January 30, 2016

Cybersecurity report recommends test-hacking medical devices before and after release

White hat hackers are essentially the “good guys” of the industry. They are generally hackers or programmers that make their living through ethical means, specializing in computer and software security. They don’t always work with a particular company — sometimes they are the lone-wolf type. The important point is they don’t hack into systems or devices with the intent of causing harm. Instead, their goal is to find vulnerabilities and holes which may need to be patched in order to improve security. After finding a security flaw, they often provide the necessary documentation and aid to the system owner or admin to improve security.


Testing Tips For Today

Test scenarios aren't always one-way. They aren't always request-response. They aren't always server-pushed. Applications that employ WebSockets often contain a mix of communication patterns. To build your load test scenarios you'll want to record and playback WebSocket communications with your app to create realistic testing scenarios. You'll also need to handle messages pushed over WebSockets just like you would handle messages pushed using a traditional request-response, piggy-back architecture. Load test variables should include the time it takes to establish a WebSocket connection, as well as the time it takes to send a request over that connection. Finally don't forget to include tests for both text and binary data.


Great Little Inventions: Velcro

It is often said that one of the main qualities of geniuses is seeing what no one else sees. Undoubtedly, many people before De Mestral had walked through the countryside just to end up with spikes and thorns pinned to their clothes, yet for most people it was just a minor nuisance. In contrast, when in 1941 the Swiss engineer returned from a hunting trip through the mountain forests of Jura, he envisioned a solution where others could only see a problem. After plucking seeds from his clothes and from his dog’s hair, he came up with the idea of studying them under a microscope in order to understand how they managed to snag so stubbornly.


Finding Unexpected Allies Pt 1: Risk Management

Now, this seems like it’s too good to be true and the obvious question that most people will be asking is, “what’s the catch?” The catch that I’ve experienced is that you can’t simply email a bunch of business units in the bank and say “please list the business services you provide and the applications that support them”. The first problem with doing so is, what is an application? And what is a business service? Without a decent definition, the level of granularity that you might get, and the type of operation that gets identified, will be all over the map. You need to engage with each group to define concepts, so that you ensure some level of consistency.


The next 5 years: possible trends in business software

The growing popularity of platforms with big data capabilities means that more business software programs will likely emphasize real time data analysis in the future, also. This trend emerges in particular in the conduct of successful social media campaigns. The mining of consumer data now extends to a wide array of integrated social media platforms; coupled with sophisticated database technology platforms, this capacity enables companies to develop programs that respond more flexibly and in a far more tailored manner to individual customers. Eli Stutz in “The Future of BPM: 7 Predictions” argues that real time processes will give a fourth dimensional quality to some popular software programs used by businesses.


How healthcare systems can become digital-health leaders

High-quality, sustainable healthcare depends on IT-enabled services and a digital platform, but healthcare systems are still unclear on where to focus investment, what technologies provide the greatest benefits for patients and healthcare providers, and the return on investment. In 2014, we did considerable research into the economic value of digital technologies in healthcare and found that implementing technologies such as patient self-services, using digital channels rather than direct physician interaction, or patient self-management solutions can produce net economic benefits of 7 to 11 percent of total healthcare spending. Over this past year, our work on the ground has confirmed this original analysis.


Best practice advice for moving to the cloud

"For most organisations, moving to the cloud involves a shift in finances, because you're moving from a well-understood capital expenditure model to an operating cost-based model. That scares people sometimes." Hewertson says IT leaders must take time to explain that, while operational costs will rise, the long-term effects of depreciation will be lower as the business avoids a hit every few years when it needs to upgrade its infrastructure. To ensure everyone understands the potential risks and benefits, Hewertson has established a corporate risk board, which highlights the potential risks of the current operation at a formal level. Hewertson advises his CIO peers to use a similar approach to receive the broad support of senior executives and to help alleviate risk, particularly at an individual level.


The Neurologist Who Hacked His Brain—And Almost Lost His Mind

Kennedy called his invention the neurotrophic electrode. Soon after he came up with it, he quit his academic post at Georgia Tech and started up a biotech company called Neural Signals. In 1996, after years of animal testing, Neural Signals received approval from the FDA to implant Kennedy’s cone electrodes in human patients, as a possible lifeline for people who had no other way to move or speak. And in 1998, Kennedy and his medical collaborator, Emory University neurosurgeon Roy Bakay, took on the patient who would make them scientific celebrities.


IT governance: why does it matter?

With increasing regulatory requirements, both auditors and IT managers are adopting CobiT as the compliance framework for IT controls. The CobiT IT Process model has helped convey a view of IT that is understandable to business management, auditors and IT, while providing a basis for IT functions to be organised more effectively into a process structure with accountable process owners. The roles of IT and audit for IT governance are separate yet intertwined. IT professionals often have a poor understanding of what controls are and why they are needed. Audit can help with this by working together with IT, providing training that facilitates a change in the culture of the IT organisation and adopting a focus on controls.


Building Security In versus Building Security On

‘Building Security In’ means that security must be built into the developer culture. Developers should understand that security is now part of their job. This is accomplished by building security into their incentives, providing them the training they require, and showing them that security is a valued skill to the organization. There should be a well-defined software security group with equally well-defined policies and tools to measure efficacy. A common pushback from developers is that security can decrease productivity. There are tools that will in fact do the exact opposite, demonstrating an increase in productivity by as much as 15 percent. These tools live in the developer’s environment and scan code as it is being created.



Quote for the day:


"Winning means you're willing to go longer, work harder, and give more than anyone else." -- Vince Lombardi