Federal Mobile App Vetting Center for Assured Software Pilot. Nick Valletta

Size: px
Start display at page:

Download "Federal Mobile App Vetting Center for Assured Software Pilot. Nick Valletta"

Transcription

1 Federal Mobile App Vetting Center for Assured Software Pilot Nick Valletta

2 MOBILE SECURITY: A REAL ISSUE Slide 2 of 20

3 NOTEWORTHY ANDROID APP TRENDS 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Trends Among Top 5000 Google Play Apps These trends highlight the readily apparent need to develop a mobile application security testing methodology. Slide 3 of 20

4 UNCLASSIFIED//FOR OFFICIAL USE ONLY CENTER FOR ASSURED SOFTWARE MISSION To substantially increase the degree of confidence that software used within DoD's critical systems is free from exploitable vulnerabilities, either intentionally or unintentionally introduced, using: Scalable Tools Scalable Techniques Scalable Processes Scalable => Timely => Effective Slide 4 of 20 UNCLASSIFIED//FOR OFFICIAL USE ONLY

5 CAS BACKGROUND IN MOBILITY The CAS surveyed the market, looking for the leading commercial, open source, academic, and free software tools for the analysis of mobile applications. The CAS performed an initial test of the top ten tools from this survey by analyzing open source applications and comparing the findings to Java code (10x10 Study). One of the major conclusions of the 10x10 study was that no one tool is adequate for mobile application testing. Furthermore, the dynamic nature of mobile app development and deployment necessitates a quick, cost-effective method for assessing mobile software assurance. Slide 5 of 20

6 WHY A PILOT? The CAS is working on a mobile application testing pilot with the goal of answering the following questions: How do we efficiently scale mobile application assessments? How do we trust that a given tool s finding is accurate? How can we create a testing infrastructure that is platform-agnostic, application-agnostic, criteria-agnostic, etc., and still have confidence that a given app is being assessed properly and accurately? The Pilot will leverage the capabilities of the best commercial, free, academic, and open source tools in order to assess Android applications Slide 6 of 20

7 PILOT OBJECTIVE Create and validate a scalable, efficient, and automated mobile application software assurance testing process that can be implemented across Government, through the use of: Multiple tools to increase coverage Automation to reduce manual review Defined processes to speed decision making A repository of test results with Metadata Slide 7 of 20

8 TESTING WALKTHROUGH App Store No SHA256 found Multiple SwA Tool Tests Report Scrape Combine Results with Confidence and Severity Automated/ Analysis: Pass/Fail Recommendation Analyst Review Analyst Report & Recommendation Management Adjudication Go Decision No Go Decision Update Database SHA256 Lookup SHA256 found Slide 8 of 20

9 TOOL CONFIDENCE CONCEPT: How do we trust a tool s output if we don t know if the tool is accurate? PROCESS: Test x open source applications using the desired tools Analyst manually reviews each finding by comparing to original source code The ratio α, where 0 α 1, is simply defined as the total number of accurate findings divided by the total number of findings Example: Tool A makes Y number of findings for a vulnerability. The analyst reviews and notes that X findings are correct (where X Y). Therefore, α = X/Y, which is the tool s confidence score for a given weakness Slide 9 of 20

10 TOOL CONFIDENCE ADVANTAGES If a confidence score is high enough or low enough, the findings for those vulnerabilities can be accepted or rejected automatically. Only confidence scores in the middle range (not high, not low), will necessitate manual review of the associated findings. Through the use of tool confidence scores, only a subset of the total findings are flagged for manual review, which significantly expedites the processing of a given application. Current values estimate that less than 25% of tool findings will be flagged for review (which makes the Pilot s methodology ~75% more efficient than traditional solutions of manual verification). Slide 10 of 20

11 CRITERIA SPECIFICATION CONCEPT: With so many differing lists of weakness criteria for evaluating mobile applications, which one should I use? PROCESS: The pilot does not advocate any specific list of criteria, but instead demonstrates a process that, theoretically, allows for the use of any list of evaluation criteria to be used to test apps. For the Pilot, we are using the CAS-defined weaknesses list*, the DISA SRG, OWASP Mobile Top 10 list, and MITRE CWEs * Available on request Slide 11 of 20

12 WEAKNESS RANKING CONCEPT: Weaknesses encountered during app testing/certification should be treated differently, depending on the impact they can cause to a given system. PROCESS: The CAS examined each criterion in each weakness specification listing to determine the weakness s severity. Weaknesses were rated as Low, Medium, High, or Fatal Depending on a given environment, thresholds can be established for weakness severities: One fatal finding may equal a failure, but a handful of high findings may be tolerable before the app is rejected. Slide 12 of 20

13 WEAKNESS RANKING PROCESS Weakness Source Ranking High Medium Low Fatal N/A CAS Weaknesses CAS DISA Mobile APP SRG DISA OWASP Top Ten CAS Mobile Specific CWEs CAS CAS Traditional Weakness Classes (CWEs) CAS Slide 13 of 20

14 DATABASE AND HASH CREATION CONCEPT: A database of which apps have been tested prevents duplication of efforts. PROCESS: All data from the application tests are saved to a shared database. When an app is submitted through the Pilot s processes, a SHA256 hash is created. This hash is compared to hashes stored in the database. If there is a match, the app does not need to be evaluated, and instead the app s reports are pulled from the database. Slide 14 of 20

15 SWID TAGS AND QUERIES CONCEPT: A centralized database of testing results allows multiple agencies to share, upload, and query app results, thus reducing duplication of efforts. PROCESS: Every time an app is evaluated, upon completion of the evaluation, a software ID (SWID) tag is created. Contains metadata information for the app and the evaluation. Allows other agencies to quickly query the SWID database in order to find information about apps and prior evaluations. Slide 15 of 20

16 STATUS OF PILOT Process Documents are complete (pending comments and validation) Weakness severities complete Tools are in-house & operational Tool Report Scraping Complete Tool Trust in Progress All tools results being evaluated System coding is in progress Methodology Document is in progress Slide 16 of 20

17 MILESTONES Initial Tool Trust (25 Apps) Feb 28 (DONE) Initial Code Development April 15 App Testing (75 Apps) April 31 (DONE) Process Testing (250 Apps) May 31 Revise Processes May 31 Publish Testing Methodology June 30 Release Software June 30 Slide 17 of 20

18 INTERESTED IN LEARNING MORE? Contact: Slide 18 of 20

19 PILOT OVERVIEW P6 Build SWID Tag SWID Tag Creation R3 Perf Reports & Metric Reporting I2 Data Input Tool I3 Data Input Tool App and Process Analytics Agency Evaluation Criteria Specific Situation Criteria P3 Build Specific Test Critieria Database App Data Repository/ Metadata P7 App Searches & Lookups P2 App Store Data Scrape App Store Agency Apps P1 SHA256 Build and Compare Commercial Apps I1 Manual Data Input Analyst Review Multiple SwA Tool Tests Align Results with criteria and order by risk P5 Report Scraping Automated Analysis- Pass/Fail R1 Results Analysis & Report Gen Automated Reports I4 Data Input Tool Analyst Review Analyst Report & Recommendation R2 Mgmt Report Gen I5 Data Input Tool Management Adjudication Go Decision No Go Decision P8 Tool Conf Data Collect & Calc P4 Initiate Tool Runs Slide 19 of 20

Software Assurance Marketplace Use Case

Software Assurance Marketplace Use Case Software Assurance Marketplace Use Case Overview Software Assurance Tool Developer May 2013 - Revision 1.0 The Software Assurance Marketplace (SWAMP) will support five user communities as shown in the

More information

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices

More information

Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,

More information

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications

More information

Automating Attack Analysis Using Audit Data. Dr. Bruce Gabrielson (BAH) CND R&T PMO 28 October 2009

Automating Attack Analysis Using Audit Data. Dr. Bruce Gabrielson (BAH) CND R&T PMO 28 October 2009 Automating Attack Analysis Using Audit Data Dr. Bruce Gabrielson (BAH) CND R&T PMO 28 October 2009 2 Introduction Audit logs are cumbersome and traditionally used after the fact for forensics analysis.

More information

Improve your equity research productivity

Improve your equity research productivity Improve your equity research productivity Creating and updating company models Standardized Excel based company models ensure each analyst s work seamlessly integrates with research database and can be

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC) Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC) Daniel V. Bart DISA Infrastructure Development Cyber Situational Awareness and Analytics 22 April 2016 Presentation

More information

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?

More information

Sberbank Venture Funds Strategy

Sberbank Venture Funds Strategy Sberbank Venture Funds Strategy Bled, September 0 Dr. Mircea Mihaescu Director, IT Strategy and Venture Capital, Sberbank Group @MirceaMihaescu Sberbank Strategic VC Investments Objectives Build a Corporate

More information

EFFECTIVE STRATEGIES FOR SEARCHING ORACLE UCM. Alan Mackenthun Senior Software Consultant 4/23/2010. F i s h b o w l S o l u t I o n s

EFFECTIVE STRATEGIES FOR SEARCHING ORACLE UCM. Alan Mackenthun Senior Software Consultant 4/23/2010. F i s h b o w l S o l u t I o n s EFFECTIVE STRATEGIES FOR SEARCHING ORACLE UCM Alan Mackenthun Senior Software Consultant 4/23/2010 F i s h b o w l S o l u t I o n s EFFECTIVE STRATEGIES FOR SEARCHING ORACLE UCM Contents INTRODUCTION...

More information

Oracle9i Data Warehouse Review. Robert F. Edwards Dulcian, Inc.

Oracle9i Data Warehouse Review. Robert F. Edwards Dulcian, Inc. Oracle9i Data Warehouse Review Robert F. Edwards Dulcian, Inc. Agenda Oracle9i Server OLAP Server Analytical SQL Data Mining ETL Warehouse Builder 3i Oracle 9i Server Overview 9i Server = Data Warehouse

More information

Beyond Spreadsheets. How Cloud Computing for HR Saves Time & Reduces Costs. January 11, 2012

Beyond Spreadsheets. How Cloud Computing for HR Saves Time & Reduces Costs. January 11, 2012 Beyond Spreadsheets How Cloud Computing for HR Saves Time & Reduces Costs January 11, 2012 Introductions Carl Kutsmode Partner at talentrise Talent Management and Recruiting Solutions Consulting firm Help

More information

Performance Testing. What is performance testing? Why is performance testing necessary? Performance Testing Methodology EPM Performance Testing

Performance Testing. What is performance testing? Why is performance testing necessary? Performance Testing Methodology EPM Performance Testing Performance Testing What is performance testing? Why is performance testing necessary? Performance Testing Methodology EPM Performance Testing What is Performance Testing l The primary goal of Performance

More information

Predictive Analytics

Predictive Analytics Predictive Analytics How many of you used predictive today? 2015 SAP SE. All rights reserved. 2 2015 SAP SE. All rights reserved. 3 How can you apply predictive to your business? Predictive Analytics is

More information

Extending Hyperion BI with the Oracle BI Server

<Insert Picture Here> Extending Hyperion BI with the Oracle BI Server Extending Hyperion BI with the Oracle BI Server Mark Ostroff Sr. BI Solutions Consultant Agenda Hyperion BI versus Hyperion BI with OBI Server Benefits of using Hyperion BI with the

More information

Enterprise Application Security Program

Enterprise Application Security Program Enterprise Application Security Program GE s approach to solving the root cause and establishing a Center of Excellence Darren Challey GE Application Security Leader Agenda Why is AppSec important? Why

More information

KMG Healthcare IT Solutions Case Studies

KMG Healthcare IT Solutions Case Studies KMG Healthcare IT Solutions Case Studies Introduction Key Management Group, Inc. is global healthcare IT solutions provider for practices, hospitals and medical centers. Our mission is to help businesses

More information

JOURNAL OF OBJECT TECHNOLOGY

JOURNAL OF OBJECT TECHNOLOGY JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2008 Vol. 7, No. 8, November-December 2008 What s Your Information Agenda? Mahesh H. Dodani,

More information

What s Up With That Airplane? Visualizing DoD Knowledge Using Splunk Dashboards. Ken Mattern

What s Up With That Airplane? Visualizing DoD Knowledge Using Splunk Dashboards. Ken Mattern What s Up With That Airplane? Visualizing DoD Knowledge Using Splunk Dashboards Ken Mattern Ken Mattern Senior Systems Analyst Data Miner Aranea Solutions, Inc. Huntsville, Alabama Department of Defense

More information

Data Warehouse and Business Intelligence Testing: Challenges, Best Practices & the Solution

Data Warehouse and Business Intelligence Testing: Challenges, Best Practices & the Solution Warehouse and Business Intelligence : Challenges, Best Practices & the Solution Prepared by datagaps http://www.datagaps.com http://www.youtube.com/datagaps http://www.twitter.com/datagaps Contact contact@datagaps.com

More information

The App Age: How Enterprises Use Mobile Applications

The App Age: How Enterprises Use Mobile Applications The App Age: How Enterprises Use Mobile Applications Introduction The mobile app market is growing steadily as businesses seek ways to innovate, create business value and engage partners and customers

More information

Analytics Canvas Tutorial: Cleaning Website Referral Traffic Data. N m o d a l S o l u t i o n s I n c. A l l R i g h t s R e s e r v e d

Analytics Canvas Tutorial: Cleaning Website Referral Traffic Data. N m o d a l S o l u t i o n s I n c. A l l R i g h t s R e s e r v e d Cleaning Website Referral Traffic Data Overview Welcome to Analytics Canvas's cleaning referral traffic data tutorial. This is one of a number of detailed tutorials in which we explain how each feature

More information

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015 For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6

More information

VRDA Vulnerability Response Decision Assistance

VRDA Vulnerability Response Decision Assistance VRDA Vulnerability Response Decision Assistance Art Manion CERT/CC Yurie Ito JPCERT/CC EC2ND 2007 2007 Carnegie Mellon University VRDA Rationale and Design 2 Problems Duplication of effort Over 8,000 vulnerability

More information

Customer Service Plan

Customer Service Plan Customer Service Plan 10/26/11 Executive Summary The United States has a long history of extending a helping hand to those people overseas struggling to make a better life, recover from a disaster or striving

More information

Overview. The Knowledge Refinery Provides Multiple Benefits:

Overview. The Knowledge Refinery Provides Multiple Benefits: Overview Hatha Systems Knowledge Refinery (KR) represents an advanced technology providing comprehensive analytical and decision support capabilities for the large-scale, complex, mission-critical applications

More information

Online Content Optimization Using Hadoop. Jyoti Ahuja Dec 20 2011

Online Content Optimization Using Hadoop. Jyoti Ahuja Dec 20 2011 Online Content Optimization Using Hadoop Jyoti Ahuja Dec 20 2011 What do we do? Deliver right CONTENT to the right USER at the right TIME o Effectively and pro-actively learn from user interactions with

More information

Proven Testing Techniques in Large Data Warehousing Projects

Proven Testing Techniques in Large Data Warehousing Projects A P P L I C A T I O N S A WHITE PAPER SERIES A PAPER ON INDUSTRY-BEST TESTING PRACTICES TO DELIVER ZERO DEFECTS AND ENSURE REQUIREMENT- OUTPUT ALIGNMENT Proven Testing Techniques in Large Data Warehousing

More information

Monitoring Remedy with BMC Solutions

Monitoring Remedy with BMC Solutions Monitoring Remedy with BMC Solutions Overview How does BMC Software monitor Remedy with our own solutions? The challenge is many fold with a solution like Remedy and this does not only apply to Remedy,

More information

Streamlining the Process of Business Intelligence with JReport

Streamlining the Process of Business Intelligence with JReport Streamlining the Process of Business Intelligence with JReport An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Product Summary from 2014 EMA Radar for Business Intelligence Platforms for Mid-Sized Organizations

More information

Cisco Unified Security Metrics: Measuring Your Organization s Security Health

Cisco Unified Security Metrics: Measuring Your Organization s Security Health Cisco Unified Security Metrics: Measuring Your Organization s Security Health SESSION ID: SEC-W05 Hessel Heerebout Manager, Application Security and Governance Cisco @InfoSec_Metrics You will take away

More information

Semantic Chat for Command, Control, and Intel Beyond Text

Semantic Chat for Command, Control, and Intel Beyond Text - 1 - Semantic for Command, Control, and Intel Beyond Text Version 1.0 draft, 2/23/2005 Authors Michael Behrens, R2AD, LLC Abstract tools have been around for a long time and have recently been recognized

More information

Security Automation in Agile SDLC Real World Cases

Security Automation in Agile SDLC Real World Cases Security Automation in Agile SDLC Real World Cases Ofer Maor Director of Security Strategy, Synopsys AppSec California, January 2016 Speaker Security Strategy at Synopsys Founder of Seeker / Pioneer of

More information

A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification

A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification , pp. 131-142 http://dx.doi.org/10.14257/ijseia.2015.9.10.13 A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification Min-gyu Lee 1, Hyo-jung Sohn 2, Baek-min Seong

More information

SACM Vulnerability Assessment Scenario IETF 94 11/05/2015

SACM Vulnerability Assessment Scenario IETF 94 11/05/2015 SACM Vulnerability Assessment Scenario IETF 94 11/05/2015 What is it? Walks through an automated enterprise vulnerability assessment scenario Begins with an enterprise ingesting a vulnerability report

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security

Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security Nominee International Security Executives (ISE ) Information Security Project of the Year

More information

COURSE OUTLINE. Track 1 Advanced Data Modeling, Analysis and Design

COURSE OUTLINE. Track 1 Advanced Data Modeling, Analysis and Design COURSE OUTLINE Track 1 Advanced Data Modeling, Analysis and Design TDWI Advanced Data Modeling Techniques Module One Data Modeling Concepts Data Models in Context Zachman Framework Overview Levels of Data

More information

Manage Vulnerabilities (VULN) Capability Data Sheet

Manage Vulnerabilities (VULN) Capability Data Sheet Manage Vulnerabilities (VULN) Capability Data Sheet Desired State: - Software products installed on all devices are free of known vulnerabilities 1 - The list of known vulnerabilities is up-to-date Desired

More information

Clinical Research Innovation through Shared Clinical Data Warehousing

Clinical Research Innovation through Shared Clinical Data Warehousing Clinical Research Innovation through Shared Clinical Data Warehousing Jerry Whaley Pfizer Jerry Whaley is senior director of development business technology at Pfizer and is involved in the implementation

More information

BIG DATA AND THE ENTERPRISE DATA WAREHOUSE WORKSHOP

BIG DATA AND THE ENTERPRISE DATA WAREHOUSE WORKSHOP BIG DATA AND THE ENTERPRISE DATA WAREHOUSE WORKSHOP Business Analytics for All Amsterdam - 2015 Value of Big Data is Being Recognized Executives beginning to see the path from data insights to revenue

More information

White Paper. Software Development Best Practices: Enterprise Code Portal

White Paper. Software Development Best Practices: Enterprise Code Portal White Paper Software Development Best Practices: Enterprise Code Portal An Enterprise Code Portal is an inside the firewall software solution that enables enterprise software development organizations

More information

Northstone Consulting Ltd.

Northstone Consulting Ltd. Northstone Consulting Ltd. We give you precise key agendas, strategies and recommendations to strengthen your business. - Mr. Philipp Elhaus, Partner Company Profile Northstone is a management consultancy.

More information

NIH Commons Overview, Framework & Pilots - Version 1. The NIH Commons

NIH Commons Overview, Framework & Pilots - Version 1. The NIH Commons The NIH Commons Summary The Commons is a shared virtual space where scientists can work with the digital objects of biomedical research, i.e. it is a system that will allow investigators to find, manage,

More information

Collaboration. Michael McCabe Information Architect mmccabe@gig-werks.com. black and white solutions for a grey world

Collaboration. Michael McCabe Information Architect mmccabe@gig-werks.com. black and white solutions for a grey world Collaboration Michael McCabe Information Architect mmccabe@gig-werks.com black and white solutions for a grey world Slide Deck & Webcast Recording links Questions and Answers We will answer questions at

More information

Content Marketing in 2014:

Content Marketing in 2014: Benchmark Report Content Marketing in 2014: Sponsored By: 2014 Demand Metric Research Corporation in Partnership with Ascend2. All Rights Reserved. TABLE OF CONTENTS 3 Executive Summary 10 Content Campaign

More information

White Paper Think BIG

White Paper Think BIG White Paper Think BIG Fusion of Biometric and Biographic Data In Large-Scale Identification Projects WCC is a global leader in search and match technology with a market leading platform for identification

More information

Global Project Management System Reporting Portal. March 2012

Global Project Management System Reporting Portal. March 2012 Global Project Management System Reporting Portal March 2012 1 Agenda Background Example Reports Bells & Whistles Lessons Learned & What s Next Daiichi Sankyo, Inc. 2 The Problem Senior Management was

More information

Making Leaders Successful Every Day

Making Leaders Successful Every Day Making Leaders Successful Every Day Why & How Enterprises Are Adopting the Cloud James Staten, VP, Principal Analyst The bottom line 1. Public cloud adoption is driven by the business, not IT Empowered

More information

4. Understanding Clinical Data and Workflow Understanding Surveillance Data Exchange Processes Guide and Worksheet

4. Understanding Clinical Data and Workflow Understanding Surveillance Data Exchange Processes Guide and Worksheet To properly prepare for implementing the pilot of your surveillance program and its subsequent rollout, you must understand the surveillance data exchange processes. These processes can vary depending

More information

HITEKS REAL- TIME SOLUTIONS FOR REAL- LIFE PROBLEMS

HITEKS REAL- TIME SOLUTIONS FOR REAL- LIFE PROBLEMS HITEKS REAL- TIME SOLUTIONS FOR REAL- LIFE PROBLEMS Health systems invest extremely large amounts of financial and human capital collecting clinical encounter data. The process begins with the physician

More information

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector

More information

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012

More information

An Introduction to Continuous Controls Monitoring

An Introduction to Continuous Controls Monitoring An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc

More information

ORACLE S PRIMAVERA FEATURES PORTFOLIO MANAGEMENT. Delivers value through a strategy-first approach to selecting the optimum set of investments

ORACLE S PRIMAVERA FEATURES PORTFOLIO MANAGEMENT. Delivers value through a strategy-first approach to selecting the optimum set of investments ORACLE S PRIMAVERA FEATURES Delivers value through a strategy-first approach to selecting the optimum set of investments Leverages consistent evaluation metrics, user-friendly forms, one click access to

More information

Kaspersky Whitelisting Database Test

Kaspersky Whitelisting Database Test Kaspersky Whitelisting Database Test A test commissioned by Kaspersky Lab and performed by AV-Test GmbH Date of the report: February 14 th, 2013, last update: April 4 th, 2013 Summary During November 2012

More information

Distributed Networking

Distributed Networking Distributed Networking Millions of people. Strong collaborations. Privacy first. Jeffrey Brown, Lesley Curtis, Richard Platt Harvard Pilgrim Health Care Institute and Harvard Medical School Duke Medical

More information

Customers award top satisfaction scores to IBM System x x86 servers. August 2014 TBR T EC H N O LO G Y B U S I N ES S R ES EAR C H, I N C.

Customers award top satisfaction scores to IBM System x x86 servers. August 2014 TBR T EC H N O LO G Y B U S I N ES S R ES EAR C H, I N C. Customers award top satisfaction scores to IBM System x x86 servers August 2014 TBR T EC H N O LO G Y B U S I N ES S R ES EAR C H, I N C. IBM System x satisfaction scores surpass those of competing vendors

More information

Guide to set up Google Analytics - New customers Visiolab introduction

Guide to set up Google Analytics - New customers Visiolab introduction Guide to set up Google Analytics - New customers Visiolab introduction This Guide will help you set up your Google Analytics account. At the same time, it will help you understand how Visiolink applications

More information

External Network Penetration Test Report

External Network Penetration Test Report External Network Penetration Test Report Jared Doe jared@acmecompany.com C O N F I D E N T I A L P a g e 2 Document Information Assessment Information Assessor Kirit Gupta kirit.gupta@rhinosecuritylabs.com

More information

Software Code Quality Checking (SCQC) No Clearance for This Secret: Software Assurance is MORE Than Security

Software Code Quality Checking (SCQC) No Clearance for This Secret: Software Assurance is MORE Than Security Software Code Quality Checking (SCQC) No Clearance for This Secret: Software Assurance is MORE Than Security Nominee International Security Executives (ISE ) Information Security Project of the Year North

More information

2012 North American Vulnerability Research Product Leadership Award

2012 North American Vulnerability Research Product Leadership Award 2012 2012 North American Vulnerability Research Product Leadership Award 2012 Frost & Sullivan 1 We Accelerate Growth Product Leadership Award Vulnerability Management North America, 2012 Frost & Sullivan

More information

Integrated Governance, Risk and Compliance (igrc) Approach

Integrated Governance, Risk and Compliance (igrc) Approach U.S. Department of Homeland Security (DHS) United States Secret Service (USSS) Integrated Governance, Risk and Compliance (igrc) Approach Concept Paper* *connectedthinking Provided to: Provided by: Mrs.

More information

Configuration and Management of Speaker Verification Systems

Configuration and Management of Speaker Verification Systems Configuration and Management of Speaker Verification Systems Chuck Johnson Architect ibiometrics, Inc. Introduction For peak performance of a Speaker Verification solution, the VoiceXML client (voice application)

More information

Pay-Per-Click/Google Adwords Services

Pay-Per-Click/Google Adwords Services Pay-Per-Click/Google Adwords Services 1. Development of PPC Campaign and Optimisation Services. SIMPLE ID agrees to create, install, manage, develop and employ custom PPC Advertising tactics according

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

Tidepool Informational Pre-submission Meeting

Tidepool Informational Pre-submission Meeting Tidepool Informational Pre-submission Meeting Prepared for FDA CDRH June 2, 2015 Tidepool attendees: Howard Look, President and CEO (phone) Brandon Arbiter, VP Product and BizDev (phone) Sheila Ramerman,

More information

Lee Barnes, CTO Utopia Solutions. Utopia Solutions

Lee Barnes, CTO Utopia Solutions. Utopia Solutions Mobile Technology Testing Are You Ready? Lee Barnes, CTO Utopia Solutions Agenda 1. Mobile Testing Challenges 2. Mobile Testing Practices 3. Mobile Test Automation 4. Summary and Q & A Mobile Testing Challenges

More information

The SharePoint Maturity Model

The SharePoint Maturity Model The SharePoint Maturity Model Version 2.1 Last revised: 16 November 2011 11/27/2011 Copyright 2011 Sadalit Van Buren 1 What s In It For Me? The Maturity Model can help you develop your strategic roadmap,

More information

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Introduction to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999

More information

MOBILE METRICS REPORT

MOBILE METRICS REPORT MOBILE METRICS REPORT ios vs. Android Development in 2015 A Ship.io Study for Mobile App Developers, Testers, and Product Managers Mobile developers understand the rising importance of continuous integration

More information

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing

More information

Increasing the Effectiveness and Efficiency of SOA through Governance

<Insert Picture Here> Increasing the Effectiveness and Efficiency of SOA through Governance Increasing the Effectiveness and Efficiency of SOA through Governance Enrique Martín MW Presales Manager. Oracle Agenda Challenges Solved with SOA Governance Oracle s SOA Governance:

More information

Five Best Practices of Vendor Application Security Management

Five Best Practices of Vendor Application Security Management Five Best Practices of Vendor Application Security Management Table of Contents Executive Summary...1 Managing Risk in the Software Supply Chain...1 Challenges with Securing Vendor Software...3 Taking

More information

An Overview of NewsEdge.com

An Overview of NewsEdge.com An Overview of NewsEdge.com 1 Introduction This document introduces Acquire Media s NewsEdge.com service. The associated high-level walkthroughs are designed to guide you through the steps for using some

More information

& ENTERPRISE DATA COST AND SCALE WAREHOUSE AUGMENTATION BIG DATA COST, SCALABILITY

& ENTERPRISE DATA COST AND SCALE WAREHOUSE AUGMENTATION BIG DATA COST, SCALABILITY COST AND SCALE BIG DATA COST, SCALABILITY & ENTERPRISE DATA 1 WAREHOUSE AUGMENTATION To derive the most value from Big Data technologies, enterprises must solve the cost and scalability problems inherent

More information

SwiftScale: Technical Approach Document

SwiftScale: Technical Approach Document SwiftScale: Technical Approach Document Overview This document outlines a technology embodiment of the SwiftScale application including the technology, deployment and application architectures. Technology

More information

Aligning Quality Management Processes to Compliance Goals

Aligning Quality Management Processes to Compliance Goals Aligning Quality Management Processes to Compliance Goals MetricStream.com Smart Consulting Group Joint Webinar February 23 rd 2012 Nigel J. Smart, Ph.D. Smart Consulting Group 20 E. Market Street West

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Application for Splunk Enterprise

Application for Splunk Enterprise Application for Splunk Enterprise User Guide Document Version 1.77 28 October 2015 10004-01 EN Rev. A 2015 ThreatConnect, Inc. ThreatConnect is a registered trademark of ThreatConnect, Inc. UNIX is a registered

More information

Building a Corporate Application Security Assessment Program

Building a Corporate Application Security Assessment Program Building a Corporate Application Security Assessment Program Rob Jerdonek and Topher Chung Corporate Information Security Intuit Inc. July 23, 2009 Copyright The Foundation Permission is granted to copy,

More information

Studio. Rapid Single-Source Content Development. Author XYLEME STUDIO DATA SHEET

Studio. Rapid Single-Source Content Development. Author XYLEME STUDIO DATA SHEET Studio Xyleme delivers content management for learning and development. We transform the way you author, publish, deliver, and analyze learning content to drive business performance. With Xyleme, you have

More information

Cyber Security Information Exchange

Cyber Security Information Exchange Cyber Security Information Exchange Luc Dandurand NATO Communications and Information Agency Session ID: SECT-T08 Session Classification: General Interest Overview Cyber security in NATO Highlight of existing

More information

In ediscovery and Litigation Support Repositories MPeterson, June 2009

In ediscovery and Litigation Support Repositories MPeterson, June 2009 XAM PRESENTATION (extensible TITLE Access GOES Method) HERE In ediscovery and Litigation Support Repositories MPeterson, June 2009 Contents XAM Introduction XAM Value Propositions XAM Use Cases Digital

More information

Moving Enterprise Applications into VoiceXML. May 2002

Moving Enterprise Applications into VoiceXML. May 2002 Moving Enterprise Applications into VoiceXML May 2002 ViaFone Overview ViaFone connects mobile employees to to enterprise systems to to improve overall business performance. Enterprise Application Focus;

More information

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.

More information

GOVERNMENT USE OF MOBILE TECHNOLOGY

GOVERNMENT USE OF MOBILE TECHNOLOGY GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...

More information

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE Martin Callinan Martin.callinan@sourcecodecontrol.co Wednesday, June 15, 2016 Table of Contents Introduction... 2 Source Code Control... 2 What we do... 2 Service

More information

Getting Started with Web Application Security

Getting Started with Web Application Security Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled

More information

Best practices for improving consumer data quality

Best practices for improving consumer data quality Best practices for improving consumer data quality Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names

More information

Company X SEO Review. April 2014

Company X SEO Review. April 2014 Company X SEO Review April 2014 Introduction The following SEO marketing review provides a top-line overview of your current position online, as it relates to natural search rankings, and highlights areas

More information

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits. Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola

More information

ARF, ARCAT, and Summary Results. Lt Col Joseph L. Wolfkiel

ARF, ARCAT, and Summary Results. Lt Col Joseph L. Wolfkiel ARF, ARCAT, and Summary Results Lt Col Joseph L. Wolfkiel Enterprise-Level Assessment and Reporting The Concept Assessment Results Format (ARF) Assessment Summary Results (ASR) The Assessment Results Consumer

More information

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014 1 ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014 About the Presenters Ms. Irene Selia, Product Manager, ClearSkies SecaaS SIEM Contact: iselia@odysseyconsultants.com,

More information

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform Technical Discussion David Churchill CEO DraftPoint Inc. The information contained in this document represents the current

More information

Search Engine Optimization

Search Engine Optimization Search Engine Optimization Software Features Guide 2015 Prepared by: Aesthetic Agency Table of Contents SEO Software Features 3 Live Monitoring... 3 Tracks Notifications and Confirmations.. 3 Checks for

More information

Building In-Database Predictive Scoring Model: Check Fraud Detection Case Study

Building In-Database Predictive Scoring Model: Check Fraud Detection Case Study Building In-Database Predictive Scoring Model: Check Fraud Detection Case Study Jay Zhou, Ph.D. Business Data Miners, LLC 978-726-3182 jzhou@businessdataminers.com Web Site: www.businessdataminers.com

More information