COMPUTER SECURITY SYSTEM CHARACTERISTICS


The Buffalo Neuroimaging Analysis Center (BNAC) network is maintained as a discrete VLAN within the hospital network. All systems are connected via high=speed gigabytes Ethernet. it is connected to the outside Internet via a dedicated Firewall through which external secure channels can be established.

Secure passwords, which must be changed monthly, are required for any access to BNAC resources. Most information is also stored in an encrypted manner, so that obtaining administrative rights to the system will not provide access to patient/research data.

The primary BNAC platform is RedHat Enterprise Linux, tailored to have only required processes running in order to minimize possible security holes. Antivirus and intrusion-detection packages are deployed on all systems. Standard procedures are in place to ensure that software is consistently kept up to date, including virus definitions and all applicable security patches.

Data integrity is maintained on a number of levels, including: RAID level 5 redundant disk storage of all data, checkpoint software maintaining daily version-controlled change histories, daily incremental tape backups, and monthly full-tape backups.

Data availability is ensured by a rotating off-site tape backup schedule, with a maximum offset of one week. An external firm is contracted for storage of two copies of data at a secure off-site location.