An assurance-based model to holistically assess the information security posture

EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.

Inhibition of mouse mammary tumor virus-induced T cell responses in vivo by antibodies to an open reading frame protein.

Minor lymphocyte stimulating (Mls) antigens specifically stimulate T cell responses that are restricted to particular T cell receptor (TCR) beta chain variable domains. The Mls phenotype is genetically controlled by an open reading frame (orf) located in the 3' long terminal repeat of mouse mammary tumor virus (MMTV); however, the mechanism of action of the orf gene product is unknown. Whereas predicted orf amino acid sequences show strong overall homology, the 20-30 COOH-terminal residues are strikingly polymorphic. This polymorphic region correlates with TCR V beta specificity. We have generated monoclonal antibodies to a synthetic peptide encompassing the 19 COOH-terminal amino acid residues of Mtv-7 orf, which encodes the Mls-1a determinant. We show here that these antibodies block Mls responses in vitro and can interfere specifically with thymic clonal deletion of Mls-1a reactive V beta 6+ T cells in neonatal mice. Furthermore, the antibodies can inhibit V beta 6+ T cell responses in vivo to an infectious MMTV that shares orf sequence homology and TCR specificity with Mtv-7. These results confirm the predicted extracellular localization of the orf COOH terminus and imply that the orf proteins of both endogenous and exogenous MMTV interact directly with TCR V beta.

The connectome mapper: an open-source processing pipeline to map connectomes with MRI.

Researchers working in the field of global connectivity analysis using diffusion magnetic resonance imaging (MRI) can count on a wide selection of software packages for processing their data, with methods ranging from the reconstruction of the local intra-voxel axonal structure to the estimation of the trajectories of the underlying fibre tracts. However, each package is generally task-specific and uses its own conventions and file formats. In this article we present the Connectome Mapper, a software pipeline aimed at helping researchers through the tedious process of organising, processing and analysing diffusion MRI data to perform global brain connectivity analyses. Our pipeline is written in Python and is freely available as open-source at www.cmtk.org.

Treatment of hepatitis C in HCV mono-infected and in HIV-HCV co-infected patients: an open-labelled comparison study.

BACKGROUND/AIMS: Treatment of chronic HCV infection has become a priority in HIV+ patients, given the faster progression to end-stage liver disease. The primary endpoint of this study was to evaluate and compare antiviral efficacy of Peginterferon alpha 2a plus ribavirin in HIV-HCV co-infected and HCV mono-infected patients, and to examine whether 6 months of therapy would have the same efficacy in HIV patients with favourable genotypes 2 and 3 as in mono-infected patients, to minimise HCV-therapy-related toxicities. Secondary endpoints were to evaluate predictors of sustained virological response (SVR) and frequency of side-effects. METHODS: Patients with genotypes 1 and 4 were treated for 48 weeks with Pegasys 180 microg/week plus Copegus 1000-1200 mg/day according to body weight; patients with genotypes 2 and 3 for 24 weeks with Pegasys 180 microg/week plus Copegus 800 mg/day. RESULTS: 132 patients were enrolled in the study: 85 HCV mono-infected (38: genotypes 1 and 4; 47: genotypes 2 and 3), 47 HIV-HCV co-infected patients (23: genotypes 1 and 4; 24: genotypes 2 and 3). In an intention-to-treat analysis, SVR for genotypes 1 and 4 was observed in 58% of HCV mono-infected and in 13% of HIV-HCV co-infected patients (P = 0.001). For genotypes 2 and 3, SVR was observed in 70% of HCV mono-infected and in 67% of HIV-HCV co-infected patients (P = 0.973). Undetectable HCV-RNA at week 4 had a positive predictive value for SVR for mono-infected patients with genotypes 1 and 4 of 0.78 (95% CI: 0.54-0.93) and of 0.81 (95% CI: 0.64-0.92) for genotypes 2 and 3. For co-infected patients with genotypes 2 and 3, the positive predictive value of SVR of undetectable HCV-RNA at week 4 was 0.76 (95%CI, 0.50-0.93). Study not completed by 22 patients (36%): genotypes 1 and 4 and by 12 patients (17%): genotypes 2 and 3. CONCLUSION: Genotypes 2 or 3 predict the likelihood of SVR in HCV mono-infected and in HIV-HCV co-infected patients. A 6-month treatment with Peginterferon alpha 2a plus ribavirin has the same efficacy in HIV-HCV co-infected patients with genotypes 2 and 3 as in mono-infected patients. HCV-RNA negativity at 4 weeks has a positive predictive value for SVR. Aggressive treatment of adverse effects to avoid dose reduction, consent withdrawal or drop-out is crucial to increase the rate of SVR, especially when duration of treatment is 48 weeks. Sixty-one percent of HIV-HCV co-infected patients with genotypes 1 and 4 did not complete the study against 4% with genotypes 2 and 3.

Rituximab treatment in Myasthenia gravis: an open-label trial

Myasthenia gravis (MG), an antibody (AB)-mediated autoimmune disorder, responds to treatments targeting the humoral response such as intravenous immunoglobulines (IVIG) and plasma exchange treatments (PEX). Rituximab (RTX), a monoclonal anti-CD20 AB that depletes the specific B lymphocyte population should be efficient and is being used for resistant MG patients in small cohorts. Objectives: This is an observational prospective study that aims to determine the efficacy of RTX in MG, the duration of the clinical effect after treatment and the possible sparing effect on other immunosuppressive drugs.Methods: Between January 2009 and December 2010, 8 MG (2 with anti-MUSK AB) patients (62.5% female) with mean age of 41 years (range 24-79 yo), were treated by RTX. The patients treated were those who experienced serious side-effects and/or treatment failure. In three cases the criteria for treatment was the need to spare frequent recurrent plasmapheresis or IGIV treatment. We compared the functional tests before and prospectively after the treatment (schema used for one cure: 2 9 1gr within 15 days interval), the duration of the efficiency (follow-up of 4-24 months) and we repeated the cures based on clinical criteria.Results: Two patients (25%) underwent 3 RTX cures, 2 (25%) underwent 2 cures and the others (50%) one cure. No adverse events were observed. Six patients (75%) showed a clinical response with improvement of the functional scores and reduction of the concomitant immunosuppressive treatments (75% for prednisone, 35% for other immunosuppressive drugs) that persists over a period of 4-9 months. Follow-up of clinical state and lymphocyte count showed an inverse correlation between the CD 19 count and the clinical state of the patients.Conclusion: In this small series of patients RTX treatment shows significant improvement of clinical state of MG refractory to conventional treatment patients, without side-effects reported, even in patients that were retreated. Larger studies should be held to determine if RTX could be an alternative to plasmapheresis and IVIG as second-line treatment in MG.

Vemurafenib in patients with BRAF(V600) mutation-positive melanoma with symptomatic brain metastases: final results of an open-label pilot study.

BACKGROUND & AIM: Brain metastases are frequent in patients with metastatic melanoma, indicating poor prognosis. We investigated the BRAF kinase inhibitor vemurafenib in patients with advanced melanoma with symptomatic brain metastases. METHODS: This open-label trial assessed vemurafenib (960mg twice a day) in patients with BRAF(V600) mutation-positive metastatic melanoma with non-resectable, previously treated brain metastases. The primary end-point was safety. Secondary end-points included best overall response rate, and progression-free and overall survival. RESULTS: Twenty-four patients received vemurafenib for a median treatment duration of 3.8 (0.1-11.3) months. The majority of discontinuations were due to disease progression (n=22). Twenty-three of 24 patients reported at least one adverse event (AE). Grade 3 AEs were reported in four (17%; 95% confidence interval [CI], 4.7-37.4%) patients and included cutaneous squamous cell carcinoma in four patients. Median progression-free survival was 3.9 (95% CI, 3.0-5.5) months, and median survival was 5.3 (95% CI, 3.9-6.6) months. An overall partial response (PR) at both intracranial and extracranial sites was achieved in 10 of 24 (42%; 95% CI, 22.1-63.4) evaluable patients, with stable disease in nine (38%; 95% CI, 18.8-59.4) patients. Of 19 patients with measurable intracranial disease, seven (37%) achieved >30% intracranial tumour regression, and three (16%; 95% CI, 3.4-39.6%) achieved a confirmed PR. Other signs of improvement included reduced need for corticosteroids and enhanced performance status. CONCLUSIONS: Vemurafenib can be safely used in patients with advanced symptomatic melanoma that has metastasised to the brain and can result in meaningful tumour regression.

Concomitant chemoradiotherapy versus acceleration of radiotherapy with or without concomitant chemotherapy in locally advanced head and neck carcinoma (GORTEC 99-02): an open-label phase 3 randomised trial.

BACKGROUND: Concomitant chemoradiotherapy and accelerated radiotherapy independently improve outcomes for patients with locally advanced head and neck squamous-cell carcinoma (HNSCC). We aimed to assess the efficacy and safety of a combination of these approaches. METHODS: In our open-label phase 3 randomised trial, we enrolled patients with locally advanced, stage III and IV (non-metastatic) HNSCC and an Eastern Cooperative Oncology Group performance status of 0-2. We randomly allocated patients centrally with a computer program (with centre, T stage, N stage, and localisation as minimisation factors) in a 1:1:1 ratio to receive conventional chemoradiotherapy (70 Gy in 7 weeks plus three cycles of 4 days' concomitant carboplatin-fluorouracil), accelerated radiotherapy-chemotherapy (70 Gy in 6 weeks plus two cycles of 5 days' concomitant carboplatin-fluorouracil), or very accelerated radiotherapy alone (64·8 Gy [1·8 Gy twice daily] in 3·5 weeks). The primary endpoint, progression-free survival (PFS), was assessed in all enrolled patients. This trial is completed. The trial is registered with ClinicalTrials.gov, number NCT00828386. FINDINGS: Between Feb 29, 2000, and May 9, 2007, we randomly allocated 279 patients to receive conventional chemoradiotherapy, 280 to accelerated radiotherapy-chemotherapy, and 281 to very accelerated radiotherapy. Median follow-up was 5·2 years (IQR 4·9-6·2); rates of chemotherapy and radiotherapy compliance were good in all groups. Accelerated radiotherapy-chemotherapy offered no PFS benefit compared with conventional chemoradiotherapy (HR 1·02, 95% CI 0·84-1·23; p=0·88) or very accelerated radiotherapy (0·83, 0·69-1·01; p=0·060); conventional chemoradiotherapy improved PFS compared with very accelerated radiotherapy (0·82, 0·67-0·99; p=0·041). 3-year PFS was 37·6% (95% CI 32·1-43·4) after conventional chemoradiotherapy, 34·1% (28·7-39·8) after accelerated radiotherapy-chemotherapy, and 32·2% (27·0-37·9) after very accelerated radiotherapy. More patients in the very accelerated radiotherapy group had RTOG grade 3-4 acute mucosal toxicity (226 [84%] of 268 patients) compared with accelerated radiotherapy-chemotherapy (205 [76%] of 271 patients) or conventional chemoradiotherapy (180 [69%] of 262; p=0·0001). 158 (60%) of 265 patients in the conventional chemoradiotherapy group, 176 (64%) of 276 patients in the accelerated radiotherapy-chemotherapy group, and 190 (70%) of 272 patients in the very accelerated radiotherapy group were intubated with feeding tubes during treatment (p=0·045). INTERPRETATION: Chemotherapy has a substantial treatment effect given concomitantly with radiotherapy and acceleration of radiotherapy cannot compensate for the absence of chemotherapy. We noted the most favourable outcomes for conventional chemoradiotherapy, suggesting that acceleration of radiotherapy is probably not beneficial in concomitant chemoradiotherapy schedules. FUNDING: French Ministry of Health.

Preimplantation genetic diagnosis (PGD) for HLA typing: bases for setting up an open international collaboration when PGD is not available.

In severe forms of Diamond-Blackfan anemia, preimplantation genetic diagnosis (PGD) of histocompatibility leukocyte antigen-compatible embryos for enabling the next sibling in the family to be a stem-cell transplantation donor constitutes the sole lasting cure capable of terminating the enduring need for iterative transfusions. We report here an open collaboration between two renowned institutions to provide a family desiring this treatment even though they resided where the preimplantation genetic diagnosis procedure is banned.

The connectome viewer toolkit: an open source framework to manage, analyze, and visualize connectomes.

Advanced neuroinformatics tools are required for methods of connectome mapping, analysis, and visualization. The inherent multi-modality of connectome datasets poses new challenges for data organization, integration, and sharing. We have designed and implemented the Connectome Viewer Toolkit - a set of free and extensible open source neuroimaging tools written in Python. The key components of the toolkit are as follows: (1) The Connectome File Format is an XML-based container format to standardize multi-modal data integration and structured metadata annotation. (2) The Connectome File Format Library enables management and sharing of connectome files. (3) The Connectome Viewer is an integrated research and development environment for visualization and analysis of multi-modal connectome data. The Connectome Viewer's plugin architecture supports extensions with network analysis packages and an interactive scripting shell, to enable easy development and community contributions. Integration with tools from the scientific Python community allows the leveraging of numerous existing libraries for powerful connectome data mining, exploration, and comparison. We demonstrate the applicability of the Connectome Viewer Toolkit using Diffusion MRI datasets processed by the Connectome Mapper. The Connectome Viewer Toolkit is available from http://www.cmtk.org/

Cost Analysis of Long-Term Treatment of Patients with Symptomatic Gastroesophageal Reflux Disease (GERD) with Esomeprazole On-Demand Treatment or Esomeprazole Continuous Treatment: An Open, Randomized, Multicenter Study in Switzerland.

Objectives: To assess the difference in direct medical costs between on-demand (OD) treatment with esomeprazole (E) 20 mg and continuous (C) treatment with E 20 mg q.d. from a clinical practice view in patients with gastroesophageal reflux disease (GERD) symptoms. Methods: This open, randomized study (ONE: on-demand Nexium evaluation) compared two long-term management options with E 20 mg in endoscopically uninvestigated patients seeking primary care for GERD symptoms who demonstrated complete relief of symptoms after an initial treatment of 4 weeks with E 40 mg. Data on consumed quantities of all cost items were collected in the study, while data on prices during the time of study were collected separately. The analysis was done from a societal perspective. Results: Forty-nine percent (484 of 991) of patients randomized to the OD regimen and 46% (420 of 913) of the patients in the C group had at least one contact with the investigator that would have occurred nonprotocol-driven. The difference of the adjusted mean direct medical costs between the treatment groups was CHF 88.72 (95% confidence interval: CHF 41.34-153.95) in favor of the OD treatment strategy (Wilcoxon rank-sum test: P < 0.0001). Adjusted direct nonmedical costs and productivity loss were similar in both groups. Conclusions: The adjusted direct medical costs of a 6-month OD treatment with esomeprazole 20 mg in uninvestigated patients with symptoms of GERD were significantly lower compared with a continuous treatment with E 20 mg once a day. The OD therapy represents a cost-saving alternative to the continuous treatment strategy with E.