ICSA Labs White Papers

IHE Profiles and Certification Drive Interoperability

A certification program can’t work unless it has the support of companies that pay for the privilege of attaining elevated performance status for tested products. But that’s not enough. The certification additionally must be understood, accepted and requested--even demanded--by the buyers of those products. In the case of certification for IHE Profiles contained within health information technology software, the ‘understanding’ part is a challenge unto itself.

There are significant and critical issues around effective inclusion of these profiles in products going to market, and therefore the need for a formal, rigorous, independent examination of how the profiles are incorporated. The value of certification can’t be understood without a working understanding of what IHE Profiles are--how they came to be developed, by whom, and why.

No doubt health IT vendors have such an understanding, or they should. So it’s relatively easier to follow the case for certification in the whitepaper just published by ICSA Labs. But healthcare providers, CIOs, clinical executives and those who make health policy around the industry need for IT interoperability aren’t likely to have working knowledge of IHE’s mission, progress, or value in enabling uniform implementation of data creation and transport to and from different information systems.

That’s why this whitepaper focuses heavily on bringing the healthcare field’s IT users and influencers up to speed on the depth, breadth and purposes of IHE Profiles, and the impact they can have on longstanding interoperability challenges if implemented precisely and uniformly through the purchase of certified IT products. The rest is up to producers and their acceptance of certification, and also to knowledgeable customers requiring certification so they can reliably push ahead to an information environment capable of following the patient.

Smart Grid: AMI Component Security

An initiative is underway around the world to develop the next generation of the power grid: the Smart Grid. And, an integral part of the Smart Grid is the Advanced Metering Infrastructure (AMI). Security of the AMI is critical, and implementers must perform an end-to-end evaluation of the AMI for their specific environment. It is similarly important to verify the security features of each individual component that comprises the larger system. This paper discusses some essential requirements that must be taken into consideration when evaluating the security of AMI components.

Compliance, Incentives and Penalties: Hot Topics in US Health IT

This paper examines some aspects of the state of the USA’s HIT (Health IT) with respect to security.

How to Select a Network Firewall

The following white papers outlines some activities specific to choosing a Network Firewall that should be performed in advance of making a final product purchasing decision.

How to Select an IPSec Gateway

You are in the market for an IPsec gateway. To date you followed the steps outlined in the white paper entitled, “How to Select the Right Computer or Network Security Product.” Having reached this point in your search now is the time to evaluate products on the shortlist. The following sections outline some activities specific to choosing an IPsec gateway that should be performed in advance of making a final product purchasing decision.

Still Curious About Anti-Spam Testing?

Every day for the last several years, ICSA Labs has been collecting, analysing and relaying spam messages through a range of devices offered by some of the leading anti-spam product vendors to evaluate their quality of protection. This paper details insight gained during our extensive anti-spam message analysis and product testing efforts. First, the analysis performed on each spam message will be presented, including tracked characteristics of the daily corpus. Characteristics of the incoming spam corpus (e.g. volume, country of origin, etc.) are correlated with events reported to have had some effect on the corresponding characteristic spam on the Internet. Second, the methodology developed for both store-and-forward and ‘live’ testing of anti-spam devices will be described. Differences in measured effectiveness between ‘live’ testing and testing with delayed messages are discussed. Third, the array of detection techniques employed by the devices under test is presented. Fourth, second exposure detection effectiveness as a function of delay between initial and subsequent exposure is also discussed. Finally, a comparison will be made between ICSA Labs’ anti-spam testing program and the well-known VBSpam anti-spam testing program.

Kernal-22

With the amount of malware growing at a huge pace, researchers must rely on automated systems to handle the ever increasing workload. In addition, there has also been an increase in the number of analysis tools researchers can employ – each possessing its own requirements for operation and update, its own output formats, and often its own licensing agreements. Getting diverse tools to operate together in an automated environment is a significant challenge, and customization of off-the-shelf tools can be expensive and time consuming. This white paper is a chronicle of the development of a source-code framework (written in C) for creating a substitute (spoofing) kernel32.dll that is easily deployed, simple to modify, suitable for automated systems, does not modify any existing dll’s or programs (not even by code injection), and is freely available. The material covered looks at how to handle all the issues encountered including the big “Catch-22”: How can a function in kernel32.dll be called from kernel32.dll if the kernel32.dll to be called is not the kernel32.dll that is doing the calling? Admittedly, this is not the “ultimate solution” and drawbacks and weaknesses are also discussed. The source-code presented produces actual working programs and demonstrations are available if time permits.

How to Select an Anti-Spam Solution

You are in the market for an anti-spam solution that examines all of the organization’s e-mail messages before they are forwarded on to the organization’s mail server. To date you followed the steps outlined in the white paper entitled, “How to Select the Right Computer or Network Security Product”. You have reached the point in your search where it is now time to evaluate the products on your shortlist in your environment. This follow-on white paper lists some activities specific to choosing a network-based anti-spam solution that should be performed in advance of making a final product purchasing decision.

How To Select a Network Intrusion Prevention System

You are in the market for a network intrusion prevention system (IPS). To date you followed the steps outlined in the white paper entitled, “How to Select the Right Computer or Network Security Product.” You have reached the point in your search where it is now time to evaluate the products on your shortlist in your environment. This follow-on white paper lists some activities specific to choosing a network IPS that should be performed in advance of making a final product purchasing decision.

How to Select the Right Computer or Network Security Product

If you were in the market for an HDTV you would probably do some research before settling on one. After all, there are so many choices in terms of makes and models, and also so many bells and whistles from one model to the next. You would spend time learning as much as you could, rightly believing that an informed customer will make the most intelligent decision possible. The same is true of almost anything you would buy including the computer and network security products needed to protect your organization’s network. But where do you begin? How should you go about it? Is there a process to follow? In this white paper we present a list of ordered, logical steps to help you purchase the right product for your environment.