CCL Programs in Notepad++

This refers to Cerner CCL (Cerner Command Language), not to Sybase CCL (Continuous Computation Language).
CCL is a SQL-like language, fitting in the environment of Cerner healthcare solutions. If you're using CCL in Notepad++, you might be interested in Rob Holland's CCL plugin for Notepad++. I used for auto-completion of keywords and I adapted the syntax highlighting to my own usage. You can download my little updates if you wish.

Internet Quarantine: Where IT Differs From Healthcare

As Bruce Schneier goes on the subject of quarantining potential threats away from regular users of the Internet, I think it's interesting to point a big difference between IT diseases and human diseases: we have the code. We have the specifications for the computer.
For closed source, the software maker has the code, which means that diseases or weaknesses can be fixed with more efficiency than any human condition.
For opensource, it's even better: everyone has the code, which means that everyone can look for a solution to a problem.

That's not to say that every Internet user is a qualified-IT-physician, it's just to underline that comparing IT and healthcare may not be so promising. Compared to medicine, IT professionals can fix a problem in no time and no money. Although there are problems of copyright in IT, it's nothing compared to those in pharmaceutical industry. The whole plan of the human body and interactions is still to draw. And we can spoil many computers, hours of computing, lines of code, reboots, for research without an ethical problem.

ITsec in healthcare - ISO 27799

I recently ordered a copy of the ISO 27799 "Information security management in health using ISO/IEC 27002" because I was curious of the content and I applied to some positions in health organisms. I am fully happy with it and I'll tell you why: it's going further than the ISO 27001 and 27002 norms, but it's also giving examples and diagrams around these norms. So, I think it would be a good read even for someone outside the field of healthcare.

Let me summarize it my own way. The big parts I would make:

1. Introduction on healthcare
2. Lexicon of concepts around ITsec and around healthcare
3. What's specific in the ITsec of healthcare?
4. An action plan for an ISMS "How to be concrete [and successful] in ISO 27001?"
5. A review of ISO 27002 control points and what's specific for them in healthcare.

Once that little summary done, here are my reading notes on what's so specific about healthcare:

• Because hospitals and clinics are open places, because of mobility constraints, and because medical hardware is expensive, there is a high risk in threats related to physical security of the IS.
• There is a very low level of homogeneity both in hardware and in practices for using the hardware.
• There is a devoted and experienced staff, both in IT and in medics, making insider threats lower and making cooperation easier between IT and non-IT people.
• As a good health diagnosis includes various types of data about the patient, the databases about patients are huge and thus, an extremely valuable target.
• Because of the broad interdependency of functions, necessary for the good handling of health issues and making the IS and IT processes extremely complex, it's almost impossible to consider a security initiative on the whole of the IS at once. Or at least it's impossible to have it succeed.
• Thus, definition of good domains of application for a security initiative are needed. Examples are given of adequate sizes for domains of application:
  
• 2 or 3 remote sites
• 50 employees
• 10 processes
• Because of the importance of health itself and that of the public's opinion, cost in money of a project is rarely the first decision factor.

(I can't wait to get started.)