An ever increasing amount of data collection on social media contributes to additional security implications which are not outlined in the End User License Agreements that we see today. We believe that this data can be used in many ways to violate user anonymity and create digital profiles of users based on various data processing methods. We can then cross-reference these digital profiles to other social media platforms to identify previously anonymous users. To do this, we hope to use numerated social media APIs which contribute to the release of Personally Identifiable Information. From this, We hope to educate users on End User License Agreements while informing them on applications of data usage by performing analysis on Reddit user data and other social media platforms.

The Interventional Radiology department at Seattle Children's Hospital currently deals with an inefficient, error prone system to manually transcribe patient appointments from the billing system to a calendar accessible to nurses, Radiology technologists, and doctors in the operating room. We set out to determine how we can improve the scheduling process for interventional radiology procedures at Seattle Children’s Hospital so that staff are able to easily view upcoming procedures within the context of the patient’s protected health information. We designed a scheduling system to fit the needs of clinicians and staff at Seattle Children's Hospital. The application, called Hippo, is built to contain information accessible with a glance, while maintaining customizability to adapt to the hospital's changing needs. Hippo also connects with existing medical applications, such as Epic and Cerner, to automatically import new appointments and reduce transcription errors. Hippo is a browser based application designed to be accessible on desktop, mobile, and large screen devices.

Starbucks’ information security team is continually seeking to understand which of its security events to prioritize for response. Although the organization utilizes a security information and event management tool for detecting anomalous activity, the number of alerts being generated by the tool are overwhelming and difficult to manage. This is an issue that security teams at many large organizations face; how do you sift through the noise and find the events that are most likely indicative of a security threat or breach? IntelligentIR helps answer this question through the use of machine learning techniques. Using unsupervised learning to label raw security data along with supervised learning to build decision models, intellingentIR identifies and prioritizes new security alerts in order to make incident response more manageable.

To provide its members with award-winning care, Group Health employees need access to data. This includes electronic Personal Health Information (ePHI) which is distributed throughout the company-wide scheme of network folders. To safeguard ePHI, Group Health administrators have to determine who needs access to this data and at what level. For our Capstone, we joined the Identity and Access Management Department at Group Health, where we led the File Folder Access Review process. During our 5-month engagement, we helped 60 Group Health leaders identify appropriate access among employees to ePHI data. To accomplish this, we conducted gap analysis research, refined existing review structures, and deployed access reviews of 1000+ network folders. Through our project, we ensured effective access to data in compliance with Healthcare Information Portability and Privacy Act (HIPPA) regulations, ultimately decreasing security risks for the entire Cooperative, patients and employees alike.

Companies around the world are investing in cybersecurity but are not confident in their security controls as the technology landscape is ever changing. Spyral, our risk scoring framework, aims to provide operational cyber awareness for companies by providing them the fastest actionable insight into their risk posture. National Vulnerability Database(NVD) provides a vulnerability score for different software flaws. Spyral extracts this vulnerability score from NVD and superimposes it with other operating environment factors such as number of machines in environment, cloud infrastructure, and affiliation with external entities to come up with a risk score contextual to the company. Spyral is also industry agnostic and does not take special regulations into consideration to provide an unbiased scoring based on only the operating conditions. This information is going to be presented in an information visualization dashboard which will provide quick insights into their risk posture.

Forensic examiners and legal professionals must stay abreast of new technologies while adhering to sound practices required to satisfy evidentiary requirements in court. The widespread adoption of a new operating system and browser bears enormous importance for the digital forensic community. Specifically, the impact of Windows 8 and Internet Explorer 10 is especially dramatic with their range of new features. Our research encompasses the technical forensic considerations and the legal concerns that arise when dealing with anti-forensic activity and contemporary systems. It serves as an overarching, practical resource for forensic practitioners and legal professionals. We provide an overview of the forensically relevant changes with Windows 8 and Internet Explorer 10, and then investigate the potential for recovery of valuable evidence under forensically challenging circumstances. Finally, we offer insight into the evidentiary treatment and legal ramifications of live acquisition of evidence and antiforensic activity.

In the absence of industry standards, many small- and medium-sized companies struggle to assess the security risks of cloud adoption. Additionally, the quality and intended audience of available resources is typically focused on singular topics, or otherwise not suitable for companies to consume. To address these issues we published a website to serve as a reference for common concerns and a resource collection for various authorities regarding cloud computing security concerns. The website is published alongside a formal document outlining our findings on GitHub to make them open source, allowing their content to be changed and updated as necessary in the future.

Online free-speech is under attack: over 50% of internet users live in countries with medium to high levels of censorship. Legislation like SOPA, PIPA, and the upcoming Trans-Pacific Partnership (TPP) treaty are all attempts at forcing internet blacklists on the free world. Speech.is provides interoperability between a special censorship resistant top-level-domain name, ‘.bit’, and the rest of the web. A ‘.bit’ domain name is a lot like a ‘.com’ or ‘.net’ domain name except that no government can take control of it. Speech.is makes it possible for anyone to surf websites on the censorship resistant Namecoin domain-name-system using their regular web browser, without any add-ons and without changing any system settings. Speech.is provides a safe haven for internet users on the web, where governments cannot seize domain names nor selectively censor websites. Speech.is effectively neuters the censorship provisions of the TPP and represents a major blow against censorship and big step forward for the web.

UW Medicine’s data centers are located in a ten mile radius within the Puget Sound area, and could be impacted by the same disaster. Our project is helping the IT Services Data Center team prepare for a remote DR site to improve information assurance. By applying HIPAA DR guidelines to refine and document backup, monitoring, and data center DR processes; ongoing efforts for process improvement that address continuously evolving technology, and an increasing dependency on IT for quality patient care can be assured. This will result in increased systems availability enabling UW clinicians to provide the best healthcare when it’s needed most.