New certification aims to improve security of computer applications

An information security training firm announced on Wednesday it will offer a new security certification for software professionals in 2009 aimed at reducing the number of vulnerabilities in applications, one of the most common ways hackers gain access to systems.
ISC2, which has trained and certified more than 50,000 information security professionals, said it will begin offering in June 2009 an exam to security specialists interested in receiving the firm’s Certified Secure Software Lifecycle Professional designation. The CSSLP will establish best practices and will validate an individual’s competency in addressing security issues that occur during the life cycle of software development and use.
More than 70 percent of computer security vulnerabilities can be found in software applications, such as databases, word processors, spreadsheets and even security programs themselves, according to research firm Gartner. These vulnerabilities frequently are the result of poorly written code.

Online Privacy: Nowhere to Hide from Internet Tracking

Managers should play a major role in ensuring that their companies adhere to ethical online privacy policies. Using spyware, web monitoring software or other Internet monitoring techniques to track and document the behavior of your customers needs to be managed with restraint in order to protect the privacy of individuals.

If you sometimes get the feeling that you’re being watched or tracked by unknown entities, you’re not being paranoid. You’re just being observant.

In fact, a variety of public and private organizations are attempting to find out all about you: what Web sites you visit and the pages you view there, what products you buy online, what your health concerns are—even what medicines you take.

A Software Tool for Removing Patient Identifying Information from Clinical Documents

We created a software tool that accurately removes all patient identifying information from various kinds of clinical data documents, including laboratory and narrative reports.

We created the Medical De-identification System (MeDS), a software tool that de-identifies clinical documents, and performed 2 evaluations. Our first evaluation used 2,400 Health Level Seven (HL7) messages from 10 different HL7 message producers. After modifying the software based on the results of this first evaluation, we performed a second evaluation using 7,190 pathology report HL7 messages. We compared the results of MeDS de-identification process to a gold standard of human review to find identifying strings. For both evaluations, we calculated the number of successful scrubs, missed identifiers, and over-scrubs committed by MeDS and evaluated the readability and interpretability of the scrubbed messages.