Monday, November 26, 2012

Password Safety

A November 7 article by Nicole Perlroth  in the New York Times (http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html?pagewanted=all) provides a bit of a scarifying amount of information about how easy it is these days to obtain passwords used to access private information on the internet. Every day we are bombarded with emails that come from addresses that look suspiciously like someone we know and trust, and often we get emails that seem benign but contain attachments that we may slip and open. All it takes is one lapse of attention and you can lose your password protection to sites where such information is sold for about $20 a pop. And you may not be aware that there are programs specifically designed to crack passwords- a notable one is known as John the Ripper. My guess is that you have likely chose a relatively simple password that you can easily remember, and you use that same password as a gateway to more than one protected site. This makes it likely that at some point in your life you will get hacked. I have, and it’s a pain- I had to change my aol account password as a result, and I had to cancel a credit card, take care of the bills that had been improperly charged to it, and ensure that my credit was not affected.

Ms. Perlroth suggests you use the following strategies for finding new passwords.
Forget the dictionary: don’t use any word that someone could find in a dictionary, since that is often what is first tested by hackers. Don’t even use words where you just change a letter or two. I can tell you that my passwords use a combination of random letters, numbers and grammatical signifiers such as exclamation points.

Don’t use the same password twice: obviously. If a hacker finds it, they get access to all your accounts.
Come up with a passphrase: not a word. Make your passphrase 14 letters or longer, since this added complexity makes it harder to crack. And use one that you will remember, like a phrase from a movie or book.

Randomize: you could just hit the keyboard randomly, throwing in the shift and alt keys as well, and then store the password on an encrypted text file that you put on a flash drive so it is not on your main computer.

Store the password securely: get it off your main computer, and get it onto a flash drive (see above). And do not let the computer store this information so it automatically will enter the information as you log in; some hackers use keystroke logging software to follow your keystrokes.
Consider a password manager: there are password protection software that can store your information in one place. An example is LastPass

Ignore the security questions: because some of this information (i.e. what high school did you go to?) can be easily found on the net. Consider using an answer that makes no sense, i.e. if asked what your favorite color is, you could provide the answer “what is your favorite movie?”
Use different browsers: use several browsers for different activities. This would let you use the second browser to shut down bad activity arising on the first. Studies have shown that Chrome is the browser least often attacked.

These are all good ideas we should consider. Safety first, always!

Monday, November 19, 2012

Thanksgiving

This week is our Thanskgiving break. And while it can never be said enough, I am thankful for all that each one of you do here for this college.

Thanks to the library staff for doing such a great job in meeting our students, faculty and others' needs.

Thanks to the CTL staff for making sure everything runs well both technologically and admninistratively.

Thanks to the faculty for their constant work on updating information, use of novel and innovative teaching methods and technologies and their willingness to always go above and beyond.

Thanks to the administration for their leadership and willingness to trust people to do what's right for the college.

Thanks to the staff for being the moto that keeps this place running.

I hope that you all enjoy this short break, are able to spend time with family ond loved ones, and be careful out there, don't eat too much!

Monday, November 12, 2012

Late Spring Cleaning in Fall


Perhaps one of the things that comes with age is a sense of proportion and pragmatic reality. I recently began a bit of a reconsideration of my life, and it led me, to all things, to do a bit of spring cleaning, here in the middle of the fall. By which I mean, I finally understood I no longer needed to hold on to all the chiropractic journals, medical journals, and ephemera I had built up over the years.

In part, this is was simply a function of space. I have, or had, copies of virtually every issue of every chiropractic and CAM journal published over the past 3 decades, and I no longer had any place to put them. This reminded me of the old article in the Journal of Irreproducible Results which demonstrated that if you put every issue of National Geographic magazine into a single room, you would tilt the Earth off its axis. I held those journals because (1) for so long, I was editor for many of them (JMPT, Journal of Chiropractic Medicine, Chiropractic Technique, Journal of Chiropractic Humanities, Journal of Sports Chiropractic and Rehabilitation, etc.) and (2) because you never know when you might need that one article in the hundreds you have.
But I had to finally admit to myself that the world had changed. The days of a Dr. Henderson holding 18,000 articles in his office file cabinets is gone. Everything is electronic now, and every article I had a hard copy of was available on the web in some fashion, all there for the finding. I asked my students how many subscribe to any of the journals, and the answer was, none- and why should they since we have site licenses for them all. I tried to give the journals away, but there were no takers. So, they are being recycled. And from that, there are old textbooks that could go, and other magazines, and so on. I say this as well knowing good friends who lost the choice when Hurricane Sandy hit; flooding ruined their collection as well and they had to discard all the damaged journals, and it really did not bother them either.

And in the end, with my changing interests- now toward bioethics and evidence-based practice, for example, not technique and orthopedics- I really no longer need them anyway. And it feels sort of good, to be sure.

Monday, November 5, 2012

New NIH Rules on Conflict of Interest


The NIH has issued new policies related to Financial Conflict of Interest. As part of these policies, Palmer College now requires that all faculty conducting research must complete an initial financial conflict of interest screening form annually. This should be submitted with each new research/IRB application. I am taking the following information directly from the NIH website (http://grants.nih.gov/grants/policy/coi/coi_faqs.htm), wherein the new requirements are described more fully.

A. General Questions


The 2011 revised regulation promotes objectivity in research by establishing standards that provide a reasonable expectation that the design, conduct, and reporting of research performed under NIH grants or cooperative agreements will be free from bias resulting from Investigator financial conflicts of interest. This regulation is commonly referred to as the Financial Conflict of Interest (FCOI) regulation. (http://www.gpo.gov/fdsys/pkg/FR-2011-08-25/pdf/2011-21633.pdf).

2.      When are Institutions required to comply with the 2011 revised regulation? (Institution)

An Institution applying for or receiving NIH funding from a grant or cooperative agreement must be in compliance with all of the revised regulatory requirements no later than 365 days after publication of the regulation in the Federal Register, i.e., August 24, 2012, and immediately upon making the Institution’s Financial Conflict of Interest policy publicly accessible as described in 42 CFR part 50.604(a).

3.      How does an Institution signify compliance with the 2011 revised regulation? (Institution)

When the Institution posts its Financial Conflict of Interest policy (or, if the institution does not have a current presence on a publicly accessible Web site, makes the policy publicly accessible by written request), it signifies that the Institution applying for or receiving PHS funding from a grant or cooperative agreement that is covered by the 2011 revised regulation is in full compliance with all the regulatory requirements. The Institution must be in compliance with the 2011 revised regulation no later than August 24, 2012.

4.      Is the 2011 revised regulation retroactive? (Institution)

No. The revised regulation will apply to each grant or cooperative agreement with an issue date of the Notice of Award that is subsequent to the compliance dates of the Final Rule (including noncompeting continuations) no later than August 24, 2012 and immediately upon making its Financial Conflict of Interest policy publicly accessible. Through their policies, however, Institutions may choose to apply the revised regulations to all active PHS awards. For example, Institutions may choose, in their Financial Conflict of Interest policy, to implement the regulation on a single date for all PHS-funded awards rather than implementing the regulation sequentially on the specific award date of each individual project.

5.      What is the most significant difference between the 1995 regulation and the 2011 revised regulation? (Institution and Investigator)

The 2011 revised regulation includes comprehensive changes, focusing on these areas in particular:

§  Definition of Significant Financial Interest

§  Extent of Investigators’ disclosure of information to Institutions regarding their Significant Financial Interests;

§  Institutions’ management of identified Financial Conflicts of Interest

§  Information reported to the PHS funding component (e.g., NIH);

§  Information made accessible to the public (i.e., Institutional FCOI policy and FCOIs of senior/key personnel); and

§  Investigator training.

6.      Where can I find additional information? (Institution and Investigator)

More information specific to grants and cooperative agreements is available on the Financial Conflict of Interest Web Page of the Grants Policy and Guidance section of the NIH Office of Extramural Research home page (http://grants.nih.gov/grants/policy/coi/index.htm.)

7.      May an Institution have conflict of interest policies that go beyond the regulation (e.g., impose more stringent requirements than those in the regulation)? (Institution and Investigator)

Yes, as long as the Institution’s policies meet the minimum requirements of the PHS regulation. The regulation states the Institution’s policy must inform each Investigator of the Institution’s policy on Financial Conflict of Interest; of the Investigator's Significant Financial Interest disclosure responsibilities; and of the PHS regulation. If an Institution adopts a policy that includes more restrictive disclosure thresholds than those in the 2011 revised regulation, the Institution must adhere to the requirements of the policy’s more restrictive standards. Institutions must report all identified FCOIs to the NIH, including any financial conflicts of interest identified in accordance with the Institution’s own more restrictive standards, in the time and manner specified in the regulation (see “Reporting” section for additional information).

8.      I have heard there is a special requirement for clinical research. Is this true? (Institution and Investigator)

Yes. In any case in which the HHS determines that an NIH-funded project of clinical research whose purpose is to evaluate the safety or effectiveness of a drug, medical device, or treatment has been designed, conducted, or reported by an Investigator with a conflicting interest that was not managed or reported by the Institution as required by the regulation, the Institution must require the Investigator(s) involved to disclose the Financial Conflict of Interest in each public presentation of the results of the research and to request an addendum to previously published presentations. Institution’s Financial Conflict of Interest policy may have additional requirements.

9.      For how long must Institutions keep records of financial disclosures and any resulting actions under the Institution’s policy or following a retrospective review, if applicable? (Institution)

Institutional policies must be followed regarding maintenance of records as long as they are in compliance with the PHS regulation. Under the regulation, the Institution is required to keep all records of all Investigator disclosures of financial interests and the Institution’s review of, or response to, such disclosure (whether or not a disclosure resulted in the Institution’s determination of a Financial Conflict of Interest), and all actions under the Institution’s policy or retrospective review, if applicable, as follows:

§  Records of financial disclosures and any resulting action must be maintained by the Institution for at least three years from the date of submission of the final expenditures report or, where applicable, from other dates specified in 45 C.F.R. 74.53(b) and 92.42 (b) for different situations.

NIH expects Institutions to retain records for each competitive segment as provided in the regulation.

10.  What is the purpose of this regulation? (Institution and Investigator)

The 2011 revised regulation promotes objectivity in research by establishing standards that provide a reasonable expectation that the design, conduct, and reporting of research performed under NIH grants or cooperative agreements will be free from bias resulting from Investigator financial conflicts of interest. This regulation is commonly referred to as the Financial Conflict of Interest (FCOI) regulation. (http://www.gpo.gov/fdsys/pkg/FR-2011-08-25/pdf/2011-21633.pdf).