• Transaction data needs to be backed up very often because every minute
of transaction within the WMATA servers counts toward the revenue
collected. Any loss of data or server time would cause unprecedented
and costly delays.
• Commuter safety comes first; therefore, prolonged server downtimes
cannot be accepted.
Project Scope

4. • Project Manager: Owns the project and oversees the implementation of
recommendations from the stakeholders.
• Chief Financial Officer: Rolls out the funding needed to implement the
recommendations for the system.
• Chief Technology Officer: Oversees the technical implementation of the
actual tasks
• Quality Assurance Officer: Ensures the provided standards are adhered
to and nothing is overlooked.
• Chief Information Officer: Oversees the quality of communication and
data preservation in the servers.
Stakeholder Roles and Responsibilities

5. The Project Outline
Risk Identification Business Function or Process Potential Impact of Business Recovery Time Objective Maximum Time needed to
Recover Operation
Server Outage Real time communication Loss of revenues Back up data every five minutes Five minutes
Data pilferage Data integrity Loss of critical data Implement firewall and close
open ports
Close all open ports
immediately
Virus infection Slowing or taking down the
server
Loss of business due to outage Install an antivirus program Update the antivirus all the
time
Intruders Malicious hackers or terrorists Take control of the system for
malicious intent
Implement strong cyber security
system
Gather intelligence information
all the time

6. • The rush hour (6 – 9 a.m. and 4 – 7p.m.on weekdays) is the most critical time
in the Metro’s timetable. It is critical to ensure that the system remains
operational all the time. In case any of the listed risks is experienced, the
following options may be adopted.
• If all open ports are not closed immediately, data pilferage may occur
resulting in massive losses. The system is connected to the internet.
• If a stronger cyber security system is not implemented, hackers may access
and tamper with the system. There needs to be a stronger intruder detection
system.
• If an antivirus software is not installed and maintained, the system may be
attacked by a virus or a worm with devastating effect.
• If the server goes down for more than five minutes, the system may lose a lot
of revenue due to unprecedented delays in the system. The server should be
always running and the maximum allowable recovery time is five minutes.
Risk Management Plan

7. October November December
Starting the project
Presentation
Final submission
Project Timeline