Data Security Audit for Major Toll Highway Authority
Starting in April 2014, one of the nation’s largest tolling authorities contracted with SDI to commission and lead a security audit of the organization’s complete technical environment.
The Authority asked SDI to assess, document and make recommendations on its environment, with the objective of identifying the Authority’s vulnerability to network-based attacks for the purpose of stealing data or causing harm.
The scope of the audit included both the production based PCI environment (RITE system) and the corporate network and application environment (i.e. email, file services, etc.). Over the span of two months, and for the purpose of diversity and completeness, SDI contracted with two data security firms to conduct the audit.The multidimensional assessment included the following phases:
- Vulnerability Scanning
While each data firm completed different types of assessments independently of each other, both firms came to similar conclusions in regards to the vulnerability of the Authority’s overall threat profile. SDI detected 24,572 vulnerabilities in the Authority’s technical environment. After those vulnerabilities were identified, SDI worked with the Authority to remediate all technical issues that were discovered, establish a formal IT strategy, and determine what security tools or services are required and establish a project outline and timeline to procure and deploy.