39 CFR 267.5 - National Security Information.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 39 Postal Service 1 2014-07-01 2014-07-01 false National Security Information. 267.5 Section 267.5 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide...

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 39 Postal Service 1 2011-07-01 2011-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

39 CFR 267.5 - National Security Information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 39 Postal Service 1 2013-07-01 2013-07-01 false National Security Information. 267.5 Section 267.5 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide...

39 CFR 267.5 - National Security Information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 39 Postal Service 1 2011-07-01 2011-07-01 false National Security Information. 267.5 Section 267.5 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide...

76 FR 4079 - Information Technology (IT) Security

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-24

... Technology (IT) Security AGENCY: National Aeronautics and Space Administration. ACTION: Final rule. SUMMARY: NASA is revising the NASA FAR Supplement (NFS) to update requirements related to Information Technology... Security clause. However, due to the critical importance of protecting the Agency's Information Technology...

76 FR 81827 - Declassification of National Security Information

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-29

... prompt decision on the appeal. (b) [Reserved] Sec. 1260.82 What actions must NARA take with information... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... related to declassification of classified national security information in records transferred to NARA's...

78 FR 67210 - Charging Standard Administrative Fees for Nonprogram-Related Information; Correction

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-08

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0026] Charging Standard Administrative Fees for Nonprogram-Related Information; Correction AGENCY: Social Security Administration. ACTION: Notice... Social Security Administration published a document in the Federal Register of September 18, 2013...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

45 CFR 303.30 - Securing medical support information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 2 2013-10-01 2012-10-01 true Securing medical support information. 303.30... (CHILD SUPPORT ENFORCEMENT PROGRAM), ADMINISTRATION FOR CHILDREN AND FAMILIES, DEPARTMENT OF HEALTH AND HUMAN SERVICES STANDARDS FOR PROGRAM OPERATIONS § 303.30 Securing medical support information. (a) If...

45 CFR 303.30 - Securing medical support information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 2 2011-10-01 2011-10-01 false Securing medical support information. 303.30... (CHILD SUPPORT ENFORCEMENT PROGRAM), ADMINISTRATION FOR CHILDREN AND FAMILIES, DEPARTMENT OF HEALTH AND HUMAN SERVICES STANDARDS FOR PROGRAM OPERATIONS § 303.30 Securing medical support information. (a) If...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

75 FR 70764 - Small Business Information Security Task Force

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-18

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... Task Force. Chairman, Rusty Pickens, called the meeting to order on October 13, 2010 at 1 p.m. Roll...

76 FR 5232 - Small Business Information Security Task Force

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-28

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... Task Force. Chairman, Rusty Pickens, called the meeting to order on December 8, 2010 at 1 p.m. Roll...

76 FR 11307 - Small Business Information Security Task Force

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-01

... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... Task Force. Chairman, Mr. Rusty Pickens, called the meeting to order on January 12, 2011 at 1 p.m. Roll...

Speeding decisions. Social security's information exchange program.

PubMed

Winter, Kitt; Hastings, Bob

2011-05-01

The Social Security Administration has plenty of reasons to streamline its records request process-more than 15 million reasons each year, in fact. That's why it has been pioneering information exchange projects with the private sector, including use of the Nationwide Health Information Network.

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Information Security Risk Assessment in Hospitals.

PubMed

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Risk Assessment in Hospitals

PubMed Central

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

Background: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. Objective: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. Method: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). Results: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). Conclusion: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies. PMID:29204226

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

20 CFR 221.3 - Social Security Administration jurisdiction.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 1 2011-04-01 2011-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the Social...

20 CFR 221.3 - Social Security Administration jurisdiction.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 1 2012-04-01 2012-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the Social...

20 CFR 221.3 - Social Security Administration jurisdiction.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 1 2014-04-01 2012-04-01 true Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the Social...

20 CFR 221.3 - Social Security Administration jurisdiction.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 1 2013-04-01 2012-04-01 true Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the Social...

20 CFR 221.3 - Social Security Administration jurisdiction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the Social...

14 CFR § 1203.201 - Information security objectives.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Information security objectives. § 1203.201 Section § 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION... technologies. (e) Provide a timely and effective means for downgrading or declassifying information when the...

Administrator, National Security Education Program

DTIC Science & Technology

1993-01-19

1. Administer, direct, and manage the resources for the lit program. 2. Establish and direct an international education center, as approved by the...approve the hiring of, and evaluate the performance of personnel who staff the international education center. 4. Ensure appropriate internal management...Administrator, National Security Education Program * References: (a) DoD Directive 1025.2 , "National Security * Education Program," January 13, 1993

An Agile Enterprise Regulation Architecture for Health Information Security Management

PubMed Central

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

PubMed

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

29 CFR 70.54 - Employee Benefits Security Administration.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 29 Labor 1 2014-07-01 2013-07-01 true Employee Benefits Security Administration. 70.54 Section 70... Records and Filings § 70.54 Employee Benefits Security Administration. (a) The annual financial reports (Form 5500) and attachments/schedules as filed by employee benefit plans under the Employee Retirement...

29 CFR 70.54 - Employee Benefits Security Administration.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 29 Labor 1 2010-07-01 2010-07-01 true Employee Benefits Security Administration. 70.54 Section 70... Records and Filings § 70.54 Employee Benefits Security Administration. (a) The annual financial reports (Form 5500) and attachments/schedules as filed by employee benefit plans under the Employee Retirement...

Management of the Defense Technology Security Administration Year 2000 Program

DTIC Science & Technology

1998-11-03

caller is fully protected Acronyms DTSA Defense Technology Security Administration Y2K Year 2000 INSPECTOR GENERAL DEPARTMENT OF DEFENSE 400 ARMY NAVY...accordance with the DoD Management Plan Defense Technology Security Administration. The Defense Technology Security Administration ( DTSA ) was established...in 1985 as a field activity of the Office of the Secretary of Defense By establishing DTSA , the DoD role in export controls was centralized and

Information Security: Serious Weakness Put State Department and FAA Operations at Risk

DOT National Transportation Integrated Search

1998-05-19

Testimony focuses on the results of recent reviews of computer security at the Department of State and the Federal Aviation Administration (FAA). Makes specific recommendations for improving State and FAA's information security posture. Highlights be...

Transportation Security Administration

MedlinePlus

... FAQ or factsheet. Disabilities and Medical Conditions Access important information and resources for travelers with disabilities and medical ... Official website of the Department of Homeland Security Travel Media About Contact

A mapping of information security in health Information Systems in Latin America and Brazil.

PubMed

Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo

2013-01-01

In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

NNSA Administrator Looks to Future of Nuclear Security at STRATCOM Symposium

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas P. DAgostino of the National Nuclear Security Administration (NNSA) discusses the future of the Nuclear Security Enterprise and its strategic deterrence mission in light of President Obamas unprecedented nuclear security agenda.

45 CFR 303.30 - Securing medical support information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 2 2010-10-01 2010-10-01 false Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT (CHILD SUPPORT ENFORCEMENT PROGRAM), ADMINISTRATION FOR CHILDREN AND FAMILIES, DEPARTMENT OF HEALTH AND...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

Defense Technology Security Administration Strategic Plan 2009-2010

DTIC Science & Technology

2008-12-22

NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Defense Technology Security Administration ( DTSA ),Washington,DC 8. PERFORMING ORGANIZATION...Security Administration This document is unclassifi ed in its entirety. Photography courtesy of Defense Link and DTSA . Document printed 2009. DTSA ...STRATEGIC PLAN 2009-2010 C O N T E N T S Message from the Director 2 Envisioning 2010 3 Our Way Ahead 5 We Are DTSA 18 Metrics Matrix 24 DTSA

Measurement issues associated with using survey data matched with administrative data from the Social Security Administration.

PubMed

Davies, Paul S; Fisher, T Lynn

2009-01-01

Researchers using survey data matched with administrative data benefit from the rich demographic and economic detail available from survey data combined with detailed programmatic data from administrative records. The research benefits of using these matched data are too numerous to mention. But there are drawbacks as well, and those drawbacks have received less systematic attention from researchers. We focus on survey data matched with administrative data from the Social Security Administration and address the strengths and weaknesses of each in four specific areas: (1) program participation and benefits, (2) disability and health information, (3) earnings, and (4) deferred compensation. We discuss the implications of these strengths and weaknesses for decisions that researchers must make regarding the appropriate data source and definition for the concepts in question. From this discussion, some general conclusions are drawn about measurement issues associated with using matched survey and administrative data for research, policy evaluation, and statistics.

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 44 Emergency Management and Assistance 1 2011-10-01 2011-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 44 Emergency Management and Assistance 1 2012-10-01 2011-10-01 true Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 44 Emergency Management and Assistance 1 2013-10-01 2013-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 44 Emergency Management and Assistance 1 2014-10-01 2014-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

41 CFR 105-53.133 - Information Security Oversight Office.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION AND...

41 CFR 105-53.133 - Information Security Oversight Office.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 41 Public Contracts and Property Management 3 2011-01-01 2011-01-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION AND...

20 CFR 410.706 - Effect of the Social Security Administration determination of entitlement.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Effect of the Social Security Administration determination of entitlement. 410.706 Section 410.706 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL... the Social Security Administration determination of entitlement. Under section 435 of the BLBRA of...

20 CFR 410.706 - Effect of the Social Security Administration determination of entitlement.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Effect of the Social Security Administration determination of entitlement. 410.706 Section 410.706 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL... the Social Security Administration determination of entitlement. Under section 435 of the BLBRA of...

Attitudes towards information system security among physicians in Croatia.

PubMed

Markota, M; Kern, J; Svab, I

2001-07-01

To examine attitudes about information system security among Croatian physicians a cross-sectional study was performed on a representative sample of 800 Croatian physicians. An anonymous questionnaire comprising 21 questions was distributed and statistical analysis was performed using a chi-square test. A 76.2% response rate was obtained. The majority of respondents (85.8%) believe that information system security is a new area in their work. In general, physicians are not informed about European directives, conventions, recommendations, etc. Only a small number of physicians use personal computers at work (29%). Those physicians who have a personal computer use it mainly for administrative reasons. Most healthcare institutions (89%) do not have a security manual and the area of information system security is left to individual interest and initiative. Only 25% of physicians who have a personal computer use any type of password. A high percentage of physicians (22%) has never thought about the problem of personal data being used by organizations (e.g. police, banks) without legal background; a small, but still significant percentage of physicians (5.6%) has even agreed with such use. Results indicate that for the vast majority of physicians, information system security is a new area in their daily work, one which is left to individual interest and initiative. They are not familiar with the ethical, technical and legal backgrounds which have been defined for that area within the Council of Europe and the European Union. New aspects: This is the first study performed in Central and Eastern Europe dealing with information system security, performed on a representative nationwide sample of all the physicians.

The secure authorization model for healthcare information system.

PubMed

Hsu, Wen-Shin; Pan, Jiann-I

2013-10-01

Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in their...

20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in their...

20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in their...

20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in their...

76 FR 9041 - Intent To Request Approval From OMB of One New Public Collection of Information: Security Program...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-16

... measure their effectiveness. Through its voluntary Corporate Security Review (CSR) Program, TSA's Highway... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Intent To Request Approval From OMB of One New Public Collection of Information: Security Program for Hazardous Materials Motor...

Methods of Organizational Information Security

NASA Astrophysics Data System (ADS)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... Prevention Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of... to establish a new system of records titled, ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention Program System of Records.'' This system will...

Going Beyond Compliance: A Strategic Framework for Promoting Information Security in Hospitals.

PubMed

Zandona, David J; Thompson, Jon M

In the past decade, public and private organizations have experienced a significant and alarming rise in the number of data breaches. Across all sectors, there seems to be no safe haven for the protection of information. In the health care industry, the trend is even worse. Information security is at an unbelievable low point, and it is unlikely that government oversight can fix this issue. Health care organizations have ramped up their approaches to addressing the problem; however, these initiatives are often incremental rather than transformational. Hospitals need an overall organization-wide strategy to prevent breaches from occurring and to minimize effects if they do occur. This article provides an analysis of the literature related to health information security and offers a suggested strategy for hospital administrators to follow in order to create a more secure environment for patient health information.

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

77 FR 3836 - Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0105] Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2011 Service Contract Inventories. SUMMARY: In accordance with...

78 FR 6168 - Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-29

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2013-0001] Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2012 Service Contract Inventories. SUMMARY: In accordance with...

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

77 FR 18716 - Transportation Security Administration Postal Zip Code Change; Technical Amendment

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-28

... organizational changes and it has no substantive effect on the public. DATES: Effective March 28, 2012. FOR... No. 1572-9] Transportation Security Administration Postal Zip Code Change; Technical Amendment AGENCY: Transportation Security Administration, DHS. ACTION: Final rule. SUMMARY: This rule is a technical change to...

Homeland Security and Information.

ERIC Educational Resources Information Center

Relyea, Harold C.

2002-01-01

Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-26

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records....m. to 12:00 noon. ADDRESSES: National Archives and Records Administration, 700 Pennsylvania Avenue...

Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

ERIC Educational Resources Information Center

Szuba, Tom

This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

ERIC Educational Resources Information Center

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or the...

20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or the...

Addressing Information Security Risk

ERIC Educational Resources Information Center

Qayoumi, Mohammad H.; Woody, Carol

2005-01-01

Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…

Security and confidentiality of health information systems: implications for physicians.

PubMed

Dorodny, V S

1998-01-01

Adopting and developing the new generation of information systems will be essential to remain competitive in a quality conscious health care environment. These systems enable physicians to document patient encounters and aggregate the information from the population they treat, while capturing detailed data on chronic medical conditions, medications, treatment plans, risk factors, severity of conditions, and health care resource utilization and management. Today, the knowledge-based information systems should offer instant, around-the-clock access for the provider, support simple order entry, facilitate data capture and retrieval, and provide eligibility verification, electronic authentication, prescription writing, security, and reporting that benchmarks outcomes management based upon clinical/financial decisions and treatment plans. It is an integral part of any information system to incorporate and integrate transactional (financial/administrative) information, as well as analytical (clinical/medical) data in a user-friendly, readily accessible, and secure form. This article explores the technical, financial, logistical, and behavioral obstacles on the way to the Promised Land.

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

76 FR 2142 - Employee Benefits Security Administration

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-12

...Notice is hereby given that the Employee Benefits Security Administration will hold a hearing to consider issues attendant to adopting a regulation defining when a person is considered to be a ``fiduciary'' by reason of giving investment advice to an employee benefit plan or to a plan's participants and beneficiaries.

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

Social Security Administration

MedlinePlus

... Plan Costs my Social Security Check out your Social Security Statement , change your address & manage your benefits online today. Social Security Number Your Social Security number remains your ...

20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Federal Register, and are available on-line at the Social Security Administration's Internet site, http... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its...

20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Federal Register, and are available on-line at the Social Security Administration's Internet site, http... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its...

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

Insider Threat and Information Security Management

NASA Astrophysics Data System (ADS)

Coles-Kemp, Lizzie; Theoharidou, Marianthi

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

32 CFR 1633.5 - Securing information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Securing information. 1633.5 Section 1633.5... CLASSIFICATION § 1633.5 Securing information. The classifying authority is authorized to request and receive information whenever such information will assist in determining the proper classification of a registrant. ...

75 FR 9919 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-04

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0040, abstracted below to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on November 16, 2009, 74 FR 58969. TSA has not received any comments. The collections of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. These five categories are: security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

76 FR 4362 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-25

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0040, abstracted below, to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of this collection of information on October 14, 2010, 75 FR 63192. TSA has not received any comments. The collections of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. These five categories are: Security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

Administrator Highlights U.S.-Georgian Nuclear Security Cooperation in Tbilisi

ScienceCinema

Thomas D'Agostino

2017-12-09

NNSA Administrator Thomas D'Agostino highlighted the strong U.S.-Georgian cooperation on nuclear security issues during a day-long visit to the Republic of Georgia in mid-June. He briefed the media at availability at the Tbilisi airport. In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." In order to meet that challenge, the President's FY2011 Budget Request includes close to $2.7 billion for the National Nuclear Security Administration's Defense Nuclear Nonproliferation program -- an increase of 25.7 percent over FY2010. Included in that request is NNSA's Second Line of Defense (SLD) program, which works around the world to strengthen the capability of foreign governments to deter, detect, and interdict illicit trafficking in nuclear and other radioactive materials across international borders and through the global maritime shipping system.

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

Relationship between stakeholders' information value perception and information security behaviour

NASA Astrophysics Data System (ADS)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Develop security architecture for both in-house healthcare information systems and electronic patient record

NASA Astrophysics Data System (ADS)

Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

2003-05-01

In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Energy Relations in Russia: Administration, Politics and Security

ERIC Educational Resources Information Center

Makarychev, Andrey

2005-01-01

This chapter analyses energy relations through a prism of three interlinked concepts: administration, politics and security. This triad describes the basic approaches to questions about technical, politicised and securitised energy. These three concepts are logically linked to one another and represent an elementary matrix; a prism through which…

77 FR 24506 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-24

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0040, abstracted below to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on February 24, 2012, 77 FR 11145. TSA has not received any comments. The collection of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers and all-cargo carriers operating under a TSA-approved security program. These five categories are: Security programs, security threat assessments (STAs), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Suits against the Social Security Administration and its employees in their official capacities. 423.1 Section 423.1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its...

20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Suits against the Social Security Administration and its employees in their official capacities. 423.1 Section 423.1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its...

20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Suits against the Social Security Administration and its employees in their official capacities. 423.1 Section 423.1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its...

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

PubMed

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

Teaching RFID Information Systems Security

ERIC Educational Resources Information Center

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Information risk and security modeling

NASA Astrophysics Data System (ADS)

Zivic, Predrag

2005-03-01

This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in their... capacities must be served in compliance with the requirements for service of process on individuals who are... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Process against Social Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Design of a RESTful web information system for drug prescription and administration.

PubMed

Bianchi, Lorenzo; Paganelli, Federica; Pettenati, Maria Chiara; Turchi, Stefano; Ciofi, Lucia; Iadanza, Ernesto; Giuli, Dino

2014-05-01

Drug prescription and administration processes strongly impact on the occurrence of risks in medical settings for they can be sources of adverse drug events (ADEs). A properly engineered use of information and communication technologies has proven to be a promising approach to reduce these risks. In this study, we propose PHARMA, a web information system which supports healthcare staff in the secure cooperative execution of drug prescription, transcription and registration tasks. PHARMA allows the easy sharing and management of documents containing drug-related information (i.e., drug prescriptions, medical reports, screening), which is often inconsistent and scattered across different information systems and heterogeneous organization domains (e.g., departments, other hospital facilities). PHARMA enables users to access such information in a consistent and secure way, through the adoption of REST and web-oriented design paradigms and protocols. We describe the implementation of the PHARMA prototype, and we discuss the results of the usability evaluation that we carried out with the staff of a hospital in Florence, Italy.

Administrator Highlights U.S.-Georgian Nuclear Security Cooperation in Tbilisi

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas D'Agostino

2010-07-16

NNSA Administrator Thomas D'Agostino highlighted the strong U.S.-Georgian cooperation on nuclear security issues during a day-long visit to the Republic of Georgia in mid-June. He briefed the media at availability at the Tbilisi airport. In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." In order to meet that challenge, themore » President's FY2011 Budget Request includes close to $2.7 billion for the National Nuclear Security Administration's Defense Nuclear Nonproliferation program -- an increase of 25.7 percent over FY2010. Included in that request is NNSA's Second Line of Defense (SLD) program, which works around the world to strengthen the capability of foreign governments to deter, detect, and interdict illicit trafficking in nuclear and other radioactive materials across international borders and through the global maritime shipping system.« less

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

76 FR 62630 - Information Security Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-11

... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central Intelligence Agency. ACTION: Final rule. SUMMARY: The Central Intelligence agency is removing certain information security regulations which have become outdated. The Executive Order upon which the regulations...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

Ethical Hacking in Information Security Curricula

ERIC Educational Resources Information Center

Trabelsi, Zouheir; McCoey, Margaret

2016-01-01

Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

ITIL{sup ®} and information security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-03-10

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

10 CFR 10.33 - Action by the Deputy Executive Director for Information Services and Administration and Chief...

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Action by the Deputy Executive Director for Information Services and Administration and Chief Information Officer. 10.33 Section 10.33 Energy NUCLEAR REGULATORY... SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.33 Action by the Deputy Executive Director...

10 CFR 10.33 - Action by the Deputy Executive Director for Information Services and Administration and Chief...

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 1 2012-01-01 2012-01-01 false Action by the Deputy Executive Director for Information Services and Administration and Chief Information Officer. 10.33 Section 10.33 Energy NUCLEAR REGULATORY... SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.33 Action by the Deputy Executive Director...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 1 2011-04-01 2011-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 1 2012-04-01 2012-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 1 2013-04-01 2012-04-01 true Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 1 2014-04-01 2012-04-01 true Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

When Information Improves Information Security

NASA Astrophysics Data System (ADS)

Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

Securing Information Technology in Healthcare

PubMed Central

Anthony, Denise; Campbell, Andrew T.; Candon, Thomas; Gettinger, Andrew; Kotz, David; Marsch, Lisa A.; Molina-Markham, Andrés; Page, Karen; Smith, Sean W.; Gunter, Carl A.; Johnson, M. Eric

2014-01-01

Dartmouth College’s Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops. PMID:25379030

Incentive Issues in Information Security Management

ERIC Educational Resources Information Center

Lee, Chul Ho

2012-01-01

This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

A Unified Approach to Information Security Compliance

ERIC Educational Resources Information Center

Adler, M. Peter

2006-01-01

The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the…

78 FR 42983 - Submission for Renewal: Information Collection; Questionnaire for National Security Positions...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-18

... and certified investigative data remains secured in the e-QIP system until the next time the... respondent will be allowed to update information and certify that data. In this instance, time to complete... Administration (FAA), and commenters from the public and OPM. Five advocacy groups, the Bazelon Center for Mental...

5 CFR 1312.31 - Security violations.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified Information § 1312.31 Security violations. (a) A security violation notice is issued by the United...

Report: Information Security Series: Security Practices Safe Drinking Water Information System

EPA Pesticide Factsheets

Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

Developing an Undergraduate Information Systems Security Track

ERIC Educational Resources Information Center

Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

2013-01-01

Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

Network Security: What Non-Technical Administrators Must Know

ERIC Educational Resources Information Center

Council, Chip

2005-01-01

Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

28 CFR 17.13 - National Security Division; interpretation of Executive Orders.

Code of Federal Regulations, 2010 CFR

2010-07-01

... for National Security, who shall refer such questions to the Office of Legal Counsel, as appropriate... 28 Judicial Administration 1 2010-07-01 2010-07-01 false National Security Division... NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED INFORMATION Administration § 17.13 National Security...

Hash Functions and Information Theoretic Security

NASA Astrophysics Data System (ADS)

Bagheri, Nasour; Knudsen, Lars R.; Naderi, Majid; Thomsen, Søren S.

Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant.

The Impact of Information Richness on Information Security Awareness Training Effectiveness

ERIC Educational Resources Information Center

Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

2009-01-01

In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

An Ontology Based Approach to Information Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The semantically structure of knowledge, based on ontology approaches have been increasingly adopted by several expertise from diverse domains. Recently ontologies have been moved from the philosophical and metaphysics disciplines to be used in the construction of models to describe a specific theory of a domain. The development and the use of ontologies promote the creation of a unique standard to represent concepts within a specific knowledge domain. In the scope of information security systems the use of an ontology to formalize and represent the concepts of security information challenge the mechanisms and techniques currently used. This paper intends to present a conceptual implementation model of an ontology defined in the security domain. The model presented contains the semantic concepts based on the information security standard ISO/IEC_JTC1, and their relationships to other concepts, defined in a subset of the information security domain.

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

5 CFR 1312.31 - Security violations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... States Secret Service when an office/division fails to properly secure classified information. Upon... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of...

Agents Based e-Commerce and Securing Exchanged Information

NASA Astrophysics Data System (ADS)

Al-Jaljouli, Raja; Abawajy, Jemal

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

Security Classification Reform: The Waiting Agenda.

ERIC Educational Resources Information Center

Relyea, Harold C.

1993-01-01

Provides an overview of security classification reform for consideration by the Clinton administration and the 103rd Congress. Historical background and current issues related to the security classification of information, personnel security clearances, and industrial safeguarding of classified information are discussed. A checklist of basic…

Data Mining Research for Information Security

DTIC Science & Technology

2016-01-29

AFRL-AFOSR-JP-TR-2016-0028 Data Mining Research for Information Security Kevin Barton Texas A&M University-San Antonio Final Report 01/29/2016...Final 3.  DATES COVERED (From - To)      20-05-2014 to 19-05-2015 4.  TITLE AND SUBTITLE Data Mining Research for Information Security 5a.  CONTRACT

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Information Security and the Internet.

ERIC Educational Resources Information Center

Doddrell, Gregory R.

1996-01-01

As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

76 FR 49503 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Airport Security

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-10

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0002, abstracted below that we will submit to OMB for renewal in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. These programs require airport operators to maintain and update records to ensure compliance with security provisions outlined in 49 CFR part 1542.

Quantum technology and cryptology for information security

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2007-04-01

Cryptology and information security are set to play a more prominent role in the near future. In this regard, quantum communication and cryptography offer new opportunities to tackle ICT security. Quantum Information Processing and Communication (QIPC) is a scientific field where new conceptual foundations and techniques are being developed. They promise to play an important role in the future of information Security. It is therefore essential to have a cross-fertilizing development between quantum technology and cryptology in order to address the security challenges of the emerging quantum era. In this article, we discuss the impact of quantum technology on the current as well as future crypto-techniques. We then analyse the assumptions on which quantum computers may operate. Then we present our vision for the distribution of security attributes using a novel form of trust based on Heisenberg's uncertainty; and, building highly secure quantum networks based on the clear transmission of single photons and/or bundles of photons able to withstand unauthorized reading as a result of secure protocols based on the observations of quantum mechanics. We argue how quantum cryptographic systems need to be developed that can take advantage of the laws of physics to provide long-term security based on solid assumptions. This requires a structured integration effort to deploy quantum technologies within the existing security infrastructure. Finally, we conclude that classical cryptographic techniques need to be redesigned and upgraded in view of the growing threat of cryptanalytic attacks posed by quantum information processing devices leading to the development of post-quantum cryptography.

Information Security – Guidance for Manually Completing the Information Security Awareness Training

EPA Pesticide Factsheets

The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

Three Essays on Information Security Policies

ERIC Educational Resources Information Center

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

5 CFR 1312.12 - Security Program Review Committee.

Code of Federal Regulations, 2011 CFR

2011-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.12 Security Program Review Committee. The... 5 Administrative Personnel 3 2011-01-01 2011-01-01 false Security Program Review Committee. 1312...

5 CFR 1312.12 - Security Program Review Committee.

Code of Federal Regulations, 2010 CFR

2010-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.12 Security Program Review Committee. The... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Security Program Review Committee. 1312...

Why information security belongs on the CFO's agenda.

PubMed

Quinnild, James; Fusile, Jeff; Smith, Cindy

2006-02-01

Healthcare financial executives need to understand the complex and growing role of information security in supporting the business of health care. The biggest security gaps in healthcare organizations occur in strategy and centralization, business executive preparation, and protected health information. CFOs should collaborate with the CIO in engaging a comprehensive framework to develop, implement, communicate, and maintain an enterprisewide information security strategy.

Research on information security in big data era

NASA Astrophysics Data System (ADS)

Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

2018-05-01

Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

Managing information technology security risk

NASA Technical Reports Server (NTRS)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

75 FR 47311 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-05

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0018, abstracted below to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on March 4, 2010, 75 FR 9920. Please note that the OMB control number (1652-0001) cited in the 60-day notice was not correct. The correct OMB number for this collection is 1652-0018. The information collection would require the retention of certain information necessary for TSA to help set the Aviation Security Infrastructure Fee (ASIF), including information about air carriers' and foreign air carriers' costs related to screening passengers and property in calendar year 2000.

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 42 Public Health 2 2012-10-01 2012-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 2 2014-10-01 2014-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 42 Public Health 2 2013-10-01 2013-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 42 Public Health 2 2011-10-01 2011-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

Effect of Organizational Factors on Information Security Implementations

ERIC Educational Resources Information Center

Perez, Rafael G.

2013-01-01

The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

Business Administration and Computer Science Degrees: Earnings, Job Security, and Job Satisfaction

ERIC Educational Resources Information Center

Mehta, Kamlesh; Uhlig, Ronald

2017-01-01

This paper examines the potential of business administration vs. computer science degrees in terms of earnings, job security, and job satisfaction. The paper focuses on earnings potential five years and ten years after the completion of business administration and computer science degrees. Moreover, the paper presents the income changes with…

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2015-08-01

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

75 FR 37253 - Classified National Security Information

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-28

..., Intelligence, National defense, National security information, Presidential documents, Security information... reveal the identity of a confidential human source or a human intelligence source or key design concepts... or a human intelligence source, the duration shall be up to 75 years and shall be designated with the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

Measuring Information Security: Guidelines to Build Metrics

NASA Astrophysics Data System (ADS)

von Faber, Eberhard

Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

Improving Information Security Risk Management

ERIC Educational Resources Information Center

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

An Information Security Control Assessment Methodology for Organizations

ERIC Educational Resources Information Center

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

Aviation security : TSA has completed key activities associated with implementing secure flight, but additional actions are needed to mitigate risks.

DOT National Transportation Integrated Search

2009-05-01

To enhance aviation security, the Department of Homeland Securitys (DHS) Transportation Security Administration (TSA) developed a programknown as Secure Flightto assume from air carriers the function of matching passenger information against...

A security mediator for health care information.

PubMed Central

Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

1996-01-01

The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

Information security requirements in patient-centred healthcare support systems.

PubMed

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

A model-driven approach to information security compliance

NASA Astrophysics Data System (ADS)

Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

2017-06-01

The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

Information security system quality assessment through the intelligent tools

NASA Astrophysics Data System (ADS)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

Security for decentralized health information systems.

PubMed

Bleumer, G

1994-02-01

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

Maritime security report number 1. August 1995

DOT National Transportation Integrated Search

1995-08-01

Maritime Security Reports are unclassified periodic publications prepared to inform the commercial maritime industry, senior Maritime Administration officials, the Secretary of Transportation's Office of Intelligence and Security, and the Security Su...

The electronic security partnership of safety/security and information systems departments.

PubMed

Yow, J Art

2012-01-01

The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

78 FR 39055 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring... address: [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports...

20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...

20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...

20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...

20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

78 FR 24461 - Agency Information Collection Activities; Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-25

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

76 FR 11835 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-03

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1333...

76 FR 817 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-06

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA), Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1333...

77 FR 40401 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-09

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

75 FR 69515 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-12

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring..., E-mail address: [email protected] . (SSA) Social Security Administration, DCBFM, Attn...

77 FR 35739 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-14

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...: 202-395-6974, Email address: [email protected] . (SSA), Social Security Administration...

77 FR 62593 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-15

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

77 FR 33546 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...: 202-395-6974, Email address: [email protected] ; (SSA), Social Security Administration...

75 FR 43609 - Agency Information Collection Activities: Emergency Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Emergency Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...) Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1340 Annex Building, 6401...

78 FR 56264 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring..., Email address: [email protected] . (SSA), Social Security Administration, DCRDP, Attn: Reports...

78 FR 26843 - Agency Information Collection Activities; Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-08

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

78 FR 59411 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-26

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

76 FR 52043 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-19

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring.... E-mail address: [email protected] . (SSA) Social Security Administration, DCBFM. Attn...

Federal Information Security and Data Breach Notification Laws

DTIC Science & Technology

2009-01-29

The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information...information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and...Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data

75 FR 29797 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-27

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring... . (SSA) Social Security Administration, DCBFM, Attn: Director, Center for Reports Clearance, 1333 Annex...

75 FR 39611 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...-6974, E-mail address: [email protected] . (SSA) Social Security Administration, DCBFM, Attn...

75 FR 4606 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...: 202-395-6974, E-mail address: [email protected] . (SSA), Social Security Administration...

Privacy in confidential administrative micro data: implementing statistical disclosure control in a secure computing environment.

PubMed

Hochfellner, Daniela; Müller, Dana; Schmucker, Alexandra

2014-12-01

The demand for comprehensive and innovative data is constantly growing in social science. In particular, micro data from various social security agencies become more and more attractive. In contrast to survey data, administrative data offer a census with highly reliable information but are restricted in their usage. To make them accessible for researchers, data or research output either have to be anonymized or released after disclosure review procedures have been used. This article discusses the trade-off between maintaining a high capability of research potential while protecting private information, by exploiting the data disclosure portfolio and the adopted disclosure strategies of the Research Data Center of the German Federal Employment Agency. © The Author(s) 2014.

76 FR 40768 - Occupational Information Development Advisory Panel Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-11

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0044] Occupational Information Development Advisory Panel Meeting AGENCY: Social Security Administration (SSA). ACTION: Notice of upcoming panel... addressed to the Occupational Information Development Advisory Panel, Social Security Administration, 6401...

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Information security management system planning for CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

Effective Management of Information Security and Privacy

ERIC Educational Resources Information Center

Anderson, Alicia

2006-01-01

No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

Information Seeking Behaviour of AIOU Administrators

ERIC Educational Resources Information Center

Mahmood, Malik Tariq

2005-01-01

The main purpose of this research study is to investigate the information-seeking behavior of Allama Iqbal Open University (AIOU) administrators in Pakistan. Information is obtained by using a wide variety of informal and formal sources, human sources, Internet as well as print media. The present study found that AIOU administrators are more…

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

Computer security: a necessary element of integrated information systems.

PubMed Central

Butzen, F; Furler, F

1986-01-01

The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data. PMID:3742113

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.

PubMed

Rajivan, Prashanth; Cooke, Nancy J

2018-03-01

Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

Coordinating UAV information for executing national security-oriented collaboration

NASA Astrophysics Data System (ADS)

Isenor, Anthony W.; Allard, Yannick; Lapinski, Anna-Liesa S.; Demers, Hugues; Radulescu, Dan

2014-10-01

Unmanned Aerial Vehicles (UAVs) are being used by numerous nations for defence-related missions. In some cases, the UAV is considered a cost-effective means to acquire data such as imagery over a location or object. Considering Canada's geographic expanse, UAVs are also being suggested as a potential platform for use in surveillance of remote areas, such as northern Canada. However, such activities are typically associated with security as opposed to defence. The use of a defence platform for security activities introduces the issue of information exchange between the defence and security communities and their software applications. This paper explores the flow of information from the system used by the UAVs employed by the Royal Canadian Navy. Multiple computers are setup, each with the information system used by the UAVs, including appropriate communication between the systems. Simulated data that may be expected from a typical maritime UAV mission is then fed into the information system. The information structures common to the Canadian security community are then used to store and transfer the simulated data. The resulting data flow from the defence-oriented UAV system to the security-oriented information structure is then displayed using an open source geospatial application. Use of the information structures and applications relevant to the security community avoids the distribution restrictions often associated with defence-specific applications.

45 CFR 303.30 - Securing medical support information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 2 2014-10-01 2012-10-01 true Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT... HUMAN SERVICES STANDARDS FOR PROGRAM OPERATIONS § 303.30 Securing medical support information. (a) If...

Approach to spatial information security based on digital certificate

NASA Astrophysics Data System (ADS)

Cong, Shengri; Zhang, Kai; Chen, Baowen

2005-11-01

With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

Making Technology Work for Campus Security

ERIC Educational Resources Information Center

Floreno, Jeff; Keil, Brad

2010-01-01

The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

78 FR 5438 - Proposed Agency Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-25

... DEPARTMENT OF ENERGY National Nuclear Security Administration Proposed Agency Information Collection AGENCY: National Nuclear Security Administration, U.S. Department of Energy. ACTION: Notice and... techniques or other forms of information technology. DATES: Comments regarding this proposed information...

A Framework for the Governance of Information Security

ERIC Educational Resources Information Center

Edwards, Charles K.

2013-01-01

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

Integrating Programming Language and Operating System Information Security Mechanisms

DTIC Science & Technology

2016-08-31

suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-19

... nation's transportation systems to ensure freedom of movement for people and commerce. To achieve this.... Another routine use permits the release of information to the media when there exists a legitimate public... limited to, Social security number; pilot certificate information, including number and country of...

Information Security due to Electromagnetic Environments

NASA Astrophysics Data System (ADS)

Sekiguchi, Hidenori; Seto, Shinji

Generally, active electronic devices emit slightly unintentional electromagnetic noise. From long ago, electromagnetic emission levels have been regulated from the aspect of electromagnetic compatibility (EMC). Also, it has been known the electromagnetic emissions have been generated from the ON/OFF of signals in the device. Recently, it becomes a topic of conversation on the information security that the ON/OFF on a desired signal in the device can be reproduced or guessed by receiving the electromagnetic emission. For an example, a display image on a personal computer (PC) can be reconstructed by receiving and analyzing the electromagnetic emission. In sum, this fact makes known information leakage due to electromagnetic emission. “TEMPEST" that has been known as a code name originated in the U. S. Department of Defense is to prevent the information leakage caused by electromagnetic emissions. This paper reports the brief summary of the information security due to electromagnetic emissions from information technology equipments.

75 FR 65511 - Employee Benefits Security Administration; Submission for OMB Review

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995... estimated total burden may be obtained from the RegInfo.gov Web site at http://www.reginfo.gov/public/do...--Employee Benefits Security Administration (EBSA), Office of Management and Budget, Room 10235, Washington...

76 FR 2189 - Occupational Information Development Advisory Panel

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-12

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0006] Occupational Information Development Advisory Panel AGENCY: Social Security Administration (SSA). ACTION: Notice of the Charter Renewal for the..., the Commissioner of Social Security renewed the Charter for the Occupational Information Development...

Security in the management of information systems.

PubMed

Huston, T L; Huston, J L

1998-06-01

Although security technology exists in abundance in health information management systems, the implementation of that technology is often lacking. This lack of implementation can be heavily affected by the attitudes and perceptions of users and management, the "people part" of systems. Particular operational, organizational, and economic factors must be addressed along with employment of security objectives and accountability. Unique threats, as well as controls, pervade the use of microcomputer-based systems as these systems permeate health care information management.

Contextualizing Secure Information System Design: A Socio-Technical Approach

ERIC Educational Resources Information Center

Charif, Abdul Rahim

2017-01-01

Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to "technological fixes" neither is the design of SIS. Technical security cannot ensure IS security.…

State-of-the-art research on electromagnetic information security

NASA Astrophysics Data System (ADS)

Hayashi, Yu-ichi

2016-07-01

As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

77 FR 41874 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-16

... as providing bank account information, maintaining entity information, and updating individual... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

76 FR 41320 - Agency Information Collection Activities; Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-13

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: [email protected] . (SSA), Social Security Administration, DCBFM, Attn: Reports Clearance...

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

36 CFR 1256.46 - National security-classified information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National Security...

77 FR 27264 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-09

... behalf, such as providing bank account information, maintaining entity information, and updating... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Contingency Measures § 1542.303 Security Directives and Information Circulars. (a) TSA may issue an... Security Directive by submitting data, views, or arguments in writing to TSA. TSA may amend the Security...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

The enhancement of security in healthcare information systems.

PubMed

Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

2012-06-01

With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

Institutionalization of Information Security: Case of the Indonesian Banking Sector

ERIC Educational Resources Information Center

Nasution, Muhamad Faisal Fariduddin Attar

2012-01-01

This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

78 FR 39054 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202- 395-6974, Email address: [email protected] . (SSA) Social Security Administration...

77 FR 71204 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-29

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, Email address: [email protected] . (SSA), Social Security Administration...

78 FR 56265 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, Email address: [email protected] . (SSA), Social Security Administration...

76 FR 71105 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-16

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: (202) 395-6974, Email address: [email protected] . (SSA), Social Security Administration...

77 FR 58903 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-24

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection... . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer Building...

76 FR 72994 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Officer, 107...

78 FR 22935 - Agency Information Collection Activities; Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-17

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection... . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer Building...

77 FR 37728 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-22

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer Building, 6401...

NOAA - National Oceanic and Atmospheric Administration - Information

Science.gov Websites

Council Committees Services & Programs Freedom of Information Act (FOIA) Commerce Geospatial Resources Homeland Security and Employee Check-In Information Quality NOAA Libraries NOAALink Paperwork Reduction & Information Collection Privacy Radio Frequency Management Contact Us Staff Directory IT Workforce

76 FR 23640 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-27

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, E-mail address: [email protected] . (SSA), Social Security Administration...

78 FR 33142 - Agency Information Collection Activities; Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-03

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, Email address: [email protected] . (SSA) Social Security Administration, DCRDP...

78 FR 79723 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-31

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, Email address: [email protected] . (SSA) Social Security Administration, OLCA...

78 FR 72744 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-03

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, Email address: [email protected] . (SSA) Social Security Administration, OLCA...

75 FR 35512 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, E-mail address: [email protected] . (SSA), Social Security Administration...

78 FR 70391 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-25

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, Email address: [email protected] . (SSA), Social Security Administration, OLCA...

75 FR 59318 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-27

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202- 395-6974, E-mail address: [email protected] . (SSA) Social Security Administration...

76 FR 18290 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-01

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, E-mail address: [email protected] ; (SSA), Social Security Administration...

76 FR 19175 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, E-mail address: [email protected] . (SSA), Social Security Administration...

76 FR 48200 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-08

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974, E-mail address: [email protected] . (SSA), Social Security Administration...

76 FR 17977 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-31

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202- 395-6974, E-mail address: [email protected] . (SSA) Social Security Administration...

76 FR 5233 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...: 202-395-6974. E-mail address: [email protected] . (SSA) Social Security Administration...

20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

Code of Federal Regulations, 2010 CFR

2010-04-01

... SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or the Commissioner. Subpoenas and other process (other than summonses and complaints) that are required to be served... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Other process directed to the Social Security...

78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... facility's involvement with classified information and may include a Facility Security Officer Orientation... procedures and duties applicable to the employee's job. (g) Refresher Briefings. The licensee or other.... (j) Records reflecting an individual's initial and refresher security orientations and security...

78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... facility's involvement with classified information and may include a Facility Security Officer Orientation... procedures and duties applicable to the employee's job. (g) Refresher Briefings. The licensee or other.... (j) Records reflecting an individual's initial and refresher security orientations and security...

78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-13-0030] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, July 12, 2013. ISOO will...

78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-2014-001] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 8, 2013. ISOO...

Individual social security accounts: issues in assessing administrative feasibility and costs.

PubMed

Olsen, K A; Salisbury, D L

1998-11-01

Whether to add individual accounts (IAs) to the Social Security system is a highly political issue. But almost lost in the debate so far have been any practical considerations about how to administer such accounts. Any discussion of whether to create individual accounts must also address the basic but critical questions of how they would work: Who would run them? What would they cost? Logistically, are they even possible? This EBRI Issue Brief provides an overview of the most salient administrative issues facing the current Social Security reform debate--issues that challenge proponents to carefully think through how their proposals could be implemented so as to achieve their policy goals. The options and difficulties in administering IAs raise concerns that cut across ideology. The object of this report is neither to dissuade the advocates nor support the critics of individual accounts. Rather, it is to bring practical considerations to a political debate that has largely ignored the pragmatic challenges of whether IAs would be too complex for participants to understand or too difficult for record keepers to administer. The major findings in this analysis include: Adding individual accounts to Social Security could be the largest undertaking in the history of the U.S. financial market, and no system to date has the capacity to administer such a system. The number of workers currently covered by Social Security--the largest single entitlement program in the nation--is at least four times higher than the combined number of all tax-favored employment-based retirement accounts in the United States, which are administered by hundreds of entities. Direct comparisons between employment-based retirement savings plans and Social Security reform are tenuous at best. Social Security covers workers and businesses that are disproportionately excluded from employment-based plans. Because of these differences, a system of individual Social Security accounts would be more

75 FR 45154 - National Security Division; Agency Information Collection Activities:

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0003] National Security Division; Agency Information Collection Activities: Proposed Collection; Comments Requested ACTION: 60-Day Notice of Information...), National Security Division (NSD), will be submitting the following information collection request to the...

Information Security Management - Part Of The Integrated Management System

NASA Astrophysics Data System (ADS)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Securing information display by use of visual cryptography.

PubMed

Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo

2003-09-01

We propose a secure display technique based on visual cryptography. The proposed technique ensures the security of visual information. The display employs a decoding mask based on visual cryptography. Without the decoding mask, the displayed information cannot be viewed. The viewing zone is limited by the decoding mask so that only one person can view the information. We have developed a set of encryption codes to maintain the designed viewing zone and have demonstrated a display that provides a limited viewing zone.

Assessing and comparing information security in swiss hospitals.

PubMed

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

76 FR 68243 - Social Security Rulings, SSR 91-1c and SSR 66-18c; Rescission of Social Security Rulings (SSR) 66...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-03

..., Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY INFORMATION: SSRs make available... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0068] Social Security Rulings, SSR 91-1c and SSR 66-18c; Rescission of Social Security Rulings (SSR) 66-18c and SSR 91-1c AGENCY: Social Security...

76 FR 34886 - General Services Administration Acquisition Regulation; Implementation of Information Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-15

... Acquisition Regulation; Implementation of Information Technology Security Provision AGENCY: Office of... information technology (IT) supplies, services and systems with security requirements. DATES: Effective Date... effective date that include information technology (IT) supplies, services and systems with security...

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

Content Sharing Based on Personal Information in Virtually Secured Space

NASA Astrophysics Data System (ADS)

Sohn, Hosik; Ro, Yong Man; Plataniotis, Kostantinos N.

User generated contents (UGC) are shared in an open space like social media where users can upload and consume contents freely. Since the access of contents is not restricted, the contents could be delivered to unwanted users or misused sometimes. In this paper, we propose a method for sharing UGCs securely based on the personal information of users. With the proposed method, virtual secure space is created for contents delivery. The virtual secure space allows UGC creator to deliver contents to users who have similar personal information and they can consume the contents without any leakage of personal information. In order to verify the usefulness of the proposed method, the experiment was performed where the content was encrypted with personal information of creator, and users with similar personal information have decrypted and consumed the contents. The results showed that UGCs were securely shared among users who have similar personal information.

Information Security - Data Loss Prevention Procedure

EPA Pesticide Factsheets

The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

Securing Information with Complex Optical Encryption Networks

DTIC Science & Technology

2015-08-11

Network Security, Network Vulnerability , Multi-dimentional Processing, optoelectronic devices 16. SECURITY CLASSIFICATION OF: 17. LIMITATION... optoelectronic devices and systems should be analyzed before the retrieval, any hostile hacker will need to possess multi-disciplinary scientific...sophisticated optoelectronic principles and systems where he/she needs to process the information. However, in the military applications, most military

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 14 2013-01-01 2013-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 14 2014-01-01 2014-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 14 2011-01-01 2011-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 14 2012-01-01 2012-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

14 CFR 1203.408 - Assistance by installation security classification officers.

Code of Federal Regulations, 2011 CFR

2011-01-01

... ADMINISTRATION INFORMATION SECURITY PROGRAM Guides for Original Classification § 1203.408 Assistance by installation security classification officers. Installation Security Classification Officers, as the... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Assistance by installation security...

14 CFR 1203.408 - Assistance by installation security classification officers.

Code of Federal Regulations, 2010 CFR

2010-01-01

... ADMINISTRATION INFORMATION SECURITY PROGRAM Guides for Original Classification § 1203.408 Assistance by installation security classification officers. Installation Security Classification Officers, as the... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Assistance by installation security...

Enhancing security and improving interoperability in healthcare information systems.

PubMed

Gritzalis, D A

1998-01-01

Security is a key issue in healthcare information systems, since most aspects of security become of considerable or even critical importance when handling healthcare information. In addition, the intense need for information exchange has revealed interoperability of systems and applications as another key issue. Standardization can play an important role towards both these issues. In this paper, relevant standardization activities are briefly presented, and existing and emerging healthcare information security standards are identified and critically analysed. The analysis is based on a framework which has been developed for this reason. Therefore, the identification of gaps and inconsistencies in current standardization, the description of the conflicts of standards with legislation, and the analysis of implications of these standards to user organizations, are the main results of this paper.

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage Credits for Veterans and Members of the Uniformed Services Effect of Other Benefits on Payment of Social...

20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage Credits for Veterans and Members of the Uniformed Services Effect of Other Benefits on Payment of Social...

20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage Credits for Veterans and Members of the Uniformed Services Effect of Other Benefits on Payment of Social...

20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage Credits for Veterans and Members of the Uniformed Services Effect of Other Benefits on Payment of Social...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 14 2010-01-01 2009-01-01 true Account and security information in UCC cases. 1962.14... Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after receipt of a written... the information, it may be liable for any loss caused the borrower and, in some States, other parties...

42 CFR 600.350 - Privacy and security of information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information. 600.350 Section 600.350 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State must...

Information Security in Higher Education. Professional Paper Series, #5.

ERIC Educational Resources Information Center

Elliott, Raymond; And Others

Intended to generate discussion and motivate proactive intervention in matters of information security, this paper defines and discusses some of the key issues relating to information security on college and university campuses based on in-depth interviews conducted at eight selected higher education institutions of varying size and composition in…

Information security governance: a risk assessment approach to health information systems protection.

PubMed

Williams, Patricia A H

2013-01-01

It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

Enhanced optical security by using information carrier digital screening

NASA Astrophysics Data System (ADS)

Koltai, Ferenc; Adam, Bence

2004-06-01

Jura has developed different security features based on Information Carrier Digital Screening. Substance of such features is that a non-visible secondary image is encoded in a visible primary image. The encoded image will be visible only by using a decoding device. One of such developments is JURA's Invisible Personal Information (IPI) is widely used in high security documents, where personal data of the document holder are encoded in the screen of the document holder's photography and they can be decoded by using an optical decoding device. In order to make document verification fully automated, enhance security and eliminate human factors, digital version of IPI, the D-IPI was developed. A special 2D-barcode structure was designed, which contains sufficient quantity of encoded digital information and can be embedded into the photo. Other part of Digital-IPI is the reading software, that is able to retrieve the encoded information with high reliability. The reading software developed with a specific 2D structure is providing the possibility of a forensic analysis. Such analysis will discover all kind of manipulations -- globally, if the photography was simply changed and selectively, if only part of the photography was manipulated. Digital IPI is a good example how benefits of digital technology can be exploited by using optical security and how technology for optical security can be converted into digital technology. The D-IPI process is compatible with all current personalization printers and materials (polycarbonate, PVC, security papers, Teslin-foils, etc.) and can provide any document with enhanced security and tamper-resistance.

20 CFR 418.1005 - Purpose and administration.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 418.1005 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE SUBSIDIES Medicare Part B Income... also change income-related monthly adjustment amount determinations using information provided by a beneficiary under certain circumstances. In addition, we notify beneficiaries when the social security benefit...

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

32 CFR 2700.44 - Administrative sanctions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Administrative sanctions. 2700.44 Section 2700.44 National Defense Other Regulations Relating to National Defense OFFICE FOR MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Safeguarding § 2700.44 Administrative sanctions. Officers and...

76 FR 23844 - Proposed Collection of Information; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-28

... DEPARTMENT OF LABOR Employee Benefits Security Administration Proposed Collection of Information; Comment Request AGENCY: Employee Benefits Security Administration, Department of Labor. ACTION: Notice... requested data in the desired format. The Employee Benefits Security Administration (EBSA) is soliciting...

77 FR 42752 - New Agency Information Collection Activity Under OMB Review: Generic Clearance for the Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-20

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information... Service Delivery AGENCY: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA) has forwarded the new Information...

77 FR 31298 - Information Collection; Special Use Administration

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-25

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Special Use Administration AGENCY... Administration. DATES: Comments must be received in writing on or before July 24, 2012 to be assured of.... SUPPLEMENTARY INFORMATION: Title: Special Use Administration. OMB Number: 0596-0082. Expiration Date of Approval...

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Assessing and Comparing Information Security in Swiss Hospitals

PubMed Central

Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-01-01

Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

A Methodology to Achieve Secure Administration of English Comprehension Level Tests--Phase 1. Final Report.

ERIC Educational Resources Information Center

Berger, Louis S.; And Others

This report analyzes a two-step program designed to achieve security in the administration of the English Comprehension Level (ECL) test given by the Defense Language Institute. Since the ECL test score is the basis for major administrative and academic decisions, there is great motivation for performing well, and student test compromise is…

AVIATION SECURITY: Transportation Security Administration Faces Immediate and Long-Term Challenges

DTIC Science & Technology

2002-07-25

circumvent airport security , and provide whistleblower protection for air carrier and airport security workers. (See app. III for a summary of pending...GAO-01-1171T. Washington, D.C.: September 25, 2001. Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening...125. Washington, D.C.: March 16, 2000. Aviation Security: FAA’s Actions to Study Responsibilities and Funding for Airport Security and to Certify

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Effective Strategies for School Security.

ERIC Educational Resources Information Center

Blauvelt, Peter D.

This handbook offers administrators specific advice on developing the skills, knowledge, and techniques needed for coping with problems of school crime and violence. The guide begins by advising administrators that having security information available at all times helps determine the climate of the school. Instructions are given for preparing…

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

12 CFR 792.63 - Collection of information from individuals; information forms.

Code of Federal Regulations, 2011 CFR

2011-01-01

...; information forms. 792.63 Section 792.63 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED...

12 CFR 792.63 - Collection of information from individuals; information forms.

Code of Federal Regulations, 2012 CFR

2012-01-01

...; information forms. 792.63 Section 792.63 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED...