Tuesday, July 12, 2011

War between computers & Humans- To wipe out traumatic memories

The computer is designed to reciprocate Human behavior. It is so specialized in computing advance task which human machine may or may not able to compute in a fraction. I understand, there are many differences which make human apart from computers like senses, emotions etc. But the one thing which makes apart is removing unwanted data from memory…The computer is the clever device, which can erase data as per the instruction.   

Just imagine, you are Soldiers haunted by scenes of war and victims scarred by violence or terrified by some instance or any past emotional break thru and may wish they could wipe the memories from their minds. Researchers at the Johns Hopkins University say that may someday be possible.

Is it possible to erase traumatic memories?
A commercial drug remains far off — and its use would be subject to many ethical and practical questions. But scientists have laid a foundation with their discovery that proteins can be removed from the brain's fear center to erase memories forever.

"When a traumatic event occurs, it creates a fearful memory that can last a lifetime and have a debilitating effect on a person's life," says Richard L. Huganir, professor and chair of neuroscience in the Hopkins School of Medicine. He said his finding on the molecular process "raises the possibility of manipulating those mechanisms with drugs to enhance behavioral therapy for such conditions as post-traumatic stress disorder."

In future, If we get this method we may cure several diseases (mental disorder).   

Thursday, July 7, 2011

Enterprise security posture needs to align with Identity and Access Management (IAM) Trends

The most important question every CISO or CIO concerns about optimization and efficiency around process with minimal security incident (to make a close to zero). This often leads to comparison with peers on how we are doing as an organization?”, “What is the next step for us as we build our secure environment using IAM infrastructure?” and “how to develop IAM maturity model?”
The survey revealed following drift-    

  1. Security is still the top driver behind the use of identity and access management tools
  2. IT administration efficiency is now the second most common motivator, with 30% of respondents from a recent Forrester survey weighting this efficiency above regulatory compliance.
  3. Business agility is also a new factor, as business owners increasingly look to security professionals to solve business problems.

With the increasing sophistication of fraud rings and security attacks, coupled with the rapid adoption of various mobile and post-PC devices and the changing business environment, it will be important to consider various questions when selecting your organization's next IAM product.For example,

1. Does the product recognize risk and patterns, making fraudulent activity easily identifiable? Or, more simply, does the product work from a mobile device? While mobile browser support is a minimum requirement, mechanisms for secure PKI certificate management and centralized access auditing should also be expected. Does the product support geographic patterns and provide detection and prevention defense mechanism.
2.  Most importantly, does the product help improve business agility and demonstrate value? By proving to budget holders that substantial savings are achievable, it will be much easier to sell the product internally.
3.   Future product Strategies
4.  User Friendliness and Integration support for 3rd party COTS-based solution and homegrown application.
5.    Integration with Service oriented environment.

To understand the facts lets analyze the Identity and access management predictions from Forrester-Despite increased spending, security and risk professionals continue to face tough vendor selection decisions.

  • Prediction 1: Business agility will continue to rise in importance
  • Prediction 2: Data security will come to depend on IAM
  • Prediction 3: Mobile devices will need to be managed via IAM systems
  • Prediction 4: IAM in the cloud will provide more than just access control

Tuesday, July 5, 2011

Prized Patient information open to Web-Highest Number of Security Breaches in Healthcare - Medical Providers


The below chart represent the highest number of security breaches happing in Healthcare sector of US. The immediate question arise to everyone mind; is it because of low-security standard or control available? This is not True!!!  There are strong controls like HIPPA to address security requirement, but it also depends on how and where these controls are implemented. A strategic initiative needs to be developed, involving management commitment with right tools and strong business processes.   


Type of breaches analyzed:
  1. Unintended disclosure (DISC) - Sensitive information posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail.
  2. Hacking or malware (HACK) - Electronic entry by an outside party, malware, and spyware.
  3. Payment Card Fraud (CARD) - Fraud involving debit and credit cards that are not accomplished via hacking. For example, skimming devices at point-of-service terminals.
  4. Insider ( INSD) - Someone with legitimate access intentionally breaches information - such as an employee or contractor.
  5. Physical loss (PHYS) - Lost, discarded or stolen non-electronic records, such as paper documents
  6. Portable device (PORT) - Lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc
  7. Stationary device (STAT) - Lost, discarded or stolen stationary electronic device such as a computer or server not designed for mobility.
  8. Unknown or other (UNKN)

Organization type(s) analyzed: BSO - Businesses – Other, BSF - Businesses - Financial and Insurance Services, BSR - Businesses - Retail/Merchant, EDU - Educational Institutions, GOV - Government and Military, MED - Healthcare - Medical Providers, NGO - Nonprofit Organizations

Few examples of breaches are -

Barnes-Jewish Hospital, The Siteman Cancer Center, Washington University Saint Louis, Montana
A laptop containing unencrypted patient information was stolen during the weekend of December 4, 2010.  It contained the names, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, medical records, diagnoses, lab results, insurance information and employment information

Boulder Community Hospital Boulder, Colorado
A contract nurse is accused of accessing patient information without authorization.  He faces a 90-count felony indictment.  He allegedly used the Social Security numbers and other private information found in patient files to open credit cards in patients' names. 

The VA Caribbean Healthcare System San Juan, Puerto Rico
Veterans and staff had their personal information left unsecured in an open area in the San Juan VA Medical Center. Some of the information included patient care assignment documents with names and Social Security numbers a counseling letters.  It is not clear what type of staff information was exposed.  The information was supposed to have been shredded.

Healthcare Partners Long Beach, California
Nineteen computers were stolen during an office burglary on Monday, April 18.  Administrative information such as names, addresses, dates of birth, medical record numbers, and health insurance plan ID numbers was exposed.  Sensitive medical information such as treating physician names, diagnoses, treatment plans, progress notes, prescriptions, referrals, and authorizations were also exposed. A safe with 16 patient checks and 60 patient credit card receipts was also stolen.

Indiana Regional Medical Center Indiana, Pennsylvania
A former employee stole more than 500 patient records for the purpose of using them as evidence in a legal dispute with a physician.  The theft occurred in September of 2010 and included the medical information of three or four patients, as well as administrative information related to hundreds of other patients.

Trinity Medical Center (Montclair Baptist Medical Center) Birmingham, Alabama
A former employee was caught stealing patient information for the purpose of identity theft.  Hundreds of pages of information with patient names, Social Security numbers, dates of birth and some medical information such as scheduled procedure were found at the employee's residential address