Tolling Systems Security. Ken Philmus Xerox Transportation Services



Similar documents
Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Web Plus Security Features and Recommendations

Symphony Plus Cyber security for the power and water industries

Corporate Account Takeover (CATO) Risk Assessment

Information Blue Valley Schools FEBRUARY 2015

Fax

How Reflection Software Facilitates PCI DSS Compliance

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

IT Security Procedure

Troux Hosting Options

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

Solutions to Trust. NEXThink V5 What is New?

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Supplier Information Security Addendum for GE Restricted Data

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

IBM Connections Cloud Security

CMS Operational Policy for Infrastructure Router Security

Tk20 Backup Procedure

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

BKDconnect Security Overview

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Document ID. Cyber security for substation automation products and systems

Five keys to a more secure data environment

CBIO Security White Paper

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Tk20 Network Infrastructure

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

QRadar SIEM 6.3 Datasheet

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Your security is our priority

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Introduction to the HP Server Automation system security architecture

Xerox SMart esolutions. Security White Paper

Vendor Questionnaire

Data Security Concerns for the Electric Grid

Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications

Connecticut Justice Information System Security Compliance Assessment Form

PCI Requirements Coverage Summary Table

BM482E Introduction to Computer Security

DiamondStream Data Security Policy Summary

INFORMATION SECURITY PROGRAM

Best Practices For Department Server and Enterprise System Checklist

How To Secure An Rsa Authentication Agent

AUDIT REPORT WEB PORTAL SECURITY REVIEW FEBRUARY R. D. MacLEAN CITY AUDITOR

NERC Alert System Overview

Ovation Security Center Data Sheet

GE Measurement & Control. Cyber Security for NEI 08-09

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

INFORMATION TECHNOLOGY ENGINEER V

PII Compliance Guidelines

Automate PCI Compliance Monitoring, Investigation & Reporting

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

Industrial Security Solutions

Retention & Destruction

PRIVACY POLICY. The effective date of this Privacy Policy is December 15, Last Updated September 29, Overview

Live Guide System Architecture and Security TECHNICAL ARTICLE

Data Stored on a Windows Computer Connected to a Network

Cyber Security for NERC CIP Version 5 Compliance

SUPPLIER SECURITY STANDARD

PCI Requirements Coverage Summary Table

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Getting a Secure Intranet

PCI DSS Reporting WHITEPAPER

Intrusion Detection Systems (IDS)

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.

Kaspersky Security for Mobile Administrator's Guide

Famly ApS: Overview of Security Processes

How To Secure Your System From Cyber Attacks

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

PCI DSS Top 10 Reports March 2011

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Cyber Self Assessment

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

IT Security and OT Security. Understanding the Challenges

Research Information Security Guideline

Cisco Advanced Services for Network Security

A Decision Maker s Guide to Securing an IT Infrastructure

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

Network and Security Controls

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

INSTANT MESSAGING SECURITY

Transcription:

Tolling Systems Security Ken Philmus Xerox Transportation Services Page 1 8/25/2015

Tolling Systems Security Must Be at Every Step and Overall Images sensor data Lane Controller Transactions images OPR results Transponder files Employee file Fare tables ITS interfaces Toll Collection Point ORT Monitor and Audit Transactions images OPR results Transponder files LPR/VSR Processing Human image review on low conf./first time Human review results Plate match Image Review Clerk Post Image Toll MVA or State DMV License plate, state, and type DMV name/address Back Office System Transponder match Post Toll Toll Bill or NOI Toll bill/ NOI payments TOR Page 2 8/25/2015

Three Layers of Controls and Protection Application and Data Firewalls and software security patches Servers MacAfee Anti-virus, File integrity monitoring, and applying security patches Network Intrusion detection, Virtual Firewalls Security Features and Controls are Implemented at Each Layer of the System Page 3 8/25/2015

First and not to be Forgotten - Physical Security Physical access controls (Door access and monitoring via CCTV) for cabinet areas Collector Terminals in cash/electronic lanes require proximity cards to obtain access Lane equipment cabinets are physically locked and electronically monitored Digital video and audit cameras in place and monitored Proximity or Smart Cards are used to obtain access to building and all sensitive areas Page 4 8/25/2015

System Infrastructure Security System Architecture Design Separated software environments in another three-tier architecture with the Agency and personal data isolated and secured Display Interfaces for collector and/or Plaza supervisor screens Business layer logic on how to interpret the data received from equipment Data layer Transaction data stored in the file or database Isolated networks are implemented and limited Protect lane controller and transaction data from unauthorized access within the agency and from various contractors Restrict unauthorized access to lane controller or cameras from agency network Server Security Operating System elements are hardened with appropriate vendor security patches, Anti-Virus software and other monitoring software Service accounts (Used for running jobs and application) are not generally granted direct logon Access to servers is monitored and alerted based on policies such as logon failures and access to critical server file systems Page 5 8/25/2015

Application Software Security Software Security for Lane, Plaza and Host Vendor recommended security patches and updates are installed for all 3rd party software System access is controlled through a centralized directory service (Active Directory / LDAP) and based on user/group/role Network access to lane controllers is encrypted using secure encrypted shells Daily updates to all work stations through centralized patch management servers All browsers support latest security protocols Page 6 8/25/2015

Data Exchange between Lane / Plaza / Host All file transfers to / from Lane Controllers (i.e. File Downloads/ uploads) are encrypted Real-time messages use two levels of secured web service connections Image transfers use secure protocols to copy files File integrity before and after exchanges is done via MD5 Checksums for binaries, configuration files and system directories such as for fare and toll schedules and lane software User Interface to lane and other plaza / host functionality is via browsers that support latest security protocols Sensitive personal information for all agency employees(collector name and pin/password information) is secured in the database using encryption techniques Page 7 8/25/2015

Benefits of Secure System Protect driver information, credit info and images Minimize risk of data loss that could lead to loss of revenue to the agency Prevent Interference in dynamic pricing algorithms calculating real-time traffic Protect loss of agency employee (toll collector and/or supervisor) personal information Travelers see correct, timely fare and message info on any variable message displays Maintain accuracy of tag and toll fare files on lane controller Mandated Compliance through Annual Third-Party, In-Depth Security Assessments Page 8 8/25/2015

Ken Philmus Senior Vice President Ken.philmus@xerox.com +1 732-688-2489

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information