Defending Against Security Threats

By Brian T. Horowitz  |  Posted 2011-01-20 Print this article Print

We use [Cast] for somewhere around 10 to 12 of our applications. Increasingly, project group by project group uses the Cast tool at different levels of granularity. Obviously a project manager and a software architect will look into things in much more detail than I will as the CIO. I have a dashboard, then I just look at the dashboard and if I don't see red, I just concentrate on something else.

You have this information at your fingertip, and you can dig in to lower levels of detail.

Then I can drill down to see where Cast highlights there's a problem. If you use Cast systematically and regularly, the debugging becomes much easier.

What are the plans for Function Points? What does this initiative entail?

Function Point analysis is one of the ways people try to understand initially how much it will cost to build a software package. By doing function point analysis, you can have a measurement of the complexity of the program code.

Cast will tell me whether what I've spent for this Website is reasonable given the amount of complexity, whether I've paid too much or whether I've gotten away with paying little for it. You have the code written, and then you analyze for the number of function points. You have to have specialists that do this manually.

How does the EMA approach the security challenges of storing 70 terabytes of data?

We run standard state-of-the-art IT security. So we have the usual arrangement of cascaded firewalls. So it cannot be a systemic whole. We use specially certified consultants who are cleared at the military levels to check the design of our IT security systems.

We pay a specialized company to try and break into our systems. We have all of the required approaches.

What types of data breaches have you encountered?

We're running intrusion detection systems. Just before Christmas we spoke with the FDA on systems and what we do. Maybe because intrusion detection is not good enough, we have at the moment a very low number of attempted attacks-not aware of any successful attack. These breaches have all been passive insider threats. If you analyze the difficult IT threats, you can divide them into passive versus active.

I consider based on my own experience in IT, which now goes back 25 years, that by far the most dangerous threat is the active insider threat who you haven't promoted-a passive insider member of staff or insider getting code [or] information.


Brian T. Horowitz is a freelance technology and health writer as well as a copy editor. Brian has worked on the tech beat since 1996 and covered health care IT and rugged mobile computing for eWEEK since 2010. He has contributed to more than 20 publications, including Computer Shopper, Fast Company,, More, NYSE Magazine, Parents,, USA Weekend and, as well as other consumer and trade publications. Brian holds a B.A. from Hofstra University in New York.

Follow him on Twitter: @bthorowitz


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel