Skip to main content

What Keeps Me Up at Night 2012

I've written several posts about the issues that keep me up at night.  Here's what I wrote in 2011.

Today, my team presented a list of risks to the Compliance, Audit and Risk Committee at BIDMC.   Here's my list of top risks for 2012:

1.  Old Internet browsers - many vended clinical applications require specific versions of older browsers such as Internet Explorer 6, which are known to have security flaws.  We've worked diligently to eliminate, upgrade or replace applications with browser specificity.   At this point we are 96% Internet Explorer 8/Firefox 7/Safari 5 minimizing our risks to the extent possible.

2.  Local Administrative rights - Of our 18,000 devices on the network, a few thousand are devices that require the user to have local administrative rights to run their niche applications (often the research community doing cutting edge research with open source or self developed software).   We have done everything possible to eliminate Local Administrative rights on our managed devices.

3.  Outbound transmissions - Security has historically focused on blocking evil actors from the internet.   Given the current challenges of malware and infections brought in from the outside, it's equally critical to block unexpected outbound activity.

4.  Public facing websites -  any machine that touches the internet has the potential to be targeted for attack.  We've implemented proxy servers/web application firewalls on most public websites.

5.  Identity and Access management - Managing the ever changing roles and rights of individuals in a large complex organization with many partners/affiliates is challenging.  If an affiliate asks for access to an application, how do you automatically deactivate accounts when users leave an affiliate, given the lack of direct employment relationships?

6.  Anti-virus - the best anti-virus applications only catch about 50% of malware.  Thus, a multi-layered defense is required.  However, adding all those layers impacts performance and can result in false positives.   Balancing security, reliability, and performance is challenging.

7.  Security awareness - When that phishing email arrives asking users for their username/password, social security number, and a DNA sample, some people still fall for it.   Many users surf sites that are known virus distribution sites.   Even social networking is a vector for malware.

8.  Keystroke loggers and screen scrapers - mobile devices and home computers beyond IT control may contain keystroke loggers that capture user credentials, bypassing encryption, VPNs, and other layers of security.

9.  Forensics -  increasingly sophisticated security infrastructure implies more events to research which requires additional staff that are challenging to find, recruit and retain.

10.  Third party desktop software - it's no longer the operating system that presents the greatest risk, but security holes in Java and Adobe products such as Flash.

Security is journey and you'll never be done.  The hope is that your risk profile improves over time as more  of the environment is locked down, creating a restrictive rather than permissive infrastructure which makes services available by exception to the minimum extent necessary while balancing security and ease of use.   As I've said before, this is a Cold War at a time when Meaningful Use encourages more data sharing and breach reporting/regulatory penalties are increasingly severe.   All you can do is your best, given fixed resources and time.   And try to get some sleep.

Comments

Popular posts from this blog

clip on magnetic sunglasses visit here

Save with prescription glasses and sunglasses. Prescription eyeglasses with magnetic clip on sunglasses. A wide selection of colors and styles for every budget! -GlassesPoint. Prescription eyeglasses with magnetic clip on sunglasses. A wide selection of colors and styles for every budget! Free magnetic clip on with every pair of glasses.  The operator should contact lens Plano glasses a few days of Sun and Rx on the other person. Many people choose single vision lenses, designed for a specific use, such as prescription sunglasses. Clip-ons magnetic magnetic clip ons often come with their prescription glasses frames. Prescription glasses Goggles4u dollars from 29.99 with free shipping. Takumi neodium magnet glass features recipes that are light, strong and in. The combination of some normal prescription glasses and a pair of polarized glasses that glare-resistant to outdoor activities. clip on magnetic sunglasses visit here

t shirt maker cheap online visit here

Design your own t-shirts online and custom shirt maker online Exclusive collection for women's clothing in the West at http://t-shirt-Maker.Page.TL/, photo t-shirts in India, send a photo t-shirt to write India slogan t-shirts, custom t-shirts online, order photo t-shirts, printed t-shirts online.    t shirt maker cheap online visit here

t shirt maker visit here

Who doesn't love the Tunnock tea cake? Crea mola foam? Pride of Scotland only bread ... with square sausage sandwiched in the segment of Sunday morning? I would love to meet your custom tshirt supplier and I just discovered jumping stable in Glasgow's Central St. Gillian Kyle is a young artist in Glasgow who develop custom t-shirts and other products that are worth a look. t shirt maker visit here