Using IBM Tivoli Identity Manager to Aggregate Email Notifications

/0 Comments/in , , , , , /by

We all struggle with our electronic mailboxes. For every email we receive, there is some portion of our day devoted to opening and processing these emails. There is also serious time spent just deleting unwanted emails.

Take this example. A manager has a number of contractors that she has reporting to her, let’s say about 30. Every three months, an automated email is sent for each contractor requesting the manager to confirm the contractor is still employed. This is just one email sent every quarter for 30 contractors. That’s 120 emails the manager has to process. This adds up to a lot a time for a busy person. Remember this is just one process. There are other processes out there waiting to fill up unsuspecting mailboxes.

IBM Tivoli Identity Manager (ITIM) has the ability to automatically generate the email notification and aggregate the contents so the manager would get only one email. Using ITIM Out of the Box Lifecycle Operations and Post Office features an email can be formatted that contains all the information that was previously contained in the 30 individual emails. Read more

EHR Stimulus Incentive

/0 Comments/in , , , , /by

EHR technology is a medical software that can help your practice keep track of and treat patients more efficiently and effectively. Additionally, many of these technologies, when implemented correctly and used properly, are subject to government incentives, making them affordable to install.

With the Stimulus Incentive Calculator app for the iPhone, you can figure out how much you will earn by using certified EHR software. Using various factors, such as the size of your practice and the number of patients you see per year, this calculator can show you the incentives for which you may be eligible.

To learn more about the benefits of using EHR technology in your practice, contact PathMaker Group. We provide security solutions and identity management servicesw.

Visit our website or call (817) 704-3644.

Understanding the Basics of SOA Security

/0 Comments/in , , , /by

Service-oriented architecture (SOA) is a type of software design that allows applications to be integrated as services, allowing for easy management of a company’s operations. However, the level of integration that SOA provides is compromised by the use of standard security features that are traditionally embedded into individual applications. In order to make up for this security deficiency, companies are employing the use of specialized SOA security. The following are some of the features of SOA security that address typical vulnerabilities:

  • Content Validation: Specialized SOA security ensures that data is only received in the system by trusted users to prevent a forced error by SQL injection that exposes access information.
  • Time Stamps: Digitally signed security requests can be forged by replicating previously used messages that are valid for other services. Time stamping requests prevent this sort of infiltration.
  • JavaScript Protection: This is a defense that prevents hackers from using JavaScript to input data visible by users from the client end. System scans detect and remove these malicious scripts. Read more

PCI Updates

/0 Comments/in , , , , , /by

I thought i would take a few minutes to wish everyone happy holidays and a very prosperous 2011. I also noticed that I hadn’t blogged in a while so I thought I do a little of that…

This blog provides a few updates and observations related to the following:

  • PCI DSS v1.2.1 to PCI DSS v2.0 transition – very well defined, except for the cut-over date. The bottom line is that the PCI SSC is encouraging all merchants and service providers to convert as soon as possible, but at the same time saying everyone has until New Years Eve 2011 (one year).
  • PCI DSS and PA-DSS v2.0 Scoring Templates – QSAs can’t plan their projects without the new Scoring Templates. This will stall migrations.
  • Sampling And ASV Scanning Do Not Mix – this wasn’t a like a free lunch but some still manage to screw it up…
  • PCI DSS Timeline Clarification Read more

Stuxnet Worm, Research and Recommendations

/1 Comment/in , , , , /by

As you may be aware, a worm (originally appearing in 2009) and named Stuxnet has recently resurfaced as a focused attack at Industrial and Energy control systems, namely but not exclusively targeting those systems built by Siemens, AG. This worm has the capability to take control of and/or alter settings within SCADA systems and PLC/RTU sub-components.

Below are some good articles related to recent research into the worm.

Read more

iTunes Accounts Hacked? or, Something Worse?

/1 Comment/in , , , /by

So perhaps only a few have heard about the July 4th news story reporting that several iTunes accounts (30 accounts ??) across the globe were compromised by the developer of an application (or several apps).

The story alleges that iTunes was hacked and several user accounts were compromised by an application developer who exploited peoples’ iTunes accounts to purchase his applications, so much so that it elevated him to the top in his applications’ category. Now, i would suggest that more that 30 accounts would have to be involved to elevate an app to the top of its category, but that’s beside the point. It is likely that there are more accounts involved, some go not reported, some completely oblivious to their losses.

Read the story for yourself….

I’m not so convinced that iTunes was hacked by some thief brute forcing username/password combinations to crack 30 accounts out of millions. While it is entirely possible that Apple could be hacked and that data could be stolen in bulk, I think there are some alternative ideas that should be considered. Read more

Virtual Machines != Security Virtual Reality

/0 Comments/in , , /by

Post #1, Virtual Machines != Security Virtual Reality

PathMaker Group is introducing some exciting new technologies to the market that greatly reduce business cost of securing virtual environments and simultaneously increasing system efficiencies, measured in hard-dollar savings. In order to truly embrace the value of these innovative solutions and approaches, one needs to consider some of the obvious and not-so-obvious security issues rooming in virtual space today.

This post is the first of my multi-part series on securing virtual machine environments and I hope that it provides some additional insight into the security issues that I anticipate would concern every business using virtual machines, or considering using it. Read more

Realizing Rapid Value from Identity Management Provisioning

/0 Comments/in , , , /by

We’ve been working with most of the leading Identity Management/Provisioning tools since 2003. Most of the products have been acquired or rolled up into a larger suite of products. This process brought maturity, stability, and added investment to the industry. This helped the products and industry establish a place in the IT infrastructure that’s here to stay.

When we first meet with a prospective client we always ask the question, “What’s driving your need for provisioning?” Most organizations will talk first about audit compliance forcing these initiatives. And although this driver has finally elevated the effort to become a budget priority, the fact is that most companies wanted to do the project years ago simply to improve the overall security of the organization. And that can still be done pretty quickly.

So what if you’re one of those organizations that still can’t seem justify the project? Let me suggest you consider a streamlined, rapid approach that will enable you to realize value quickly — I mean in a matter of weeks vs. months or years! Read more

Why is it even more important to have an IR plan than a DR plan?

/0 Comments/in , , , /by

Virtually every organization has a DR (disaster recovery) plan in place as they should. However, most organizations don’t have a detailed IR (incident response) plan in place for when their IT systems are impacted by malicious behavior from either external or internal causes.

Why is it potentially more important to have an IR plan in place vs. a DR plan? The answer is simple, statistics. According to several creditable sources, the percentage of companies in the United States who experienced an IT incident in 2009 related to a directed malicious attack from either an external source (malware, etc.) or internal source (privileged user, disgruntled employee) was 49% compared to less than 10% of organizations who actually activated and used their DR plan.

Over the last few years we, at PathMaker Group, have seen the number of incidents, and the impact from those incidents, dramatically increase in number and impact (both downtime and financial). Suprisingly, most organizations still don’t have a defined Incident Response team and procedures to address these issues in a timely fashion to reduce downtime and financial impact. Read more

We have the coolest security technology partners!

/1 Comment/in , , , /by

Recent press supports our direction on selecting leading edge security technology partners. Not long ago, NetWitness found the most invasive Netbot in recent history.

Now our cloud-based monitoring solution partner, Alert Logic, discovered a serious bug with Facebook.

IDG reported “Facebook is fixing a Web programming bug that could have allowed hackers to alter profile pages or make restricted information public.

The flaw was discovered last week and reported to Facebook by M.J. Keith, a senior security analyst with security firm Alert Logic. Read more