For Better Password Policies: OWASP Passfault

OWASP Passfault improves on password strength and password policies.

By |September 9th, 2015|General, Security|0 Comments|

Patient Verification vs. Identity Fraud

A recent article in the Healthcare Info Security discusses a study conducted by the Ponemon Institute, sponsored by Experian’s ProtectMyID. The study asserts that nearly 70 percent of the medical ID theft incidents involved others fraudulently using credentials to obtain healthcare services. In more than half of the medical ID theft cases, the victims didn’t report the incidents to law enforcement, often because they knew the person who stole their identity.

This is often called the “Robin Hood effect” because family members are allowing the use of their insurance card to cover uninsured relatives. It is understandable why someone might help out an ailing relative, however, cases have been found where cards were used to purchase medical devices and equipment like scooters that were later sold on eBay.

The Affordable Care Act estimates that healthcare reform could bring coverage to 30 million uninsured who lack coverage. By covering more people with healthcare, we should see a substantial drop in the number of uninsured but will we see a corresponding drop in medical ID theft? That may be optimistic.

That’s because not all health insurance policies are created equal. Some of the least expensive new offerings expected to be obtainable on the market, or provided through the expansion of state-level Medicaid and Children’s Health Insurance Programs, might not offer all the benefits someone wants, Ponemon says. There could still be a motivation to fraudulently gain access to better polices which have more benefits.

One way to deter medical identity fraud is to add advanced technologies like biometrics to insurance cards. The biometrics would be used to verify the identity of the patient at every visit and would prevent fraudulent use of the insurance plan. Biometric identification would also support […]

Improve Cybersecurity with Continuous Monitoring

Cybersecurity has now superseded terrorism as our country’s #1 threat. Can continuous monitoring save the day?

Part 1: Is the Trend for Tera-Scope Terrifying or Terrific?

In this 4 part post we are going to explore a trend in how the U.S. Government is acquiring Information Technology (IT) services. More and more agencies are developing Performance Work Statements (PWS) with every possible type of IT service (including associated item acquisition) into comprehensive, umbrella arrangements. There are several variations on this approach but the most current one seems to be the “all inclusive package”. In Part 1 of this post we are going to look at how vendors perceive what I am calling “Tera-Scope” opportunities.
Old Way: The Government needs a specific set of IT services over a multi-year period of time that will accomplish one large overall objective (such as the full life cycle of a computer business system). Companies 1, 2 and 3 compete. Company 2 wins the contract. Company 2 hires subcontractors to fill capacity or skill gaps and begins working with the Government to achieve the Government’s objectives. Next month the Government needs another specific set of IT Services over a multi-year period of time (let’s say it’s Help Desk/Customer Care). Companies 1, 4 and 5 compete. Company 4 wins the contract. Company 4 hires subcontractors to fill capacity or skill gaps and begins working with the Government to achieve the Government’s objectives. And so on…., resulting in a lot of contracts to manage.

New Way: The Government writes a “Tera-Scope” Performance Work Statement (PWS). It covers every aspect of IT services and products including property acquisition and installation, facilities management, operations, software development and sustainment, systems engineering, technology assessment, information assurance, help desk/customer care, training, administrative support and the kitchen sink. Only winners of a contract will get work within the Tera-Scope from that Agency. Any of the […]

Are Government Agencies Drowning in Data?

Recently Federal Computer Week featured an article entitled: Why agencies are drowning in data. The article was based on a recent survey by Semantic Corporation on effective big data strategies. The survey found that that the main reasons for agencies feeling overwhelmed were data governance and data security. I think, however, they were asking the wrong questions.

The government is currently producing and making available huge amounts of data. I agree that this data needs to be kept secure and managed so it can be made available to the appropriate users. However, I think the bigger question is who is taking the time to look at the data and what are they doing with the information. Take acquisition data, for instance. There are volumes of data about what the government is purchasing, who in the government is making the purchases and what they are buying. Government analysts could be asking questions like:

Are we getting the best price possible on specific commodities?
Does one agency negotiate better prices than other agencies?
Why don’t we all get those good prices?
Which contract vehicles are most cost effective?
Is lowest price always the best answer?
Do we get more returns on commercial items that were purchased due to lower prices?

The list could go on and on. The problem is that no one is really looking at the data — truly analyzing it. Analysis of this type is very common in the private sector as businesses try to understand where they fit in a marketplace and how to make their supply chain run more efficiently. Government employees do not look at themselves as running a business.  They are always looking for cheaper prices and more efficient business practices, but often do not have the […]

4 Steps to Prevent eCommerce Choice Overload

Are too many choices making eCommerce difficult for consumers? Recently I listened to a TED Talk by Dr. Sheena Iyengar, Professor at Columbia University and author of “The Art of Choosing.” eCommerce managers who often pride themselves in how much content they provide their customers should take her observations into consideration.

3 Things I’ve Learned Since Joining the Private Sector

Many of my friends and colleagues are still “on the inside,” as in working for the Federal Government as civilian employees. I took the plunge 18 months ago; I retired and went to work in the private sector. This blog post is for my friends and colleagues who may be thinking about doing the same thing. I’ve got some points I’d like for you to consider that reach beyond the obvious.

1. You must stay informed. When working for the Federal Government, as long as you know the chain of command in your organization, the goals and objectives set by the organization, and the informal power structure therein, you really don’t have to pay too much attention to the larger world. If policies change the policy people will tell you – and even they have to be in touch with only their assigned area of responsibility. Sure, you are more effective if you continually survey the entire landscape, but you don’t necessarily have to do this.

In the private sector nobody tells you when to pay attention. Reading news articles, participating in LinkedIn discussion groups, monitoring trade journals is something you have to do now as part of your daily work habits. Suddenly it’s all about what you know that’s new in addition to who or what you know.

2. The bottom line is real and you must contribute. As a civil servant I worked hard to stay within budget for my projects. But truth be told, when unforeseen issues or needs arose, there was always money somewhere to bridge the gap. You do need skills such as anticipation, persuasiveness, and passion to get the available money before somebody else does, but somehow there’s always a way […]

National Patient Identifier on the Horizon?

National Patient Identifiers have been sparking a lot of discussion in the blogosphere in the last few months. Last month a Forbes article posited that a “128-Byte Data Field“ identifying an individual could save lives and millions of dollars.

By |March 26th, 2014|General|0 Comments|

B2B VS B2G: How eCommerce Can Save the Government Money

We’ve reached into the Partnet archive to bring you today’s post. Originally posted in March 2013, B2B VS B2G: How eCommerce Can Save the Government Money, is brought to us by blogger Debra Fryar.

Business to Business (B2B) markets have positively influenced the business community for a number of years now. Their impact on the economy is evident in several ways:

Transaction costs. Three cost areas are significantly reduced through the conduct of B2B eCommerce.

First is the reduction of search costs, as buyers need not go through multiple intermediaries to search for information about suppliers, products and prices as in a traditional supply chain. Internet is more efficient at gathering information, in terms of effort, time, and money spent. In B2B markets, buyers and sellers are gathered together into a single online trading community, reducing search costs even further.
Second is the reduction in the costs of processing transactions (e.g. invoices, purchase orders and payment schemes), as B2B allows for the automation of transaction processes and therefore, the quick implementation of the same compared to other channels (such as the telephone and fax).
Third, online processing improves inventory management and logistics.

Removing Intermediaries. Through B2B e-markets, suppliers are able to interact and transact directly with buyers, thereby eliminating intermediaries and distributors.

Transparency in pricing. Among the more evident benefits of e-markets is the increase in price transparency.

The gathering of a large number of buyers and sellers in a single e-market reveals market price information and transaction processing to participants.
Increased price transparency has the effect of pulling down price differentials in the market.
Buyers are provided much more time to compare prices and make better buying decisions.
B2B e-markets also allow multiple buyers and sellers to participate in two-way or reverse auctions. In such environments, […]

By |March 6th, 2014|General|0 Comments|

Communicating with the Government Round-Up

Last month my colleague Gabrielle Zimmerman wrote a two-part blog series on Communicating with the Government. I put it out for discussion on LinkedIn asking for people’s experience with communicating with government and learned a lot.

Google+