Case study: L.A. health alerts don't miss a beat

By Anne Saita, News Writer 27 May 2004 | Security Wire Perspectives

Digg This!     StumbleUpon     Del.icio.us

Each month bioterrorism IT coordinator David Cardenas fields and distributes about a dozen serious health alerts to physicians, hospitals and response agencies within the jurisdiction of the 10 million-resident Los Angeles County Department of Health Services. At least two can be considered critical outbreaks.

It could be an infectious disease brought in by a tourist or a threat posed by bioterrorists. Regardless, Cardenas must ensure the flow of such sensitive information reaches the right people, quickly and securely. He also must be sure it doesn't leak to the wrong outlets and cause a panic.

To keep such data secure, the nation's second largest health care system this spring rolled out role-based messaging technology from San Diego startup MIR3 that supports the Los Angeles health department's distributed network and validates users within the collaborative nature of health alert networks.

"Physicians and other health care providers need to know they can send us information on their patients, and it's going to be a secure transmission," explains Cardenas, who oversees security for the county's Bioterrorism Preparednesss and Response Unit and Acute Communicable Disease Control.

Like other messaging solutions from competitors like DCC, Envoy World Wide and Enera, MIR3's INlogicPRO provides voice and text alerts over a variety of devices and communication channels. Using simple steps, the company says, an administrator can reach a level of granularity that automatically determines how calls are channeled, to which devices and under what circumstances.

Built into INlogicPRO and its ASP-based alternative, INlogicNOW, is 128-bit SSL encryption for Web access to an intuitive GUI that sets roles used to send alerts. Senders and receivers also must use PINs during the messaging process for further protection. Additionally, the role-based access management system on the console assigns rights and privileges to different user types to help prevent information leakage.

Cardenas says his department will use both the server-based INlogicPRO, which is placed behind a firewall, and the host-based INlogicNOW as a backup for redundancy and message load balancing within his Windows-based network.

All these features are designed to secure information as it flows to and from Cardenas's unit, where, he says, it's especially important that each user is validated. "If the information path is violated, it could spell big trouble," he adds.

Tags: Enterprise User Provisioning Tools,  Password Management and Policy,  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise User Provisioning Tools Quiz: Compliance-driven role management Identity lifecycle management for security and compliance Content-aware IAM: Uniting user access and data rights Is Identity Management as a Service (IDaaS) a good idea? Top tactics for endpoint security How to edit group policy objects to give a user local admin rights Privileged account management critical to data security Making the case for enterprise IAM centralized access control Lesson 3: How to implement secure access Best practices for a privileged access policy to secure user accounts Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults Web Server Threats and Countermeasures Increase in Gumblar backdoors poses FTP credential problems VeriSign extends DDoS attack protection service Microsoft issues IIS FTP advisory, exploit code circulates Panda reports fast-spreading rogueware antivirus fraud rakes in millions Oracle issues quarterly patches, fixes database flaws Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks Microsoft warns of IIS zero-day vulnerability How to find and stop automated SQL injection attacks How to spot attacks through Apache Web server log analysis

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) logon  (SearchSecurity.com) onboarding and offboarding  (SearchSecurity.com) password synchronization  (SearchSecurity.com) RADIUS  (SearchSecurity.com) role mining  (SearchSecurity.com) role-based access control (RBAC)  (SearchSecurity.com) user profile  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary