Terminal Services Notes

  • http://www.quepublishing.com/content/images/0789728494/webresources/A011102.html
  • http://www.sessioncomputing.com/applications.htm
  • http://office.microsoft.com/en-us/ork2000/HA011379551033.aspx

    Disaster and Recovery Planning Resources

    NIST Contingency Planning Templates

    Google Search for \'Business Continuity Templates \'

    http://csrc.nist.gov/publications/nistpubs - Computer Security Resource Center - National Institute of Standards and Technology

    http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf - National Institute of Standards and Technology - Contingency Planning Guide for Information Technology Systems: PDF - Extremely In-Depth Guide Protecting IT Infrastructure

    http://www.drj.com/new2dr/samples.htm - Sample Plans, Outlines and other Plan writing resources


    http://gita.state.az.us/policies_standards/html/p800_s865_bcdr.htm - State of Arizona - Guidelines for creating

    http://www.utoronto.ca/security/drp.htm University of Toronto Computer and Network Servces - Disaster recovery Planning

    Hospital-Health Care or PACS specific contingency planning:

    The Year 2000 Threat: Preparing Radiology for Nine Realms of Risk - http://radiology.rsnajnls.org/cgi/content/full/210/1/17
    Note: The nine "realms of risk" is intersting
    Computer Crash — Lessons from a System Failure - http://content.nejm.org/cgi/content/full/348/10/881

    Correspondence to the JAMA editors about the above event Note the comments from doctors blaming the "lack of credentials" of IT profesionals. What about the lack of involvement and or engagement of the physicians?

    Security References

    http://www.sans.org/rr/papers/index.php?id=891 - "HIPAA-compliant configuration guidelines for Information Security in a Medical Center environment" by Robert Grenert, GSEC March 12, 2003

    http://www.sans.org/rr/papers - System Administration and Network Security (SANS) Reading Room

    http://www.csrc.nist.gov/publications/nistpubs/ - Computer Security Resource Center (CSRC) of The National Institute for Standards and Technology (NIST)

    http://msdn.microsoft.com/msdnmag/issues/02/09/SecurityTips/default.aspx - Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know -- MSDN Magazine, September 2002:

    http://msdn.microsoft.com/msdnmag/issues/01/11/security/default.aspx - Security Briefs: ASP .NET Security Issues -- MSDN Magazine, November 2001:

    http://www.develop.com/kbrown/book/html/whatis_polp.html - A .NET Developer's Guide to Windows Security: Item 4: What is the principle of least privilege?:

    http://www.develop.com/kbrown/book/html/whatis_anonprivilegeduser.html A .NET Developer's Guide to Windows Security: Item 8: What is a non privileged user?:

    http://www.develop.com/kbrown/book/html/howto_runasnonadmin.html - A .NET Developer's Guide to Windows Security: Item 9: How to develop code as a non-admin:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/tchDevelopingSoftwareInVisualStudioNETWithNon-AdministrativePrivileges.asp - Developing Software in Visual Studio .NET with Non-Administrative Privileges by Lars Bergstrom, Visual Studio Core Team, Microsoft Corporation, December 2003

    http://weblogs.asp.net/gad/archive/2004/01/24/62539.aspx The Importance of the Principle of Least Privilege - An excellent opening paragraph on this article summarizes the reasons for NOT developing code with an administrative account
    "..The most important reason for limiting the security privileges your code requires to run is to reduce the damage that can occur should your code be exploited by a malicious user. If your code only runs with basic user privileges, it’s difficult for malicious users to do much damage with it. If you require users to run your code using administrator privileges, then any security weakness in your code could potentially hand control of that machine (and potentially other connected machines) to malicious code that exploits that weakness."

    http://www.cap-lore.com/CapTheory/ProtInf/ "The Protection of Information in Computer Systems" by JEROME H. SALTZER, SENIOR MEMBER, IEEE, AND MICHAEL D. SCHROEDER, MEMBER, IEEE. from Proceedings of the IEEE. Vol. 63, No. 9 (September 1975), pp. 1278-1308 Manuscript received October 11, 1974; revised April 17. 1975. Copyright © 1975 by J. H. Saltzer. The authors are with Project MAC and the Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology Cambridge, Mass. 02139.

    http://www.whitehouse.gov/pcipb/ - “A National Strategy to Secure Cyberspace” published by President George W. Bush’s “Critical Infrastructure Protection Board” September 2002

    HIPAA Specific references:

  • "HIPAA and Its Legal Implications for Health Care Information Technology Solution Providers", by The Rotbert Law Group LLC and the Information Technology Association of America The paper provides an overview of HIPAA's legal implications for health care IT solution providers such as software vendors, application services providers, outsourcers and system integrators. It focuses on information technology law including HIPAA privacy and security. http://www.itaa.org/isec/docs/hippawhitepaper.pdf

  • "Preparing for HIPAA: Privacy and Security Issues to be Considered", by Sherry Fischer This white paper attempts to answer the question, "Given that faculty are involved in education, research and clinical practice at a variety of affiliated medical and research institutions, and data containing personal health information (PHI) resides in a distributed fashion in a variety of platforms, what are some of the ways that a large medical school can begin to implement HIPAA's controls and overcome the many potential barriers to compliance?" http://www.sans.org/rr/papers/index.php?id=899