A GENERIC ARCHITECTURE FOR INSIDER MISUSE MONITORING IN IT SYSTEMS

Intrusion Detection Systems (IDS) have been widely deployed within many organisations' IT nenvorks to delect network penetration attacks by outsiders and privilege escalation attacks by insiders. However, traditional IDS are ineffective for detecting o f abuse o f legitimate privileges by authorised users within the organisation i.e. the detection of misfeasance. In essence insider IT abuse does not violate system level controls, yet violates acceptable usage policy, business controls, or code of conduct defined by the organisation. However, the acceptable usage policy can vary from one organisation to another, and the acceptability o f user activities can also change depending upon the user(s), application, machine, data, and other contextual conditions associated with the entities involved. The fact that the perpetrators are authorised users and that the insider misuse activities do not violate system level controls makes detection of insider abuse more complicated than detection o f attacks by outsiders. The overall aim o f the research is to determine novel methods by which monitoring and detection may be improved to enable successful detection of insider IT abuse. The discussion begins with a comprehensive investigation o f insider IT misuse, encompassing the breadth and scale of the problem. Consideration is then given to the sufficiency of existing safeguards, with the conclusion that they provide an inadequate basis for detecting many o f the problems. This finding is used as the justification for considering research into alternative approaches. The realisation of the research objective includes the development of a taxonomy for identification o f various levels within the system from which the relevant data associated with each type of misuse can be collected, and formulation of a checklist for identification of applications that requires misfeasor monitoring. Based upon this foundation a novel architecture for monitoring o f insider IT misuse, has been designed. The design offers new analysis procedures to be added, while providing methods to include relevant contextual parameters from dispersed systems for analysis and reference. The proposed system differs from existing IDS in the way that it focuses on detecting contextual misuse of authorised privileges and legitimate operations, rather than detecting exploitation o f network protocols and system level \ailnerabilities. The main concepts of the new architecture were validated through a proof-of-concept prototype system. A number o f case scenarios were used to demonstrate the validity of analysis procedures developed and how the contextual data from dispersed databases can be used for analysis of various types of insider activities. This helped prove that the existing detection technologies can be adopted for detection o f insider IT misuse, and that the research has thus provided valuable contribution to the domain

CONSIDERING THE PROBLEM OF INSIDER IT MISUSE

In recent years the Internet connection has become a frequent point of attack for most organisations. However, the loss due to insider misuse is far greater than the loss due to external abuse. This paper focuses on the problem of insider misuse, the scale of it, and how it has effected the organisations. The paper also discusses why access controls alone cannot be used to address the problem, and proceeds to consider how techniques currently associated with Intrusion Detection Systems can potentially be applied for insider misuse detection. General guidelines for countermeasures against insider misuse are also provided to protect data and systems

Evaluation of Simplified HCV Diagnostics in HIV/HCV Co-Infected Patients in Myanmar

To evaluate a decentralised testing model and simplified treatment protocol of hepatitis C virus (HCV) infection to facilitate treatment scale-up in Myanmar, this prospective, observational study recruited HIV–HCV co-infected outpatients receiving sofosbuvir/daclatasvir in Yangon, Myanmar. The study examined the outcomes and factors associated with a sustained virological response (SVR). A decentralised “hub-and-spoke” testing model was evaluated where fingerstick capillary specimens were transported by taxi and processed centrally. The performance of the Xpert HCV VL Fingerstick Assay in detecting HCV RNA was compared to the local standard of care ( plasma HCV RNA collected by venepuncture). Between January 2019 and February 2020, 162 HCV RNA-positive individuals were identified; 154/162 (95%) initiated treatment, and 128/154 (84%) returned for their SVR12 visit. A SVR was achieved in 119/154 (77%) participants in the intent-to-treat population and 119/128 (93%) participants in the modified-intent-to-treat population. Individuals receiving an antiretroviral therapy were more likely to achieve a SVR (with an odds ratio (OR) of 7.16, 95% CI 1.03–49.50), while those with cirrhosis were less likely (OR: 0.26, 95% CI 0.07–0.88). The sensitivity of the Xpert HCV VL Fingerstick Assay was 99.4% (95% CI 96.7–100.0), and the specificity was 99.2% (95% CI 95.9–99.9). A simplified treatment protocol using a hub-and-spoke testing model of fingerstick capillary specimens can achieve an SVR rate in LMIC comparable to well-resourced high-income settings

Adverse Drug Reactions in Selected Wards of the Yangon General Hospital and Yangon Specialty Hospital During the First Quarter of 2019 : An Active Pharmacovigilance Study in Myanmar

Previous studies in Europe and the USA have reported a high prevalence of adverse drug reactions (ADRs), but data on local ADRs in Myanmar are sparse. Our objective was to study ADRs in patients admitted to selected wards of Yangon General Hospital (YGH) and Yangon Specialty Hospital (YSH), Myanmar. This was a prospective observational study in three hospital wards during the first quarter of 2019. Suspected ADRs were carefully investigated in a face-to-face interview with each patient and via review of clinical records. Patients transferred to other wards or discharged were followed-up by the researchers until day 28 after admission. ADRs were divided into those that (1) led to the admission and (2) occurred during the hospital stay or after discharge (up to day 28 after admission). A total of 65 ADRs were identified, with 47 (29.4%) of 160 patients experiencing at least one ADR. Among these, 16 (24.6%) had led to hospital admission and 49 (75.4%) occurred in 31 patients during their hospital stay. Of 160 patients, 21 had taken at least one herbal remedy and six of these developed an ADR. Five ADR-drug associations (hypokalaemia with methylprednisolone, increased transaminase levels with standard antituberculosis drugs, upper gastrointestinal bleeding with nonsteroidal anti-inflammatory drugs, constipation with tramadol, and increased transaminase levels with herbal remedies) represented 18 (27.7%) of the 65 ADRs in this study. According to the Schumock and Thornton preventability scale, more than half of these ADRs (35 [53.9%]) were preventable. The present study highlights the existence of ADRs among patients attending these hospitals. The implementation of active pharmacovigilance in hospitals could be a helpful first step to improving the awareness of unwanted effects of medicines and patient safety, as well as a way to strengthen the national pharmacovigilance system in countries such as Myanmar. The online version of this article (10.1007/s40801-020-00180-0) contains supplementary material, which is available to authorized users

Enhancing respiratory disease surveillance to detect COVID-19 in shelters for displaced persons, Thailand–Myanmar border, 2020–2021

We developed surveillance guidance for COVID-19 in 9 temporary camps for displaced persons along the Thailand-Myanmar border. Arrangements were made for testing of persons presenting with acute respiratory infection, influenza-like illness, or who met the Thailand national COVID-19 Person Under Investigation case definition. In addition, testing was performed for persons who had traveled outside of the camps in outbreak-affected areas or who departed Thailand as resettling refugees. During the first 18 months of surveillance, May 2020-October 2021, a total of 6,190 specimens were tested, and 15 outbreaks (i.e., >1 confirmed COVID-19 cases) were detected in 7 camps. Of those, 5 outbreaks were limited to a single case. Outbreaks during the Delta variant surge were particularly challenging to control. Adapting and implementing COVID-19 surveillance measures in the camp setting were successful in detecting COVID-19 outbreaks and preventing widespread disease during the initial phase of the pandemic in Thailand