MASS_27

MassTransit_February_2017

Leigh Weber, CISSP is the principal with Cybersecurity Analysis Ltd. FEBRUARY 2017 | MassTransitmag.com | Mass Transit | 27 ightmares IS YOUR AGENCY PREPARED FOR: • Relentlessly being the punching bag for all news cycles and in social media • Security breach leading to unknown reliability in fi nancial and operational information • Unreliable transit schedules — riders and operators do not know where to be or when • Being unprepared for fi nancial disruption — staff lose faith in management Protect and Serve Your agency has many programs to ensure rider safety and system reliability. What should your program include to protect the agency and rider information? RISK AWARENESS: • Your developer/vendor must brief your agency about vulnerabilities, known and potential, for the app and its underlying operating system. Smartphone vendors attempt to secure the devices, yet there are vulnerabilities. When the risk(s) exceeds the usefulness, your agency needs a response plan. • Regulatory and Best Practices Compliance: Th e agency must ensure that the app meets or exceeds industry and regulatory requirements. Ethical hackers should be engaged to challenge the assertion that the app is safe What are the Responsibilities? • Is someone responsible to ensure that the app remains secure (and relevant)? • Are there consequences if the app’s vulnerabilities are not fi xed? • Do you know the risk to your agency if riders cannot do business with you? • Do you know the risk to your agency if riders lose their personal and fi nancial information because of your app? • Whose job will be lost in the aft ermath of a hack? What About a Support Plan? • Is there a way to inform riders about app issues? • Is there a way to shut down or remove an app when/if it is a security risk? Have a Recovery Plan • How long will it take to regain normal operations aft er a hack? • How long will it take to regain the public’s trust aft er a hack? • What is your total fi nancial obligation when a hack occurs? • What is the outcome of your Agency’s relationship with vendor( s) in the aft ermath of a hack? Well-conceived and created apps can greatly enhance transit experiences. When your agency does the up-front work to build a resilient ecosystem to support and protect riders who use the app, then life is grand. For all others — proceed with great caution. For more information, visit www.MassTransitmag.com/12078201 Thinkstock AGENCIES ARE responsible to ensure that its app is secure.


MassTransit_February_2017
To see the actual publication please follow the link above