Tietoturvainformaation ja -tapahtumien hallinta PCI DSS -standardissa

Työn keskeisimpänä tavoitteena on tutkia SIEM-järjestelmien (Security Information and Event Management) käyttömahdollisuuksia PCI DSS -standardissa (Payment Card IndustryData Security Standard) lähtökohtaisesti ratkaisutoimittajan näkökulmasta. Työ on tehty Cygate Oy:ssä. SIEM on uusi tietoturvan ratkaisualue, jonka käyttöönottoa vauhdittavat erilaiset viralliset sääntelyt kuten luottokorttiyhtiöiden asettama PCI DSS -standardi. SIEM-järjestelmien avulla organisaatiot pystyvät keräämään valmistajariippumattomasti verkon systeemikomponenteista tapahtumatietoja, joiden avulla pystytään näkemään keskitetysti, mitä verkossa on tapahtunut. SIEM:ssa käsitellään sekä historiapohjaisia että reaaliaikaisia tapahtumia ja se toimii organisaatioiden keskitettynä tietoturvaprosessia tukevana hallintatyökaluna. PCI DSS -standardi on hyvin yksityiskohtainen ja sen vaatimusten täyttäminen ei ole yksinkertaista. Vaatimuksenmukaisuutta ei saavuteta hetkessä, vaan siihen liittyvä projekti voi kestää viikoista kuukausiin. Standardin yksi haasteellisimmista asioista on keskitetty lokien hallinta. Maksukorttitietoja käsittelevien ja välittävien organisaatioiden on kerättävä kaikki audit-lokit eri järjestelmistä, jotta maksukorttitietojen käyttöä pystytään luottamuksellisesti seuraamaan. Standardin mukaan organisaatioiden tulee käyttää myös tunkeutumisen ja haavoittuvuuksien havainnointijärjestelmiä mahdollisten tietomurtojen havaitsemiseksi ja estämiseksi. SIEM-järjestelmän avulla saadaan täytettyä PCI DSS -standardin vaativimpia lokien hallintaan liittyviä vaatimuksia ja se tuo samallamonia yksityiskohtaisia parannuksia tukemaan muita standardin vaatimuskohtia. Siitä voi olla hyötyä mm. tunkeutumisen ja haavoittuvuuksien havainnoinnissa. SIEM-järjestelmän hyödyntäminen standardin apuna on kuitenkin erittäin haasteellista. Käyttöönotto vaatii tarkkaa etukäteissuunnittelua ja kokonaisuuksien ymmärtämistä niin ratkaisutoimittajan kuin ratkaisun käyttöönottajan puolelta.

PCI DSS -standardi ja sen vaatimukset kortinhaltijoiden tietojen suojaamiselle

Payment Card Industry Data Security Standard (PCI DSS) on korttiyhtiöiden kehittämä kansainvälinen tietoturvastandardi, jonka tarkoituksena on parantaa kortinhaltijoiden tietoja käsittelevien järjestelmien tietoturvaa. Standardissa määritellään vaatimukset tietojen turvalliselle tallennukselle ja käsittelylle, testaus- ja tarkastusmenetelmät sekä tarkastusvaatimukset ja tarkastuksia suorittavien tahojen sertifiointi. Standardi koskee kaikkia standardin hyväksyneiden maksukorttiyhtiöiden korttitietoja käsitteleviä tahoja. Standardin ylläpitämisestä ja kehittämisestä vastaa maksukorttiyhtiöiden perustama PCI Security Standards Council -toimielin. Syyskuussa 2006 toimielin julkaisi standardista version 1.1, joka on edelleen viimeisin versio. Tässä diplomityössä selvitettiin PCI DSS -standardin asettamat vaatimukset kortinhaltijoiden tietoja käsitteleville tahoille. Lisäksi tutkittiin mahdollisuuksia toteuttaa yksi standardin vaatimuksista, kortinhaltijoiden tietojen suojaaminen, esimerkkijärjestelmässä. Kyseinen järjestelmä on kehitetty IBM System i -palvelinympäristöön käyttäen RPG-ohjelmointikieltä.

Information security value in e-entrepreneurship

This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the benefits of information security standards in e-entrepreneurship. It details and discusses the ISO 27001 and PCI-DSS information security standards that can be used to differentiate security initiatives to achieve competitive advantage, while preserving information leadership as a critical resource for online business success. Based on the literature review, a theoretical research model is presented and research hypotheses are discussed. This model believes that information security affects information leadership and that information leadership, as a unique resource in e-business, contributes to e-entrepreneurship success. The adoption of information security standards affects customer’s trust in e-business, which also benefits e-entrepreneurial strategy.

Auditoría de sistemas al cumplimiento de los requerimientos 7, 8, 9 de la norma PCIDSS aplicada a Coral Hipermercado, Racar plaza con corte a Junio de 2015

Coral Hipermercado GO es una empresa dedicada a la comercialización de diversos productos de consumo masivo. Debido a la demanda que mantienen y el nivel de transacciones que realizan en ventas diariamente, PCI DSS. De esta manera, el servicio que brindan a los tarjetahabientes a más de ser mejorado, sea seguro en todas sus instancias. A través de nuestra investigación se obtuvo conocimiento de que la empresa Coral Hipermercado GO no ha realizado anteriormente una auditoria de la Normativa PCI DSS, por lo que la implementación de la Normativa podría no ser completa o apropiada, las políticas de la empresa pueden no contener los procesos y procedimientos que se deben llevar a cabo, haciendo que la seguridad de accesos a los datos de los titulares de tarjetas se vean vulnerables, de igual manera el manejo de las autenticaciones y la infraestructura de la seguridad física, misma que permite el resguardo de los equipos y por ende de la información. Se observó en la auditoría realizada a los requerimientos 7, 8, 9 de la Normativa PCI DSS que la misma no ha sido socializada en su totalidad, existen falencias en su implementación ya que el uso de las autenticaciones, accesos a los datos y seguridad física no son correctos, viéndose expuesta la información de los datos de los titulares de tarjetas de pago y la posibilidad de incurrir en pérdidas debido a probables actos maliciosos que se podrían encontrar expuestos en un futuro. Es imperativo mencionar que la norma ayudara al cumplimiento de los objetivos siempre y cuando se logren disminuir las falencias de su implementación o caso contrario se procederá a dar las recomendaciones necesarias respecto a los problemas encontrados para posteriores correcciones de forma que se mejore la gestión de la empresa.

Rehabilitation outcomes following percutaneous coronary interventions (PCI)

This prospective study evaluated the effect of an individualized, comprehensive, home-based cardiac rehabilitation program combining exercise training with risk factor modification and psychosocial counseling on risk factors, psychological wellbeing, functional capacity, and work resumption in 99 post-percutaneous coronary interventions (PCI) patients randomized to control (standard care plus telephone follow-up, n = 49) or intervention (individualized, comprehensive, home-based cardiac rehabilitation, n = 50) groups. Data were collected at time 1 (T-1) during hospital admission, time 2 (T-2) approximately 2 months post-PCI, and time 3 (T-3) approximately 12 months post-PCI. Results suggest that the allocation to an individualized, comprehensive, home-based cardiac rehabilitation program provided more advantageous outcomes. At both follow-ups, the intervention group showed within-group improvement in serum cholesterol levels (P < 0.02; P < 0.01) and exercise participation (P < 0.001; P < 0.001) with differences in exercise participation favoring the intervention group (P < 0.01) at T-2 Repeated measures ANOVA showed significant improvements over time in body mass index (BMI) (P < 0.01), psychological well-being (P < 0.001), and functional capacity (P < 0.001) for both groups. More patients in the intervention group had returned to work at T-2 (P < 0.001) and did so more quickly (P < 0.01). These findings suggest that an individualized, comprehensive, home-based cardiac rehabilitation program improves risk factor profiles and work resumption patterns for patients following PCI. (C) 2001 Elsevier Science Ireland Ltd. All rights reserved.

Verstärkung der suppressiven Eigenschaften von regulatorischen T-Zellen durch den Alanyl-Aminopeptidase-Inhibitor Phebestin in vitro sowie im DSS-Colitis Modell in vivo

Regulatorische T-Zellen; Treg; Colitis ulcerosa; DSS; CED; APN; Phebestin

Colitis induced in mice with dextran sulfate sodium (DSS) is mediated by the NLRP3 inflammasome.

BACKGROUND: The proinflammatory cytokines interleukin 1beta (IL-1beta) and IL-18 are central players in the pathogenesis of inflammatory bowel disease (IBD). In response to a variety of microbial components and crystalline substances, both cytokines are processed via the caspase-1-activating multiprotein complex, the NLRP3 inflammasome. Here, the role of the NLRP3 inflammasome in experimental colitis induced by dextran sodium sulfate (DSS) was examined. METHODS: IL-1beta production in response to DSS was studied in macrophages of wild-type, caspase-1(-/-), NLRP3(-/-), ASC(-/-), cathepsin B(-/-) or cathepsin L(-/-) mice. Colitis was induced in C57BL/6 and NLRP3(-/-) mice by oral DSS administration. A clinical disease activity score was evaluated daily. Histological colitis severity and expression of cytokines were determined in colonic tissue. RESULTS: Macrophages incubated with DSS in vitro secreted high levels of IL-1beta in a caspase-1-dependent manner. IL-1beta secretion was abrogated in macrophages lacking NLRP3, ASC or caspase-1, indicating that DSS activates caspase-1 via the NLRP3 inflammasome. Moreover, IL-1beta secretion was dependent on phagocytosis, lysosomal maturation, cathepsin B and L, and reactive oxygen species (ROS). After oral administration of DSS, NLRP3(-/-) mice developed a less severe colitis than wild-type mice and produced lower levels of proinflammatory cytokines in colonic tissue. Pharmacological inhibition of caspase-1 with pralnacasan achieved a level of mucosal protection comparable with NLRP3 deficiency. CONCLUSIONS: The NLRP3 inflammasome was identified as a critical mechanism of intestinal inflammation in the DSS colitis model. The NLRP3 inflammasome may serve as a potential target for the development of novel therapeutics for patients with IBD.

SwissDock, a protein-small molecule docking web service based on EADock DSS.

Most life science processes involve, at the atomic scale, recognition between two molecules. The prediction of such interactions at the molecular level, by so-called docking software, is a non-trivial task. Docking programs have a wide range of applications ranging from protein engineering to drug design. This article presents SwissDock, a web server dedicated to the docking of small molecules on target proteins. It is based on the EADock DSS engine, combined with setup scripts for curating common problems and for preparing both the target protein and the ligand input files. An efficient Ajax/HTML interface was designed and implemented so that scientists can easily submit dockings and retrieve the predicted complexes. For automated docking tasks, a programmatic SOAP interface has been set up and template programs can be downloaded in Perl, Python and PHP. The web site also provides an access to a database of manually curated complexes, based on the Ligand Protein Database. A wiki and a forum are available to the community to promote interactions between users. The SwissDock web site is available online at http://www.swissdock.ch. We believe it constitutes a step toward generalizing the use of docking tools beyond the traditional molecular modeling community.

The SYNTAX score predicts early mortality risk in the elderly with acute coronary syndrome having primary PCI.

BACKGROUND: The SYNTAX score (SXscore), an angiographic score reflecting coronary lesion complexity, predicts clinical outcomes in patients with left main or multivessel disease, and in patients with ST-segment elevation myocardial infarction undergoing primary PCI. The clinical SXscore (CSS) integrates the SXscore and clinical variables (age, ejection fraction, serum creatinine) into a single score. We analyzed these scores in elderly patients with acute coronary syndrome (ACS) undergoing primary PCI. The purpose of this analysis was not to decide which patients should undergo PCI, but to predict clinical outcomes in this population. METHODS: The SXscore was determined in a consecutive series of 114 elderly patients (mean age, 79.6 ± 4.1 years) undergoing primary PCI for ACS. Outcomes were stratified according to SXscore tertiles: SXLOW ≤15 (n = 39), 15< SXMID <23 (n = 40), and SXHIGH ≥23 (n = 35). The primary endpoint was all-cause mortality at 30 days. Secondary endpoints were nonfatal major adverse cardiac and cerebrovascular events (MACCE) at 30 days, and 1-year outcomes in patients discharged alive. RESULTS: Mortality at 30 days was higher in the SXHIGH group compared with the aggregate SXLOW+MID group (37.1% vs 5.1%; P<.0001), and in the CSSHIGH group compared with the aggregate CSSLOW+MID group (25.5% vs 1.4%; P=.0001). MACCE rates at 30 days were similar among SXscore tertiles. The CSS predicted 1-year MACCE rates (12.1% for CSSHIGH vs 3.1% for CSSLOW+MID; P=.03). CONCLUSIONS: The SXscore predicts 30-day mortality in elderly patients with ACS undergoing primary PCI. In patients discharged alive, the CSS predicts risk of MACCE at 1 year.

Fast docking using the CHARMM force field with EADock DSS.

The prediction of binding modes (BMs) occurring between a small molecule and a target protein of biological interest has become of great importance for drug development. The overwhelming diversity of needs leaves room for docking approaches addressing specific problems. Nowadays, the universe of docking software ranges from fast and user friendly programs to algorithmically flexible and accurate approaches. EADock2 is an example of the latter. Its multiobjective scoring function was designed around the CHARMM22 force field and the FACTS solvation model. However, the major drawback of such a software design lies in its computational cost. EADock dihedral space sampling (DSS) is built on the most efficient features of EADock2, namely its hybrid sampling engine and multiobjective scoring function. Its performance is equivalent to that of EADock2 for drug-like ligands, while the CPU time required has been reduced by several orders of magnitude. This huge improvement was achieved through a combination of several innovative features including an automatic bias of the sampling toward putative binding sites, and a very efficient tree-based DSS algorithm. When the top-scoring prediction is considered, 57% of BMs of a test set of 251 complexes were reproduced within 2 Å RMSD to the crystal structure. Up to 70% were reproduced when considering the five top scoring predictions. The success rate is lower in cross-docking assays but remains comparable with that of the latest version of AutoDock that accounts for the protein flexibility. © 2011 Wiley Periodicals, Inc. J Comput Chem, 2011.

Effects of an interleukin-15 antagonist on systemic and skeletal alterations in mice with DSS-induced colitis.

Inflammatory bowel diseases are commonly complicated by weight and bone loss. We hypothesized that IL-15, a pro-inflammatory cytokine expressed in colitis and an osteoclastogenic factor, could play a central role in systemic and skeletal complications of inflammatory bowel diseases. We evaluated the effects of an IL-15 antagonist, CRB-15, in mice with chronic colitis induced by oral 2% dextran sulfate sodium for 1 week, followed by another 1% for 2 weeks. During the last 2 weeks, mice were treated daily with CRB-15 or an IgG2a control antibody. Intestinal inflammation, disease severity, and bone parameters were evaluated at days 14 and 21. CRB-15 improved survival, early weight loss, and colitis clinical score, although colon damage and inflammation were prevented in only half the survivors. CRB-15 also delayed loss of femur bone mineral density and trabecular microarchitecture. Bone loss was characterized by decreased bone formation, but increased bone marrow osteoclast progenitors and osteoclast numbers on bone surfaces. CRB-15 prevented the suppression of osteoblastic markers of bone formation, and reduced osteoclast progenitors at day 14, but not later. However, by day 21, CRB-15 decreased tumor necrosis factor α and increased IL-10 expression in bone, paralleling a reduction of osteoclasts. These results delineate the role of IL-15 on the systemic and skeletal manifestations of chronic colitis and provide a proof-of-concept for future therapeutic developments.

Pavement Management Performance Modeling: Evaluating the Existing PCI Equations, RB14-013 2014

The work described in this report documents the activities performed for the evaluation, development, and enhancement of the Iowa Department of Transportation (DOT) pavement condition information as part of their pavement management system operation. The study covers all of the Iowa DOT’s interstate and primary National Highway System (NHS) and non-NHS system. A new pavement condition rating system that provides a consistent, unified approach in rating pavements in Iowa is being proposed. The proposed 100-scale system is based on five individual indices derived from specific distress data and pavement properties, and an overall pavement condition index, PCI-2, that combines individual indices using weighting factors. The different indices cover cracking, ride, rutting, faulting, and friction. The Cracking Index is formed by combining cracking data (transverse, longitudinal, wheel-path, and alligator cracking indices). Ride, rutting, and faulting indices utilize the International Roughness Index (IRI), rut depth, and fault height, respectively.