Case study: L.A. health alerts don't miss a beat

By Anne Saita, News Writer 27 May 2004 | Security Wire Perspectives

Digg This!     StumbleUpon     Del.icio.us

Each month bioterrorism IT coordinator David Cardenas fields and distributes about a dozen serious health alerts to physicians, hospitals and response agencies within the jurisdiction of the 10 million-resident Los Angeles County Department of Health Services. At least two can be considered critical outbreaks.

It could be an infectious disease brought in by a tourist or a threat posed by bioterrorists. Regardless, Cardenas must ensure the flow of such sensitive information reaches the right people, quickly and securely. He also must be sure it doesn't leak to the wrong outlets and cause a panic.

To keep such data secure, the nation's second largest health care system this spring rolled out role-based messaging technology from San Diego startup MIR3 that supports the Los Angeles health department's distributed network and validates users within the collaborative nature of health alert networks.

"Physicians and other health care providers need to know they can send us information on their patients, and it's going to be a secure transmission," explains Cardenas, who oversees security for the county's Bioterrorism Preparednesss and Response Unit and Acute Communicable Disease Control.

Like other messaging solutions from competitors like DCC, Envoy World Wide and Enera, MIR3's INlogicPRO provides voice and text alerts over a variety of devices and communication channels. Using simple steps, the company says, an administrator can reach a level of granularity that automatically determines how calls are channeled, to which devices and under what circumstances.

Built into INlogicPRO and its ASP-based alternative, INlogicNOW, is 128-bit SSL encryption for Web access to an intuitive GUI that sets roles used to send alerts. Senders and receivers also must use PINs during the messaging process for further protection. Additionally, the role-based access management system on the console assigns rights and privileges to different user types to help prevent information leakage.

Cardenas says his department will use both the server-based INlogicPRO, which is placed behind a firewall, and the host-based INlogicNOW as a backup for redundancy and message load balancing within his Windows-based network.

All these features are designed to secure information as it flows to and from Cardenas's unit, where, he says, it's especially important that each user is validated. "If the information path is violated, it could spell big trouble," he adds.

Tags: Enterprise User Provisioning Tools,  Password Management and Policy,  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise User Provisioning Tools IAM trends: Rebuilding security with provisioning technologies Quiz: Compliance-driven role management Identity lifecycle management for security and compliance Choosing management for Active Directory user provisioning User account best practices for an investment management website Content-aware IAM: Uniting user access and data rights Keep files from being deleted by assigning read and execute permission Is Identity Management as a Service (IDaaS) a good idea? Top tactics for endpoint security How to edit group policy objects to give a user local admin rights Password Management and Policy Torrent phishing scheme trips up Twitter users Microsoft, security firms warn of password meltdown How to find and remove keyloggers and prevent spyware installation How to encrypt passwords using network security certificates Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats How to determine password strength for a website Prevent password cracking with password management strategies Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Web Server Threats and Countermeasures Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability How do passwordless SSH keys represent an enterprise attack vector? Information security book excerpts and reviews Increase in Gumblar backdoors poses FTP credential problems VeriSign extends DDoS attack protection service Microsoft issues IIS FTP advisory, exploit code circulates Panda reports fast-spreading rogueware antivirus fraud rakes in millions Oracle issues quarterly patches, fixes database flaws Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) identity access management (IAM) system  (SearchSecurity.com) onboarding and offboarding  (SearchSecurity.com) password synchronization  (SearchSecurity.com) RADIUS  (SearchSecurity.com) role mining  (SearchSecurity.com) role-based access control (RBAC)  (SearchSecurity.com) user profile  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary