4
Access Control
sas
sassasa
Access Control as defined by Microsoft MSDN, is a security features that control who can access resources in the operating system. Similar process is an applications that can call access control functions to set who can access specific resources provided by the application. Although, having access control is a privilege but it also a vulnerabilities to an Organization’s system.
The example of common problem or issues that arise from the access control are too much access right, access exceeds function, and poorly managed access control. These shows that the management that manages the access control distribution has to be improve to avoid any further risk of incident. Furthermore it can be worse as an the management can provide an Inadequate decision making for assets granting, and within the organization there is a breakdown in centralized policy management. as for the staff, there is still a vague view between business and personal use of the assets of the organization. Let take access control to a higher place, for example to the cloud computing environment. It is now became a trend for business and lifestyle alike to adapt cloud computing in their daily task. However, one of the biggest hurdles in the widespread adoption of cloud computing is security, one of it is particularly access control. As explained by Kalyani M.,Author of The Privacy Post, in one of his article Cloud Computing is highly dynamic and diverse. These puts cloud computing to be not suitable for firewalls and VLAN, are not exactly well suited to meet the challenges of cloud computing environment. Thus the current access control mechanism are not enough to handle this dynamic environment of Cloud Computing.
Case: Access Control
Oregon Health & Science University, March 25, 2012 a surgeon’s in-encrypted laptop was stolen from a vacation rental home in Hawaii. The stolen laptop contained medical record numbers, types and dates of surgeries, name of surgeons of 4,022 patients, and compromising 17 confirmed patients information. the University says that the laptop didn’t have any encryption, because it was strictly used for research purposes therefore it was not required to use encryption.
so far these are the confirmed leaked information from the stolen laptop: Patients Names, Patients Medical Records Numbers, Information of Surgery for each patient, Patient Gender and patient Age, Name of Surgeon and Anesthesiologist.
This is the second recent data breach at OHSU. in 2012, the University had sent letters to about 14,000 patients and 200 employees after the theft of a flash drive at a hospital employee’s home while assuring improved safeguards on the University’s information integrity. However, it is now evident that those “safeguards” did nothing to meet the strict HIPAA (Health Insurance Portability and Accountability Act) requirement to remain compliant pursuant to the regulatory agency’s scrutiny.
Unfortunately, medical data breaches are not just a problem in Oregon.
In January, the University of Mississippi Medical Center issued a breach notice to an unknown of patients that it had lost a shared, password-protected laptop containing patients’ medical files. In February, Texas Tech University Health Science Center experienced a data breach affecting about 700 patients.
A Study Conducted by Data Security Firm Redspin found that while overall data breach incidents increased 21% in 2012, with the number records exposed increased to 77%. However, the study also points out that 38% of data breaches in 2012 were the result of an in-encrypted laptop or other portable electronic device. Access control will still opens to vulnerabilities and it seems that it will continuing to show the risk side of it than most opportunities from it.
Issue in Computer Security
by Brightson