Skip to main content

Back to (new) Basics

To maintain secure computer systems, in the past the basics have been tasks like keep systems updated, run anti-virus software, use a properly configured firewall,use a filtering proxy for access to the internet.

The advice on basics has been mechanistic in the past - make the machinery protect itself was the ideal and most hoped-for outcome.

The new Basics include the old things and add:

  • Establish a Security Culture
  • Maintain Good Computer Habits 
  • Plan for the Unexpected
  • Control Access to Protected Health Information

(from Top 10 Tips for Cybersecurity in Health Care)

What's interesting about the new Basics is the additional items all have something in common: People. Each item focuses on how people interact with the systems, what they should expect and look for in terms of benefits, risks and dangers, and the fact the use of computers and computerized machinery must always remember the human elements for mistake, misuse and out-right abuse.

Why Is Cybersecurity So Hard? puts it succinctly, attributing it to three reasons. The first reason is that which is being recognized more broadly now: It's not just a technical problem.  Harvard Business Review's The Best Cybersecurity Investment You Can Make Is Better Training documents the problem. The Small Business Administration is gearing up to help in the effort to train small and medium sized businesses and  the AHA is making efforts at training from the top-down and this includes training on and in governance efforts.

It's people that are trying to defeat security, it will come down to people promoting security - as the new Best Practices warrant.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Unit Testing - What to Test

This I wrote to answer a question that came up when we were discussing our software process and I was training developers on how to unit test. It seems a simple enough question, but I kept pondering it and delving deeper until I realized I needed to write this monograph. What unit tests should we write? How do we know what to test? Ideally, unit tests should cover every path through the code. It should be your chance to see every path through your code works as expected and as needed. If you are practicing Test Driven Development then it's implied everything gets a test. In the real world, you might not be allowed to test everything - for instance, if the testing suite ends up taking a week to run, then the world will have changed by the time it finishes and the test results will be obsolete. Unit testing at it's basic is testing an object, a method - the smallest unit of your code that it can test independently. It should test the inputs "goes into" an...
Post a Comment
Read more

Risk Mitigations for Custom Applications

  In many healthcare applications, often due to the cloistered nature of the use cases – e.g. it will only be accessed by users authorized in a particular facility, such as an operating room suite – the needs for Authentication and Authorization are minimized when the system is designed and implemented. This presents a risk as soon as you allow for the possibility of users with ill-intent or that otherwise want to operate outside their given roles. Custom applications need to consider these possibilities and implement the following measure to ensure the integrity of the system. 1.   Authentication and Authorization Controls: Multi-Factor Authentication (MFA): Implement MFA for all user logins. This adds an extra layer of security beyond just a username and password. Role-Based Access Control (RBAC): Grant users access only to the data and functionalities they need for their specific role. This minimizes the potential for unauthorized access. Strong Password Policies: ...
Post a Comment
Read more

JavaScript and JQuery Palettes...

I have been immersing myself in the world of d3js and more, specifically Plotly.js . This has required me to look at palettes, and to create some palettes - which I did with Paletton . I find it tedious, so I am creating some helpers, like the code below which displays a given list of palettes (each of which is simply an array of colors in your favorite format). <table id="Palette"> <tbody></tbody> </table> <script> var defaultColorsPalette = ["#ffd99a", "#225ea8", "#ffc09a", "#9dc4f4", "#ffbf58", "#ffdb58", "#257294", "#ff9658", "#61a1f3", "#ffa719", "#ffce19", "#ff6e19","#ffe99a", "#2a82f2", "#ff9e00", "#ffc900", "#ff5f00", "#036bf0" ]; //via colorweb2 var sequentialMultihueBlueYellowPalette = ["#ffffd9", "#edf8b1", "#c7e9b4",...
Post a Comment
Read more