Go-Ahead drives Security League Table

transport company’s comparative analysis promotes security and encourages dialogue between IT specialists and business managers.

  • Tuesday, 30th April 2013 Posted 11 years ago in by Phil Alsop

Security and compliance vendor, RandomStorm, has developed an information security league table for FTSE 250 public transport company, Go-Ahead Group plc.


David Lynch, Group IT and Procurement Director at Go-Ahead, manages a team of fifty IT specialists who are responsible for maintaining the security of the Wide Area Network; departmental servers; email servers and rail IT infrastructure, including Go-Ahead’s retail network and physical assets located in more than four hundred and fifty stations.


As a Level 1 merchant of travel tickets, Go-Ahead has to comply with the Payment Card Industry Data Security Standards (PCI DSS) and have regularly scheduled audits with a PCI Qualified Security Assessor (QSA).


Go-Ahead is using the RandomStorm Vulnerability Management Platform, StormCore, to map and scan the entire enterprise network for intrusions; correlate incidents and monitor for any configuration issues on devices or ports that could render the network vulnerable to malware or hacks. All incidents and reports are presented in a central dashboard designed to make it easy to interpret by both management and technical staff.


Lynch wanted to ensure that the security detection and protection products were being used to their full potential. Aware of David Lynch’s love of football, RandomStorm designed a Security League Table, to demonstrate the comparative performance of different areas of Go-Ahead’s IT network.
The Security League Table enables Go-Ahead to quickly review where vulnerabilities have been identified, which assets are affected and what remedial action is required. Where a highlighted vulnerability has not yet been addressed, such as a misconfigured device or required patch, this will be marked down, pushing that IT domain lower in the League Table. Go-Ahead’s IT managers meet with David Lynch each month to report the status of IT assets. The League Table is updated with details of the active security issues and work schedules are generated to address vulnerabilities.
“This is unique to Go-Ahead, it was designed specifically for us by RandomStorm as a way of measuring ongoing security in between scheduled audits,” enthuses Lynch. “The Security League Table identifies where vulnerabilities highlighted by the scans have not yet been remediated and provides IT managers with a schedule of work during the month.”


Lynch reports that the Security League Table encourages a dialogue between IT staff and business managers and demonstrates where IT is adding value to the business.


“I am not a great fan of putting a tick in the security compliance box, unless I am certain that I am actually complying. By showing that we are doing all that we can to defend our network, we can also protect the corporate reputation of Go-Ahead. If I could have a RandomStorm League Table for every area of my business that would be great, because it shows you exactly what’s going on,” concludes Lynch.