<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>https://aboutus.com/index.php?action=history&amp;feed=atom&amp;title=software-testing</id>
		<title>software-testing - Revision history</title>
		<link rel="self" type="application/atom+xml" href="https://aboutus.com/index.php?action=history&amp;feed=atom&amp;title=software-testing"/>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;action=history"/>
		<updated>2026-07-04T16:00:05Z</updated>
		<subtitle>Revision history for this page on the wiki</subtitle>
		<generator>MediaWiki 1.28.0</generator>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71814042&amp;oldid=prev</id>
		<title>QAonCloud: page type updated</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71814042&amp;oldid=prev"/>
				<updated>2021-10-18T13:56:59Z</updated>
		
		<summary type="html">&lt;p&gt;page type updated&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 13:56, 18 October 2021&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan='2' style='text-align: center;' lang='en'&gt;&lt;div class=&quot;mw-diff-empty&quot;&gt;(No difference)&lt;/div&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;</summary>
		<author><name>QAonCloud</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71814041&amp;oldid=prev</id>
		<title>QAonCloud: page type updated</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71814041&amp;oldid=prev"/>
				<updated>2021-10-18T13:56:29Z</updated>
		
		<summary type="html">&lt;p&gt;page type updated&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 13:56, 18 October 2021&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan='2' style='text-align: center;' lang='en'&gt;&lt;div class=&quot;mw-diff-empty&quot;&gt;(No difference)&lt;/div&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;</summary>
		<author><name>QAonCloud</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71814040&amp;oldid=prev</id>
		<title>QAonCloud: contact updated</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71814040&amp;oldid=prev"/>
				<updated>2021-10-18T13:56:09Z</updated>
		
		<summary type="html">&lt;p&gt;contact updated&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 13:56, 18 October 2021&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan='2' style='text-align: center;' lang='en'&gt;&lt;div class=&quot;mw-diff-empty&quot;&gt;(No difference)&lt;/div&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;</summary>
		<author><name>QAonCloud</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71814039&amp;oldid=prev</id>
		<title>QAonCloud: name updated</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71814039&amp;oldid=prev"/>
				<updated>2021-10-18T13:55:49Z</updated>
		
		<summary type="html">&lt;p&gt;name updated&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 13:55, 18 October 2021&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan='2' style='text-align: center;' lang='en'&gt;&lt;div class=&quot;mw-diff-empty&quot;&gt;(No difference)&lt;/div&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;</summary>
		<author><name>QAonCloud</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71774254&amp;oldid=prev</id>
		<title>Appsierra: WYSIWYG edit</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71774254&amp;oldid=prev"/>
				<updated>2020-06-17T09:12:14Z</updated>
		
		<summary type="html">&lt;p&gt;WYSIWYG edit&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 09:12, 17 June 2020&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l1&quot; &gt;Line 1:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 1:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo; (436 breaches totaling 27.7M records) is not too far behind &amp;amp;ldquo;Hacking or malware&amp;amp;rdquo; which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&amp;amp;nbsp; As a tech writer about things QA-related, I was intrigued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo; (436 breaches totaling 27.7M records) is not too far behind &amp;amp;ldquo;Hacking or malware&amp;amp;rdquo; which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&amp;amp;nbsp; As a tech writer about things QA-related, I was intrigued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today I&amp;amp;rsquo;d like to look at steps to avoid preventable loss. The insurance industry refers to &amp;amp;ldquo;risk avoidance&amp;amp;rdquo; and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA we&amp;amp;rsquo;re talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&amp;amp;nbsp;of security for the Multidimensional Insurance Data Analytics System (MIDAS).&amp;amp;nbsp; Never heard of it?&amp;amp;nbsp; Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&amp;amp;nbsp; Please, let&amp;amp;#39;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &amp;amp;ndash; let&amp;amp;#39;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &amp;amp;nbsp;You may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper &amp;lt;a href=&amp;quot;https://www.indiumsoftware.com/software-testing-services/&amp;quot;&amp;gt;software quality assurance&amp;lt;/a&amp;gt; and follow-through of their results in such endeavors.&amp;amp;nbsp; Quite a boon to those of us in the QA community, we&amp;amp;#39;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today I&amp;amp;rsquo;d like to look at steps to avoid preventable loss. The insurance industry refers to &amp;amp;ldquo;risk avoidance&amp;amp;rdquo; and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA we&amp;amp;rsquo;re talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&amp;amp;nbsp;of security for the Multidimensional Insurance Data Analytics System (MIDAS).&amp;amp;nbsp; Never heard of it?&amp;amp;nbsp; Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&amp;amp;nbsp; Please, let&amp;amp;#39;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &amp;amp;ndash; let&amp;amp;#39;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &amp;amp;nbsp;You may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper &amp;lt;a href=&amp;quot;https://www.indiumsoftware.com/software-testing-services/&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;quot; rel=&amp;quot;nofollow&lt;/ins&gt;&amp;quot;&amp;gt;software quality assurance&amp;lt;/a&amp;gt; and follow-through of their results in such endeavors.&amp;amp;nbsp; Quite a boon to those of us in the QA community, we&amp;amp;#39;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&amp;amp;nbsp; If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&amp;amp;nbsp; Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&amp;amp;nbsp; If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&amp;amp;nbsp; Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l11&quot; &gt;Line 11:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 11:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&amp;amp;nbsp; It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&amp;amp;nbsp; It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&amp;amp;nbsp; In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;a href=&amp;quot;https://appsierra.com/6-types-of-encryption-softwares-you-must-know-about/&amp;quot;&amp;gt;&lt;/ins&gt;encrypted&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;/a&amp;gt; &lt;/ins&gt;user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&amp;amp;nbsp; In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&amp;amp;nbsp; I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&amp;amp;nbsp; I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &amp;lt;a href=&amp;quot;https://&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;www.kualitatem&lt;/del&gt;.com/security-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &amp;lt;a href=&amp;quot;https://&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;appsierra&lt;/ins&gt;.com/&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;what-is-&lt;/ins&gt;security-testing&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;-a-complete-overview&lt;/ins&gt;/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;software testing tools&amp;lt;/a&amp;gt; and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;software testing tools&amp;lt;/a&amp;gt; and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Appsierra</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71750006&amp;oldid=prev</id>
		<title>Stella123: WYSIWYG edit</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71750006&amp;oldid=prev"/>
				<updated>2019-11-22T10:14:23Z</updated>
		
		<summary type="html">&lt;p&gt;WYSIWYG edit&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 10:14, 22 November 2019&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l1&quot; &gt;Line 1:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 1:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure”&lt;/del&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure” &lt;/del&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“Hacking &lt;/del&gt;or &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;malware” &lt;/del&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;As a tech writer about things QA-related, I was intrigued.&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo;&lt;/ins&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo; &lt;/ins&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Hacking &lt;/ins&gt;or &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;malware&amp;amp;rdquo; &lt;/ins&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;As a tech writer about things QA-related, I was intrigued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;I’d &lt;/del&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“risk avoidance” &lt;/del&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;we’re &lt;/del&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt; of &lt;/del&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Never heard of it?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Please, let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/del&gt;let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;del class=&quot;diffchange diffchange-inline&quot;&gt; You &lt;/del&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Quite a boon to those of us in the QA community, we&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;I&amp;amp;rsquo;d &lt;/ins&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;risk avoidance&amp;amp;rdquo; &lt;/ins&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;we&amp;amp;rsquo;re &lt;/ins&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;of &lt;/ins&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Never heard of it?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Please, let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/ins&gt;let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;You &lt;/ins&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;a href=&amp;quot;https://www.indiumsoftware.com/software-testing-services/&amp;quot;&amp;gt;&lt;/ins&gt;software quality assurance&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;/a&amp;gt; &lt;/ins&gt;and follow-through of their results in such endeavors.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Quite a boon to those of us in the QA community, we&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Honest, I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;m not slacking off as a writer &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/del&gt;I just think you&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;ll appreciate it more this way and realize that I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;m am not coloring the prose.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;… &lt;/del&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Honest, I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;m not slacking off as a writer &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/ins&gt;I just think you&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;ll appreciate it more this way and realize that I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;m am not coloring the prose.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;hellip; &lt;/ins&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &amp;lt;a href=&amp;quot;https://www.kualitatem.com/security-testing/&amp;quot; &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;target&lt;/del&gt;=&amp;quot;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;_blank&lt;/del&gt;&amp;quot; &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;rel&lt;/del&gt;=&amp;quot;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;nofollow&lt;/del&gt;&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &amp;lt;a href=&amp;quot;https://www.kualitatem.com/security-testing/&amp;quot; &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;rel&lt;/ins&gt;=&amp;quot;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;nofollow&lt;/ins&gt;&amp;quot; &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;target&lt;/ins&gt;=&amp;quot;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;_blank&lt;/ins&gt;&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;target&lt;/del&gt;=&amp;quot;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;_blank&lt;/del&gt;&amp;quot; &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;rel&lt;/del&gt;=&amp;quot;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;nofollow&lt;/del&gt;&amp;quot;&amp;gt;software testing tools&amp;lt;/a&amp;gt; and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;rel&lt;/ins&gt;=&amp;quot;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;nofollow&lt;/ins&gt;&amp;quot; &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;target&lt;/ins&gt;=&amp;quot;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;_blank&lt;/ins&gt;&amp;quot;&amp;gt;software testing tools&amp;lt;/a&amp;gt; and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Stella123</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71740516&amp;oldid=prev</id>
		<title>Stella123: WYSIWYG edit</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71740516&amp;oldid=prev"/>
				<updated>2019-09-03T12:01:15Z</updated>
		
		<summary type="html">&lt;p&gt;WYSIWYG edit&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 12:01, 3 September 2019&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l1&quot; &gt;Line 1:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 1:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo;&lt;/del&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo; &lt;/del&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Hacking &lt;/del&gt;or &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;malware&amp;amp;rdquo; &lt;/del&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;As a tech writer about things QA-related, I was intrigued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure”&lt;/ins&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure” &lt;/ins&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“Hacking &lt;/ins&gt;or &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;malware” &lt;/ins&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;As a tech writer about things QA-related, I was intrigued.&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;I&amp;amp;rsquo;d &lt;/del&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;risk avoidance&amp;amp;rdquo; &lt;/del&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;we&amp;amp;rsquo;re &lt;/del&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;of &lt;/del&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Never heard of it?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Please, let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/del&gt;let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;You &lt;/del&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Quite a boon to those of us in the QA community, we&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;I’d &lt;/ins&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“risk avoidance” &lt;/ins&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;we’re &lt;/ins&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt; of &lt;/ins&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Never heard of it?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Please, let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/ins&gt;let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt; You &lt;/ins&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Quite a boon to those of us in the QA community, we&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Honest, I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;m not slacking off as a writer &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/ins&gt;I just think you&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;ll appreciate it more this way and realize that I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;m am not coloring the prose.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;… &lt;/ins&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Honest, I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;m not slacking off as a writer &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/del&gt;I just think you&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;ll appreciate it more this way and realize that I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;m am not coloring the prose.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;hellip; &lt;/del&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &amp;lt;a href=&amp;quot;https://www.kualitatem.com/security-testing/&amp;quot; target=&amp;quot;_blank&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;quot; rel=&amp;quot;nofollow&lt;/ins&gt;&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &amp;lt;a href=&amp;quot;https://www.kualitatem.com/security-testing/&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; target=&amp;quot;_blank&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;quot; rel=&amp;quot;nofollow&lt;/ins&gt;&amp;quot;&amp;gt;software testing tools&amp;lt;/a&amp;gt; and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;software testing tools&amp;lt;/a&amp;gt; and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Stella123</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71737090&amp;oldid=prev</id>
		<title>Scottandery: WYSIWYG edit</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71737090&amp;oldid=prev"/>
				<updated>2019-08-05T11:33:24Z</updated>
		
		<summary type="html">&lt;p&gt;WYSIWYG edit&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 11:33, 5 August 2019&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l15&quot; &gt;Line 15:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 15:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&amp;amp;nbsp; I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&amp;amp;nbsp; I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the security testing and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;a href=&amp;quot;https://www.kualitatem.com/&lt;/ins&gt;security&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;-&lt;/ins&gt;testing&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;/&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;security testing&amp;lt;/a&amp;gt; &lt;/ins&gt;and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in software testing tools and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;a href=&amp;quot;https://www.kualitee.com/&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;&lt;/ins&gt;software testing tools&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;lt;/a&amp;gt; &lt;/ins&gt;and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Scottandery</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71729572&amp;oldid=prev</id>
		<title>Qasource: WYSIWYG edit</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71729572&amp;oldid=prev"/>
				<updated>2019-06-26T10:30:49Z</updated>
		
		<summary type="html">&lt;p&gt;WYSIWYG edit&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 10:30, 26 June 2019&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l1&quot; &gt;Line 1:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 1:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure”&lt;/del&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure” &lt;/del&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“Hacking &lt;/del&gt;or &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;malware” &lt;/del&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;As a tech writer about things QA-related, I was intrigued.&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo;&lt;/ins&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo; &lt;/ins&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Hacking &lt;/ins&gt;or &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;malware&amp;amp;rdquo; &lt;/ins&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;As a tech writer about things QA-related, I was intrigued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;I’d &lt;/del&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;“risk avoidance” &lt;/del&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;we’re &lt;/del&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;target&lt;/del&gt;=&amp;quot;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;_blank&lt;/del&gt;&amp;quot; &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;rel&lt;/del&gt;=&amp;quot;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;nofollow&lt;/del&gt;&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt; of &lt;/del&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Never heard of it?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Please, let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/del&gt;let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;del class=&quot;diffchange diffchange-inline&quot;&gt; You &lt;/del&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Quite a boon to those of us in the QA community, we&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;I&amp;amp;rsquo;d &lt;/ins&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;risk avoidance&amp;amp;rdquo; &lt;/ins&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;we&amp;amp;rsquo;re &lt;/ins&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;rel&lt;/ins&gt;=&amp;quot;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;nofollow&lt;/ins&gt;&amp;quot; &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;target&lt;/ins&gt;=&amp;quot;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;_blank&lt;/ins&gt;&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;of &lt;/ins&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Never heard of it?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Please, let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/ins&gt;let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;You &lt;/ins&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Quite a boon to those of us in the QA community, we&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;Honest, I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;m not slacking off as a writer &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/del&gt;I just think you&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;ll appreciate it more this way and realize that I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/del&gt;m am not coloring the prose.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;… &lt;/del&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;Honest, I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;m not slacking off as a writer &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/ins&gt;I just think you&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;ll appreciate it more this way and realize that I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/ins&gt;m am not coloring the prose.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/del&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;hellip; &lt;/ins&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/ins&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the security testing and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the security testing and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&lt;ins style=&quot;font-weight: bold; text-decoration: none;&quot;&gt;&lt;/ins&gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&lt;ins style=&quot;font-weight: bold; text-decoration: none;&quot;&gt;&lt;/ins&gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in software testing tools and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in software testing tools and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Qasource</name></author>	</entry>

	<entry>
		<id>https://aboutus.com/index.php?title=software-testing&amp;diff=71706717&amp;oldid=prev</id>
		<title>Scottandery: WYSIWYG edit</title>
		<link rel="alternate" type="text/html" href="https://aboutus.com/index.php?title=software-testing&amp;diff=71706717&amp;oldid=prev"/>
				<updated>2018-12-20T07:06:11Z</updated>
		
		<summary type="html">&lt;p&gt;WYSIWYG edit&lt;/p&gt;
&lt;table class=&quot;diff diff-contentalign-left&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;' lang='en'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 07:06, 20 December 2018&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l1&quot; &gt;Line 1:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 1:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo;&lt;/del&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Unintended Disclosure&amp;amp;rdquo; &lt;/del&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;Hacking &lt;/del&gt;or &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;malware&amp;amp;rdquo; &lt;/del&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;As a tech writer about things QA-related, I was intrigued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{DISPLAYTITLE:Security Testing Prevents Data Breaches from Government Data Warehouse}}&amp;lt;p&amp;gt;It seems like every day brings headlines about data breaches of companies in various industry sectors and governmental agencies, including many of which are determined to be &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure”&lt;/ins&gt;. A check on privacyrights.org shows that if you look at both U.S. governmental and U.S. healthcare sites on the day I wrote this article, you will see that &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“Unintended Disclosure” &lt;/ins&gt;(436 breaches totaling 27.7M records) is not too far behind &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“Hacking &lt;/ins&gt;or &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;malware” &lt;/ins&gt;which accounted for 301 breaches totaling 50M records. Really? Over a third of the records from these 2 forms of data breach were from something as preventable as carelesssness on the programming or implementation side?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;As a tech writer about things QA-related, I was intrigued.&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;I&amp;amp;rsquo;d &lt;/del&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ldquo;risk avoidance&amp;amp;rdquo; &lt;/del&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;we&amp;amp;rsquo;re &lt;/del&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;of &lt;/del&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Never heard of it?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Please, let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/del&gt;let&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp;You &lt;/del&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Quite a boon to those of us in the QA community, we&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Today &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;I’d &lt;/ins&gt;like to look at steps to avoid preventable loss. The insurance industry refers to &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;“risk avoidance” &lt;/ins&gt;and suggests audits to lessen the likelihood of the otherwise potential. For instance, in a pharma manufacturing tech writing job I once held, I worked on a Current Good Manufacturing Practices manual, which is required by FDA to assure quality standards. But the kind of QA &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;we’re &lt;/ins&gt;talking about here involves data &amp;lt;a href=&amp;quot;http://www.qualitestgroup.com/etl-data-warehouse-testing/&amp;quot; target=&amp;quot;_blank&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;&amp;quot; rel=&amp;quot;nofollow&lt;/ins&gt;&amp;quot;&amp;gt;warehouse testing&amp;lt;/a&amp;gt;&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt; of &lt;/ins&gt;security for the Multidimensional Insurance Data Analytics System (MIDAS).&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Never heard of it?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Well, you probably have heard of healthcare.gov which is informally referred to as Obamacare, which this collects qualification data for in a data warehouse format.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Please, let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;s avoid the strong political firestorm of opinions, both pro and con, about this program and the interests behind it that may be a tempting cause for many comments here &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/ins&gt;let&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;s merely concern ourselves with the fact that apps that are in use should pass QA standards, especially when concerning personal information which impact privacy concerns. &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt; You &lt;/ins&gt;may recall the public problems that the &amp;lt;a href=&amp;quot;https://www.healthcare.gov/&amp;quot; rel=&amp;quot;nofollow&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;gt;healthcare.gov&amp;lt;/a&amp;gt; website had, calling attention to (thank you!) the need for proper software quality assurance and follow-through of their results in such endeavors.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Quite a boon to those of us in the QA community, we&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;ve never felt so needed!&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;The collected qualification information is what is suspected to be the data fields.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;If you go to the verify-information folder then the documents-and-deadlines subfolder, you will get a list of personal identification documents that are of the type that one would have privacy phishing concerns about, including: income (tax forms, bank account information, Social Security Numbers, income forms, business ledger info, documents related to unearned income, etc.), immigration status, citizenship, home/rental insurance, DMV info, mortgage info, marriage license, birth certificates, adoption paperwork, and veteran status.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Former Social Security Administration Commissioner Michael As true asserts in his Cleveland Times editorial that the fields include:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;Honest, I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;m not slacking off as a writer &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;– &lt;/ins&gt;I just think you&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;ll appreciate it more this way and realize that I&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;'&lt;/ins&gt;m am not coloring the prose.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;… &lt;/ins&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Details of an audit are in the public document &amp;lt;a href=&amp;quot;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;https://oig.hhs.gov/oas/reports/region6/61400067.pdf&amp;lt;/a&amp;gt;, which I will now detail for you, the reader.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;It is so readable that I am going to do the unthinkable for a tech writer: present large chunks of the material almost verbatim.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;Honest, I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;m not slacking off as a writer &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;ndash; &lt;/del&gt;I just think you&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;ll appreciate it more this way and realize that I&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;#39;&lt;/del&gt;m am not coloring the prose.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;The report begins by explaining the noble purpose thusly:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Analytics and database systems that are not secured properly create vulnerabilities that could be exploited by unauthorized individuals to compromise the confidentiality of personally identifiable information (PII) or other sensitive data. Data and systems security is a top oversight priority &lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;hellip; &lt;/del&gt;MIDAS is a central repository for insurance-related data intended to provide ... metrics to the Department of Health and Human Services for various initiatives mandated by the Patient Protection and Affordable Care Act. The MIDAS collects, generates, and stores a high volume of sensitive consumer information, and it is critical that it be properly secured. Therefore, we performed the audit ... Our objective was to assess whether [they] had implemented information security controls to secure the PII related to the MIDAS and a certain number of its supporting databases.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;ins class=&quot;diffchange diffchange-inline&quot;&gt;  &lt;/ins&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Okay, so we know why it exists, and see a secondary mission to ensure that what exists reaches a specific level of quality.&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;It goes on to discuss the results of the audit which took place between August and December of 2014:&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;Although CMS [Centers for Medicare and Medicaid Services] had implemented controls to secure the MIDAS and consumer PII data in the systems and databases we reviewed, we identified areas for improvement in its information security controls. At the time of our fieldwork, CMS: had not disabled unnecessary generic accounts in its test environment [meaning that users using the system may not be properly identified]; had not encrypted user sessions [meaning that a recorded user session had would be readable if hacked]; had not conducted automated vulnerability assessments that simulate known attacks which would have revealed vulnerabilities (e.g., password weaknesses and misconfigurations) specific to the application or databases that support the MIDAS; and used a shared read-only account for access to the database that contained the PII [again, improper tracking of who accesses what data].&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;In addition to the information security control vulnerabilities mentioned above, our database vulnerability scans identified 22 high, 62 medium, and 51 low vulnerabilities. We made related recommendations to address the issues we identified.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;How would these suggestions be received?&lt;del class=&quot;diffchange diffchange-inline&quot;&gt;&amp;amp;nbsp; &lt;/del&gt;I am glad to report that there is a happy ending, and that everything was repaired before this report became public.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;#160;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the security testing and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;CMS worked with [them] during the security testing and within a week of the findings being identified, CMS had addressed all the high vulnerabilities identified. CMS had addressed a majority of the remaining findings within 30 days of identification. All of [the] findings in this report were addressed by February 2015. In addition, all of the recommendations in this report were fully implemented prior to the draft report [stamped May 8, 2015] being issued.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&lt;del style=&quot;font-weight: bold; text-decoration: none;&quot;&gt;&lt;/del&gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Author Bio:&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;−&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&lt;del style=&quot;font-weight: bold; text-decoration: none;&quot;&gt;&lt;/del&gt;&lt;/div&gt;&lt;/td&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in software testing tools and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&amp;lt;p&amp;gt;&amp;lt;a href=&amp;quot;https://twitter.com/ScottAndery&amp;quot; rel=&amp;quot;nofollow&amp;quot;&amp;gt;Scott Andery&amp;lt;/a&amp;gt; is an expert marketer and author who specialize in software testing tools and resources.&amp;lt;/p&amp;gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Scottandery</name></author>	</entry>

	</feed>