Science.gov

Sample records for administration information security

  1. National Aeronautics and Space Administration's (NASA) Automated Information Security Handbook

    NASA Technical Reports Server (NTRS)

    Roback, E.

    1991-01-01

    The NASA Automated Information Security Handbook provides NASA's overall approach to automated information systems security including discussions of such aspects as: program goals and objectives, assignment of responsibilities, risk assessment, foreign national access, contingency planning and disaster recovery, awareness training, procurement, certification, planning, and special considerations for microcomputers.

  2. Security of Data, Stored in Information Systems of Bulgarian Municipal Administrations

    NASA Astrophysics Data System (ADS)

    Kapralyakov, Petko

    2011-12-01

    Massive influx of information technology in municipal administrations increases their efficiency in delivering public services but increased the risk of theft of confidential information electronically. The report proposed an approach for improving information security for small municipal governments in Bulgaria through enhanced intrusion detection and prevention system.

  3. Transportation Security Administration

    MedlinePlus

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index What Can I Bring? Search form Apples Main menu Administrator Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  4. Information Security Management (ISM)

    NASA Astrophysics Data System (ADS)

    Šalgovičová, Jarmila; Prajová, Vanessa

    2012-12-01

    Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

  5. Homeland Security and Information.

    ERIC Educational Resources Information Center

    Relyea, Harold C.

    2002-01-01

    Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

  6. Addressing Information Security Risk

    ERIC Educational Resources Information Center

    Qayoumi, Mohammad H.; Woody, Carol

    2005-01-01

    Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…

  7. 29 CFR 70.54 - Employee Benefits Security Administration.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Benefits Security Administration, Public Documents Room, 200 Constitution Avenue, NW., Washington, DC 20210. ... 29 Labor 1 2010-07-01 2010-07-01 true Employee Benefits Security Administration. 70.54 Section 70.54 Labor Office of the Secretary of Labor PRODUCTION OR DISCLOSURE OF INFORMATION OR MATERIALS...

  8. 29 CFR 70.54 - Employee Benefits Security Administration.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Benefits Security Administration, Public Documents Room, 200 Constitution Avenue, NW., Washington, DC 20210. ... 29 Labor 1 2011-07-01 2011-07-01 false Employee Benefits Security Administration. 70.54 Section 70.54 Labor Office of the Secretary of Labor PRODUCTION OR DISCLOSURE OF INFORMATION OR MATERIALS...

  9. Secure Information Sharing

    2005-09-09

    We are develoing a peer-to-peer system to support secure, location independent information sharing in the scientific community. Once complete, this system will allow seamless and secure sharing of information between multiple collaborators. The owners of information will be able to control how the information is stored, managed. ano shared. In addition, users will have faster access to information updates within a collaboration. Groups collaborating on scientific experiments have a need to share information and data.more » This information and data is often represented in the form of files and database entries. In a typical scientific collaboration, there are many different locations where data would naturally be stored. This makes It difficult for collaborators to find and access the information they need. Our goal is to create a lightweight file-sharing system that makes it’easy for collaborators to find and use the data they need. This system must be easy-to-use, easy-to-administer, and secure. Our information-sharing tool uses group communication, in particular the InterGroup protocols, to reliably deliver each query to all of the current participants in a scalable manner, without having to discover all of their identities. We will use the Secure Group Layer (SGL) and Akenti to provide security to the participants of our environment, SGL will provide confldentiality, integrity, authenticity, and authorization enforcement for the InterGroup protocols and Akenti will provide access control to other resources.« less

  10. Security classification of information

    SciTech Connect

    Quist, A.S.

    1989-09-01

    Certain governmental information must be classified for national security reasons. However, the national security benefits from classifying information are usually accompanied by significant costs -- those due to a citizenry not fully informed on governmental activities, the extra costs of operating classified programs and procuring classified materials (e.g., weapons), the losses to our nation when advances made in classified programs cannot be utilized in unclassified programs. The goal of a classification system should be to clearly identify that information which must be protected for national security reasons and to ensure that information not needing such protection is not classified. This document was prepared to help attain that goal. This document is the first of a planned four-volume work that comprehensively discusses the security classification of information. Volume 1 broadly describes the need for classification, the basis for classification, and the history of classification in the United States from colonial times until World War 2. Classification of information since World War 2, under Executive Orders and the Atomic Energy Acts of 1946 and 1954, is discussed in more detail, with particular emphasis on the classification of atomic energy information. Adverse impacts of classification are also described. Subsequent volumes will discuss classification principles, classification management, and the control of certain unclassified scientific and technical information. 340 refs., 6 tabs.

  11. 78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-03

    ... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the Transportation Security...

  12. When Information Improves Information Security

    NASA Astrophysics Data System (ADS)

    Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

    This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

  13. Transportation Security Administration Authorization Act

    THOMAS, 111th Congress

    Rep. King, Peter T. [R-NY-3

    2010-06-24

    07/26/2010 Referred to the Subcommittee on Immigration, Citizenship, Refugees, Border Security, and International Law. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  14. Security classification of information

    SciTech Connect

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  15. 76 FR 4079 - Information Technology (IT) Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-24

    ... rule in the Federal Register (73 FR 73201-73202) on December 2, 2008. The sixty day comment period... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... NASA FAR Supplement (NFS) to update requirements related to Information Technology Security,...

  16. 78 FR 5116 - NASA Information Security Protection

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-24

    ... Executive Order of 13132 E.O. 13132, ``Federalism,'' 64 FR 43255 (August 4, 1999) requires regulations be... SPACE ADMINISTRATION 14 CFR Part 1203 RIN 2700-AD61 NASA Information Security Protection AGENCY..., Classified National Security Information, and appropriately to correspond with NASA's internal...

  17. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  18. 14 CFR § 1203.201 - Information security objectives.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Information security objectives. § 1203.201 Section § 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives....

  19. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  20. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  1. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  2. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  3. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  4. 75 FR 77934 - Small Business Information Security Task Force

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-14

    ... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, November 10, 2010... meeting minutes for the second meeting of the Small Business Information Security Task Force....

  5. 75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-15

    ... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY: Transportation Security... period soliciting comments, of the following collection of information on July 30, 2010 75 FR 44974....

  6. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  7. 76 FR 5232 - Small Business Information Security Task Force

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-28

    ... PCI SSC conduct a webinar for the Task Force in the Spring of 2011 on credit card security issues for... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, December 8,...

  8. 76 FR 34761 - Classified National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... Classified National Security Information AGENCY: Marine Mammal Commission. ACTION: Notice. SUMMARY: This... information, as directed by Information Security Oversight Office regulations. FOR FURTHER INFORMATION CONTACT..., ``Classified National Security Information,'' and 32 CFR part 2001, ``Classified National Security...

  9. Securing Information Technology in Healthcare

    PubMed Central

    Anthony, Denise; Campbell, Andrew T.; Candon, Thomas; Gettinger, Andrew; Kotz, David; Marsch, Lisa A.; Molina-Markham, Andrés; Page, Karen; Smith, Sean W.; Gunter, Carl A.; Johnson, M. Eric

    2014-01-01

    Dartmouth College’s Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops. PMID:25379030

  10. Health Information Security in Hospitals: the Application of Security Safeguards

    PubMed Central

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-01-01

    Introduction: A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. Methods: This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach’s coefficient alpha (α=0.75). Results: The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. Conclusion: According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended. PMID:27046944

  11. 75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security Administration--023 Workplace Violence Prevention Program System of Records AGENCY: Privacy Office..., ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention... and maintain records on their Workplace Violence Prevention Program. Additionally, the Department...

  12. Information risk and security modeling

    NASA Astrophysics Data System (ADS)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  13. Managing information technology security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  14. Information Security and the Internet.

    ERIC Educational Resources Information Center

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and identifies…

  15. Methods of Organizational Information Security

    NASA Astrophysics Data System (ADS)

    Martins, José; Dos Santos, Henrique

    The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

  16. Improving Information Security Risk Management

    ERIC Educational Resources Information Center

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  17. Information Security and Integrity Systems

    NASA Technical Reports Server (NTRS)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  18. 75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-08

    ... RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy... Policy Advisory Committee. The meeting will be held to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on March 24, 2010 from 10 a.m. to 12 p.m....

  19. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 6 2013-07-01 2013-07-01 false Telecommunications automated information systems... Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems...

  20. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 6 2012-07-01 2012-07-01 false Telecommunications automated information systems... Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems...

  1. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 6 2014-07-01 2014-07-01 false Telecommunications automated information systems... Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems...

  2. NASA Automatic Information Security Handbook

    NASA Technical Reports Server (NTRS)

    1993-01-01

    This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

  3. 78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    .... Electronic access is limited by computer security measures that are strictly enforced. TSA file areas are... SECURITY Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--DHS/TSA-001 Transportation Security Enforcement Record System System of Records AGENCY: Privacy...

  4. Management Information for College Administrators.

    ERIC Educational Resources Information Center

    Bolin, John G., Ed.

    This booklet was prepared to assist college administrators in understanding the nature and purpose of management information and how such information can be organized into a functional system. In the first section the author discusses the increasing need for management information in higher education. More than ever before it is necessary for…

  5. Two RFID-based solutions for secure inpatient medication administration.

    PubMed

    Yen, Yi-Chung; Lo, Nai-Wei; Wu, Tzong-Chen

    2012-10-01

    Medication error can easily cause serious health damage to inpatients in hospital. Consequently, the whole society has to spend huge amount of extra resources for additional therapies and medication on those affected inpatients. In order to prevent medication errors, secure inpatient medication administration system is required in a hospital. Using RFID technology, such administration system provides automated medication verification for inpatient's medicine doses and generates corresponding medication evidence, which may be audited later for medical dispute. Recently, Peris-Lopez et al. (Int. J. Med. Inform., 2011) proposed an IS-RFID system to enhance inpatient medication safety. Nevertheless, IS-RFID system does not detect the denial of proof attack efficiently and the generated medication evidence cannot defend against counterfeit evidence generated from the hospital. That is, the hospital possesses enough privilege from the design of IS-RFID system to modify generated medication evidence whenever it is necessary. Hence, we design two lightweight RFID-based solutions for secure inpatient medication administration, one for online verification environment and the other for offline validation situation, to achieve system security on evidence generation and provide early detection on denial of proof attack.

  6. The economics of information security.

    PubMed

    Anderson, Ross; Moore, Tyler

    2006-10-27

    The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, we find that incentives are becoming as important as technical design in achieving dependability. The new field provides valuable insights not just into "security" topics (such as bugs, spam, phishing, and law enforcement strategy) but into more general areas such as the design of peer-to-peer systems, the optimal balance of effort by programmers and testers, why privacy gets eroded, and the politics of digital rights management.

  7. Security administration plan for HANDI 2000 business management system

    SciTech Connect

    Wilson, D.

    1998-09-29

    This document encompasses and standardizes the integrated approach for security within the PP and Ps applications, It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document`s acceptance and will provide guidance through implementation efforts and, as a ``living document`` will support the operations and maintenance of the system.

  8. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 1 2013-04-01 2012-04-01 true Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the...

  9. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 1 2012-04-01 2012-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the...

  10. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 1 2014-04-01 2012-04-01 true Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the...

  11. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the...

  12. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 1 2011-04-01 2011-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board transfers jurisdiction (railroad service and compensation credits earned by the employee which the...

  13. 76 FR 40296 - Declassification of National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-08

    ... Order, Classified National Security Information, 75 FR 733, 3 CFR, 2009 Comp., p. 412; 32 CFR part 2001... without proper authority? Authority: 44 U.S.C. 2101 to 2118; 5 U.S.C. 552; E.O. 13526, 75 FR 707, 3 CFR... RECORDS ADMINISTRATION 36 CFR Part 1260 RIN 3095-AB64 Declassification of National Security...

  14. An agile enterprise regulation architecture for health information security management.

    PubMed

    Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-09-01

    Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

  15. An Agile Enterprise Regulation Architecture for Health Information Security Management

    PubMed Central

    Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-01-01

    Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

  16. Information Sharing for IT Security Professionals

    ERIC Educational Resources Information Center

    Petersen, Rodney J.

    2008-01-01

    Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

  17. 76 FR 62630 - Information Security Regulations

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-11

    ... 32 CFR Part 1902 Information Security Regulations AGENCY: Central Intelligence Agency. ACTION: Final rule. SUMMARY: The Central Intelligence agency is removing certain information security regulations... Information security regulations. PART 1902 Sec. 1902.13 0 Accordingly, under the authority of Executive...

  18. 75 FR 28777 - Information Collection; Financial Information Security Request Form

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-24

    ...; ] DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security Request Form... Information Security Request Form. DATES: Comments must be received in writing on or before July 23, 2010 to... INFORMATION: Title: Financial Information Security Request Form. OMB Number: 0596-0204. Expiration Date...

  19. Incentive Issues in Information Security Management

    ERIC Educational Resources Information Center

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

  20. [Information security in health care].

    PubMed

    Ködmön, József; Csajbók, Zoltán Ernő

    2015-07-01

    Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

  1. A Unified Approach to Information Security Compliance

    ERIC Educational Resources Information Center

    Adler, M. Peter

    2006-01-01

    The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the…

  2. 76 FR 70468 - Extension of Agency Information Collection Activity Under OMB Review: Airport Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-14

    ... OMB Review: Airport Security AGENCY: Transportation Security Administration, DHS. ACTION: 30-day... other forms of information technology. Information Collection Requirement Title: Airport Security, 49... is seeking to renew its OMB control number 1542-0002, Airport Security, 49 CFR part 1542....

  3. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration...

  4. 77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-26

    ... RECORDS ADMINISTRATION Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records Administration, Information... committee meeting of the State, Local, Tribal, and Private Sector Policy Advisory Committee. To discuss...

  5. Information technology security system engineering methodology

    NASA Technical Reports Server (NTRS)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  6. 76 FR 2142 - Employee Benefits Security Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-12

    ... disclosed. All comments may be posted on the Internet and can be retrieved by most Internet search engines... Administration (EBSA) published in the Federal Register on October 22, 2010, (75 FR 65263), a proposed rule under... on October 22, 2010 (75 FR 65263), is being extended until February 3, 2011. To facilitate...

  7. A Layered Trust Information Security Architecture

    PubMed Central

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  8. A layered trust information security architecture.

    PubMed

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  9. Effective Management of Information Security and Privacy

    ERIC Educational Resources Information Center

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  10. Three Essays on Information Security Policies

    ERIC Educational Resources Information Center

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  11. A Security Architecture for Health Information Networks

    PubMed Central

    Kailar, Rajashekar

    2007-01-01

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

  12. A security architecture for health information networks.

    PubMed

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  13. 6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 6 Domestic Security 1 2011-01-01 2011-01-01 false Protected Critical Infrastructure Information Program administration. 29.4 Section 29.4 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... sufficient personnel, including such detailees or assignees from other Federal national security,...

  14. Network Security: What Non-Technical Administrators Must Know

    ERIC Educational Resources Information Center

    Council, Chip

    2005-01-01

    Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

  15. ITIL{sup ®} and information security

    SciTech Connect

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-03-10

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  16. NNSA Administrator Looks to Future of Nuclear Security at STRATCOM Symposium

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas P. DAgostino of the National Nuclear Security Administration (NNSA) discusses the future of the Nuclear Security Enterprise and its strategic deterrence mission in light of President Obamas unprecedented nuclear security agenda.

  17. 76 FR 10262 - Information Security Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-24

    ...: 5 U.S.C. 552, 552a, 552b, 553; 31 U.S.C. 9701; E.O. 13526 of January 5, 2010 (75 FR 707), sections 5... 46 CFR Part 503 RIN 3072-AC40 Information Security Program AGENCY: Federal Maritime Commission... relating to its Information Security Program to reflect the changes implemented by Executive Order...

  18. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... Forest Service Information Collection; Financial Information Security Request Form AGENCY: Forest Service... extension with revision of a currently approved information collection, Financial Information Security... encouraged to call ahead to (703) 605-4803 to facilitate entry to the building. FOR FURTHER...

  19. Insider Threat and Information Security Management

    NASA Astrophysics Data System (ADS)

    Coles-Kemp, Lizzie; Theoharidou, Marianthi

    The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

  20. Hash Functions and Information Theoretic Security

    NASA Astrophysics Data System (ADS)

    Bagheri, Nasour; Knudsen, Lars R.; Naderi, Majid; Thomsen, Søren S.

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant.

  1. Information Processing - Administrative Data Processing

    NASA Astrophysics Data System (ADS)

    Bubenko, Janis

    A three semester, 60-credit course package in the topic of Administrative Data Processing (ADP), offered in 1966 at Stockholm University (SU) and the Royal Institute of Technology (KTH) is described. The package had an information systems engineering orientation. The first semester focused on datalogical topics, while the second semester focused on the infological topics. The third semester aimed to deepen the students’ knowledge in different parts of ADP and at writing a bachelor thesis. The concluding section of this paper discusses various aspects of the department’s first course effort. The course package led to a concretisation of our discipline and gave our discipline an identity. Our education seemed modern, “just in time”, and well adapted to practical needs. The course package formed the first concrete activity of a group of young teachers and researchers. In a forty-year perspective, these people have further developed the department and the topic to an internationally well-reputed body of knowledge and research. The department has produced more than thirty professors and more than one hundred doctoral degrees.

  2. 24 CFR 330.50 - Administration of multiclass securities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 24 Housing and Urban Development 2 2011-04-01 2011-04-01 false Administration of multiclass securities. 330.50 Section 330.50 Housing and Urban Development Regulations Relating to Housing and Urban Development (Continued) GOVERNMENT NATIONAL MORTGAGE ASSOCIATION, DEPARTMENT OF HOUSING AND URBAN......

  3. 24 CFR 330.50 - Administration of multiclass securities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 24 Housing and Urban Development 2 2012-04-01 2012-04-01 false Administration of multiclass securities. 330.50 Section 330.50 Housing and Urban Development Regulations Relating to Housing and Urban Development (Continued) GOVERNMENT NATIONAL MORTGAGE ASSOCIATION, DEPARTMENT OF HOUSING AND URBAN......

  4. Energy Relations in Russia: Administration, Politics and Security

    ERIC Educational Resources Information Center

    Makarychev, Andrey

    2005-01-01

    This chapter analyses energy relations through a prism of three interlinked concepts: administration, politics and security. This triad describes the basic approaches to questions about technical, politicised and securitised energy. These three concepts are logically linked to one another and represent an elementary matrix; a prism through which…

  5. 76 FR 72433 - Revision of Agency Information Collection Activity Under OMB Review: Secure Flight Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-23

    ... soliciting comments, of the following collection of information on August 3, 2011, 76 FR 46830. The... OMB Review: Secure Flight Program AGENCY: Transportation Security Administration, DHS. ACTION: 30-day... submit to Secure Flight for the purposes of watch list matching, identifying information of...

  6. 45 CFR 303.30 - Securing medical support information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 45 Public Welfare 2 2014-10-01 2012-10-01 true Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT (CHILD SUPPORT ENFORCEMENT PROGRAM), ADMINISTRATION FOR CHILDREN AND FAMILIES, DEPARTMENT OF HEALTH...

  7. 45 CFR 303.30 - Securing medical support information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 2 2010-10-01 2010-10-01 false Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT (CHILD SUPPORT ENFORCEMENT PROGRAM), ADMINISTRATION FOR CHILDREN AND FAMILIES, DEPARTMENT OF HEALTH...

  8. 45 CFR 303.30 - Securing medical support information.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 45 Public Welfare 2 2011-10-01 2011-10-01 false Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT (CHILD SUPPORT ENFORCEMENT PROGRAM), ADMINISTRATION FOR CHILDREN AND FAMILIES, DEPARTMENT OF HEALTH...

  9. 36 CFR 1256.46 - National security-classified information.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified information. 1256.46 Section 1256.46 Parks, Forests, and Public Property NATIONAL ARCHIVES AND RECORDS ADMINISTRATION PUBLIC AVAILABILITY AND USE ACCESS TO RECORDS AND DONATED HISTORICAL MATERIALS...

  10. Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

    ERIC Educational Resources Information Center

    Szuba, Tom

    This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

  11. Implementing healthcare information security: standards can help.

    PubMed

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  12. A security mediator for health care information.

    PubMed Central

    Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

    1996-01-01

    The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

  13. Information security trades in tactical wireless networks

    NASA Astrophysics Data System (ADS)

    Kurdziel, Michael T.; Alvermann, John A.

    2015-05-01

    Wireless networks are now ubiquitous across the tactical environment. They offer unprecedented communications and data access capabilities. However, providing information security to wireless transmissions without impacting performance is a challenge. The information security requirement for each operational scenario presents a large trade space for functionality versus performance. One aspect of this trade space pertains to where information security services are integrated into the protocol stack. This paper will present an overview of the various options that exist and will discuss the advantages and disadvantages of each option.

  14. Information Seeking Behaviour of AIOU Administrators

    ERIC Educational Resources Information Center

    Mahmood, Malik Tariq

    2005-01-01

    The main purpose of this research study is to investigate the information-seeking behavior of Allama Iqbal Open University (AIOU) administrators in Pakistan. Information is obtained by using a wide variety of informal and formal sources, human sources, Internet as well as print media. The present study found that AIOU administrators are more…

  15. Teaching Context in Information Security

    ERIC Educational Resources Information Center

    Bishop, Matt

    2006-01-01

    This article investigates teaching the application of technical ideas by non-technical means, especially by using puzzles to engage students. After discussing the need to teach students to evaluate contexts in which decisions about computer security must be made, we suggest questions and scenarios drawn from political science, history, as well as…

  16. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  17. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  18. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  19. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  20. TWRS information locator database system administrator`s manual

    SciTech Connect

    Knutson, B.J., Westinghouse Hanford

    1996-09-13

    This document is a guide for use by the Tank Waste Remediation System (TWRS) Information Locator Database (ILD) System Administrator. The TWRS ILD System is an inventory of information used in the TWRS Systems Engineering process to represent the TWRS Technical Baseline. The inventory is maintained in the form of a relational database developed in Paradox 4.5.

  1. Administrative Assistants' Informal Learning and Related Factors

    ERIC Educational Resources Information Center

    Cho, Hyun Jung; Kim, Jin-Mo

    2016-01-01

    Purpose: The purpose of this study is to identify the causal relationship among informal learning, leader-member exchange (LMX), empowerment, job characteristics and job self-efficacy and the impact on administrative assistants in corporations. The study aims at providing information for administrative assistants who have worked with their current…

  2. RFID Based Context Information Security System Architecture for Securing Personal Information under Ubiquitous Environment

    NASA Astrophysics Data System (ADS)

    Song, Jae-Gu; Park, Gil-Cheol; Kim, Seoksoo

    2007-12-01

    In this study, framework for securing personal information among various contexts collected and utilized under ubiquitous environment is proposed. The proposed framework will analyze relativity among information used to determine the exposure of personal information according to circumstances where personal information is used. In addition, the study will define the definition of role-based structure and propose a structure applying password security system according to access level. Furthermore, the study will propose a method for building information security system using RFID tag information which generates context information.

  3. 75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... records notice titled, DHS/TSA-006 Correspondence Matters Tracking System Records (CMTR) (68 FR 49496... purposes of investigating any matter before DHS/TSA. These changes will allow DHS/TSA to thoroughly and... Security Administration--006 Correspondence and Matters Tracking Records AGENCY: Privacy Office,...

  4. 75 FR 18860 - Privacy Act of 1974, Department of Homeland Security Transportation Security Administration-013...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Officer Record System (FDORS), previously published on August 18, 2003 (68 FR 49496). TSA's mission is to... reflected in the final rule published on June 25, 2004, 69 FR 35536. Consistent with the Privacy Act... Security Administration--013 Federal Flight Deck Officer Record System AGENCY: Privacy Office, DHS....

  5. 76 FR 49503 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Airport Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... Collection of Information: Airport Security AGENCY: Transportation Security Administration, DHS. ACTION: 60...; Airport Security, 49 CFR part 1542. The information collected is used to determine compliance with 49 CFR... procedures. TSA is seeking to renew its OMB control number, 1652- ] 0002, Airport Security. TSA...

  6. CORBA security services for health information systems.

    PubMed

    Blobel, B; Holena, M

    1998-01-01

    The structure of healthcare systems in developed countries is changing to 'shared care', enforced by economic constraints and caused by a change in the basic conditions of care. That development results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and, as far as their domains are concerned, heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems require a high level of data protection and data security, both with respect to patient information and with respect to users. This paper, relying on experience gained through our activities in CORBAmed, describes the possibilities the CORBA middleware provides to achieve application and communication security. On the background of the overall CORBA architecture, it outlines the different security services previewed in the adopted CORBA specifications which are discussed in the context of the security requirements of healthcare information systems. Security services required in the healthcare domain but not available at the moment are mentioned. A solution is proposed, which on the one hand allows to make use of the available CORBA security services and additional ones, on the other hand remains open to other middleware approaches, such as DHE or HL7. PMID:9848400

  7. CORBA security services for health information systems.

    PubMed

    Blobel, B; Holena, M

    1998-01-01

    The structure of healthcare systems in developed countries is changing to 'shared care', enforced by economic constraints and caused by a change in the basic conditions of care. That development results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and, as far as their domains are concerned, heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems require a high level of data protection and data security, both with respect to patient information and with respect to users. This paper, relying on experience gained through our activities in CORBAmed, describes the possibilities the CORBA middleware provides to achieve application and communication security. On the background of the overall CORBA architecture, it outlines the different security services previewed in the adopted CORBA specifications which are discussed in the context of the security requirements of healthcare information systems. Security services required in the healthcare domain but not available at the moment are mentioned. A solution is proposed, which on the one hand allows to make use of the available CORBA security services and additional ones, on the other hand remains open to other middleware approaches, such as DHE or HL7.

  8. Information Security and Privacy in Network Environments.

    ERIC Educational Resources Information Center

    Congress of the U.S., Washington, DC. Office of Technology Assessment.

    The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

  9. Securities Analysts as Information-Seekers.

    ERIC Educational Resources Information Center

    Baldwin, Nancy Sadler; Rice, Ronald E.

    1996-01-01

    A survey of 100 securities analysts at investment banking firms in the United States and United Kingdom showed that individual characteristics have little influence on the information sources and communication channels used by analysts, but institutional resources significantly influence the information and communication channels used, and also…

  10. A Policy Model for Secure Information Flow

    NASA Astrophysics Data System (ADS)

    Adetoye, Adedayo O.; Badii, Atta

    When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker’s observational power, which can be used to enforce what declassification policies.

  11. Information security implementations for remote monitoring

    SciTech Connect

    Nilsen, C.A.

    1997-10-01

    In September 1993, President Clinton stated the United States would ensure that its fissile material meet the {open_quotes}highest standards of safety, security, and international accountability.{close_quotes} Frequent human inspection of the material could be used to ensure these standards. However, it may be more effective and less expensive to replace these manual inspections with virtual inspections via remote monitoring technologies. A successful implementation of a comprehensive remote monitoring system, however, requires significant attention to a variety of information security issues. In pursuing Project Straight-Line and the follow-on Storage Monitoring System, Sandia National Laboratories developed remote monitoring implementations that can satisfy a variety of information security requirements. Special emphasis was given to developing methods for using the Internet to disseminate the data securely. This paper describes the various information security implementations applied to the Project Straight-Line and the Storage Monitoring System. Also included is a discussion of the security provided by the Windows NT operating system.

  12. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  13. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  14. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  15. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  16. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  17. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  18. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  19. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    ERIC Educational Resources Information Center

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  20. The Shaping of Managers' Security Objectives through Information Security Awareness Training

    ERIC Educational Resources Information Center

    Harris, Mark A.

    2010-01-01

    Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

  1. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be...

  2. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be...

  3. Information Security due to Electromagnetic Environments

    NASA Astrophysics Data System (ADS)

    Sekiguchi, Hidenori; Seto, Shinji

    Generally, active electronic devices emit slightly unintentional electromagnetic noise. From long ago, electromagnetic emission levels have been regulated from the aspect of electromagnetic compatibility (EMC). Also, it has been known the electromagnetic emissions have been generated from the ON/OFF of signals in the device. Recently, it becomes a topic of conversation on the information security that the ON/OFF on a desired signal in the device can be reproduced or guessed by receiving the electromagnetic emission. For an example, a display image on a personal computer (PC) can be reconstructed by receiving and analyzing the electromagnetic emission. In sum, this fact makes known information leakage due to electromagnetic emission. “TEMPEST" that has been known as a code name originated in the U. S. Department of Defense is to prevent the information leakage caused by electromagnetic emissions. This paper reports the brief summary of the information security due to electromagnetic emissions from information technology equipments.

  4. 76 FR 39887 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-07

    ... period soliciting comments, of the following collection of information on April 26, 2011, FR 76-23327... OMB Review: Highway Corporate Security Review AGENCY: Transportation Security Administration, DHS... (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget...

  5. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-15

    ... Administration (GSA) issued a interim rule (76 FR 34886) to implement a recommendation from the Office of the Inspector General (OIG) based on an internal audit of the security of GSA's information technology data and systems. The audit recommended that GSA develop standard requirements and deliverables for IT...

  6. Towards Changes in Information Security Education

    ERIC Educational Resources Information Center

    Hentea, Mariana; Dhillon, Harpal S.; Dhillon, Manpreet

    2006-01-01

    Despite a variety of Information Security Assurance (ISA) curricula and diverse educational models, universities often fail to provide their graduates with skills demanded by employers. There is a big discrepancy between the levels of skills expected by employers and those the graduates have after completing their studies. The authors compare the…

  7. 75 FR 705 - Classified National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ... information relating to defense against transnational terrorism. Our democratic principles require that the... national security, which includes defense against transnational terrorism, and the original classification...- art technology within a U.S. weapon system; (5) reveal formally named or numbered U.S. military...

  8. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the...

  9. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the...

  10. 49 CFR 1548.19 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against...

  11. The straight-line information security architecture

    SciTech Connect

    Nilsen, C.

    1995-08-01

    Comprehensive monitoring can provide a wealth of sensor data useful in enhancing the safety, security, and international accountability of stored nuclear material. However, care must be taken to distribute this type of data on a need to know basis to the various types of users. The following paper describes an exploratory effort on behalf of Sandia National Labs to integrate commercially available systems to securely disseminate (on a need to know basis) both classified and unclassified sensor information to a variety of users on the interact.

  12. Relationship between stakeholders' information value perception and information security behaviour

    NASA Astrophysics Data System (ADS)

    Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

    2015-02-01

    The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

  13. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Transportation Security Threat Assessment System of Records (70 FR 33383, November 8, 2005). TSA's mission is to... systems as reflected in the final rule published on June 25, 2004 in 69 FR 35536. The information is..., intelligence, or other functions consistent with the routine uses set forth in this system of records...

  14. Integrating Automated Information Security and Information Resources Management.

    ERIC Educational Resources Information Center

    Chick, Morey J.

    1990-01-01

    Argues that the security of automated information systems must be made a management priority and effectively supported. The steps needed to achieve this objective are outlined in the areas of information resources management planning, budgeting and costing, directing, organizing, training, and controlling. A list of suggested readings is provided.…

  15. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of...

  16. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of...

  17. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of...

  18. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of...

  19. 77 FR 18716 - Transportation Security Administration Postal Zip Code Change; Technical Amendment

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-28

    ... SECURITY Transportation Security Administration 49 CFR Part 1572 Transportation Security Administration... is Sec. 1572.5(e)(2). Technical Amendment This document amends section 1572.5(e)(2) in order to make... to the section. List of Subjects in 49 CFR Part 1572 Appeals, Commercial driver's license,...

  20. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of...

  1. Directory of Energy Information Administration models 1996

    SciTech Connect

    1996-07-01

    This directory revises and updates the Directory of Energy Information Administration Models 1995, DOE/EIA-0293(95), Energy Information Administration (EIA), U.S. Department of Energy, July 1995. Four models have been deleted in this directory as they are no longer being used: (1) Market Penetration Model for Ground-Water Heat Pump Systems (MPGWHP); (2) Market Penetration Model for Residential Rooftop PV Systems (MPRESPV-PC); (3) Market Penetration Model for Active and Passive Solar Technologies (MPSOLARPC); and (4) Revenue Requirements Modeling System (RRMS).

  2. 78 FR 6168 - Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-29

    ... ADMINISTRATION Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2012 Service... Appropriations Act of 2010 (Pub. L. 111-117), we are publishing this notice to advise the public of...

  3. 77 FR 3836 - Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-25

    ... ADMINISTRATION Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2011 Service... Appropriations Act of 2010 (Pub. L. 111-117), we are publishing this notice to advise the public of...

  4. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review...

  5. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review...

  6. Disaster at a University: A Case Study in Information Security

    ERIC Educational Resources Information Center

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  7. Information System for Educational Policy and Administration.

    ERIC Educational Resources Information Center

    Clayton, J. C., Jr.

    Educational Information System (EIS) is a proposed computer-based data processing system to help schools solve current educational problems more efficiently. The system would allow for more effective administrative operations in student scheduling, financial accounting, and long range planning. It would also assist school trustees and others in…

  8. A Secure Information Framework with APRQ Properties

    NASA Astrophysics Data System (ADS)

    Rupa, Ch.

    2016-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  9. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... Administration and its employees in their official capacities. 423.1 Section 423.1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its... the Social Security Administration or the Commissioner of Social Security should be sent to the...

  10. 77 FR 19680 - Extension of Agency Information Collection Activity Under OMB Review: Rail Transportation Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-04-02

    ... rail transit service on track that is part of the general railroad system of transportation and rail... OMB Review: Rail Transportation Security AGENCY: Transportation Security Administration, DHS. ACTION... period soliciting comments, of the following collection of information on January 13, 2012, 77 FR...

  11. Secure medical information sharing in cloud computing.

    PubMed

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem. PMID:26410315

  12. Secure medical information sharing in cloud computing.

    PubMed

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  13. Directory of Energy Information Administration Models 1994

    SciTech Connect

    Not Available

    1994-07-01

    This directory revises and updates the 1993 directory and includes 15 models of the National Energy Modeling System (NEMS). Three other new models in use by the Energy Information Administration (EIA) have also been included: the Motor Gasoline Market Model (MGMM), Distillate Market Model (DMM), and the Propane Market Model (PPMM). This directory contains descriptions about each model, including title, acronym, purpose, followed by more detailed information on characteristics, uses and requirements. Sources for additional information are identified. Included in this directory are 37 EIA models active as of February 1, 1994.

  14. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 41 Public Contracts and Property Management 3 2011-01-01 2011-01-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed...

  15. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed...

  16. Examining the Relationship between Organization Systems and Information Security Awareness

    ERIC Educational Resources Information Center

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  17. 49 CFR 1544.305 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of security concerns. When TSA determines that additional security measures are necessary to respond to...

  18. 49 CFR 1542.303 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Contingency Measures § 1542.303 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify airport operators of security concerns. When TSA determines that additional... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information...

  19. 49 CFR 1549.109 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When...

  20. Data Mining for Security Information: A Survey

    SciTech Connect

    Brugger, S T; Kelley, M; Sumikawa, K; Wakumoto, S

    2001-04-19

    This paper will present a survey of the current published work and products available to do off-line data mining for computer network security information. Hundreds of megabytes of data are collected every second that are of interest to computer security professionals. This data can answer questions ranging from the proactive, ''Which machines are the attackers going to try to compromise?'' to the reactive, ''When did the intruder break into my system and how?'' Unfortunately, there's so much data that computer security professionals don't have time to sort through it all. What we need are systems that perform data mining at various levels on this corpus of data in order to ease the burden of the human analyst. Such systems typically operate on log data produced by hosts, firewalls and intrusion detection systems as such data is typically in a standard, machine readable format and usually provides information that is most relevant to the security of the system. Systems that do this type of data mining for security information fall under the classification of intrusion detection systems. It is important to point out that we are not surveying real-time intrusion detection systems. Instead, we examined what is possible when the analysis is done off-line. Doing the analysis off-line allows for a larger amount of data correlation between distant sites who transfer relevant log files periodically and may be able to take greater advantage of an archive of past logs. Such a system is not a replacement for a real-time intrusion detection system but should be used in conjunction with one. In fact, as noted previously, the logs of the real-time IDS may be one of the inputs to the data mining system. We will concentrate on the application of data mining to network connection data, as opposed to system logs or the output of real-time intrusion detection systems. We do this primarily because this data is readily obtained from firewalls or real-time intrusion detectors and it

  1. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    ERIC Educational Resources Information Center

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  2. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-07-25

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA.... ACTION: Notice of a renewal of an existing computer matching program that expired on May 10,...

  3. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... Federal Register, and are available on-line at the Social Security Administration's Internet site, http... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and...

  4. Effect of Organizational Factors on Information Security Implementations

    ERIC Educational Resources Information Center

    Perez, Rafael G.

    2013-01-01

    The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

  5. Institutionalization of Information Security: Case of the Indonesian Banking Sector

    ERIC Educational Resources Information Center

    Nasution, Muhamad Faisal Fariduddin Attar

    2012-01-01

    This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

  6. 32 CFR 154.42 - Evaluation of personnel security information.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... personnel security information. (a) The criteria and adjudicative policy to be used in applying the... with the interests of national security and shall be an overall common sense evaluation based on...

  7. 32 CFR 154.42 - Evaluation of personnel security information.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... personnel security information. (a) The criteria and adjudicative policy to be used in applying the... with the interests of national security and shall be an overall common sense evaluation based on...

  8. 75 FR 45154 - National Security Division; Agency Information Collection Activities:

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-02

    ... National Security Division; Agency Information Collection Activities: Proposed Collection; Comments... (Foreign Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... Division, Counterespionage Section/Registration Unit, Bond Building--Room 9300, Washington, DC 20530....

  9. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  10. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  11. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 Transportation 1 2013-10-01 2013-10-01 false Information Security Review Committee. 8.9 Section 8.9 Transportation Office of the Secretary of Transportation CLASSIFIED INFORMATION: CLASSIFICATION/DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established...

  12. An Information Security Control Assessment Methodology for Organizations

    ERIC Educational Resources Information Center

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  13. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  14. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  15. Administrative Information Systems Plan for FY89

    SciTech Connect

    Not Available

    1988-11-01

    The Administrative Information Systems (AIS) Plan was developed to prioritize, track, and control the cost of AIS activities. This annually published plan, in conjunction with quarterly status reports, measures projected AIS activities and progress. The AIS Plan and quarterly reporting are administered jointly by the Director of Computing and an Organization 30 director. Priority development projects are clearly defined and closely managed efforts that consume significant resources. Directorate supplementals describe other AIS activity within each directorate, which may include: production support; technical support; development activity; and other AIS effort.

  16. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  17. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  18. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  19. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  20. Transportation Security Administration Efficiency and Flexibility Act of 2011

    THOMAS, 112th Congress

    Sen. Wicker, Roger F. [R-MS

    2011-07-13

    07/13/2011 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  1. Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

    ERIC Educational Resources Information Center

    Okolo, Nkiru Benjamin

    2016-01-01

    Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

  2. 78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-07

    ... required security education training for employees of NRC licensees possessing security clearances so that... National Security Information, which was published in the Federal Register on January 5, 2010 (75 FR 707... implementation of the Executive Order, issued a final rule (75 FR 37254; June 28, 2010) amending 32 CFR...

  3. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  4. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  5. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  6. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  7. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  8. Information security management system planning for CBRN facilities

    SciTech Connect

    Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  9. Computer security: a necessary element of integrated information systems.

    PubMed Central

    Butzen, F; Furler, F

    1986-01-01

    The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data. PMID:3742113

  10. 78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... for expedited screening at participating airport security checkpoints. This updated system will be... identification of passengers who are eligible for expedited screening at participating airport security... participating airport security checkpoints. \\10\\ ``Sterile area'' means a portion of an airport defined in...

  11. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION... Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 1 Bracketed references pertain... 32 National Defense 6 2011-07-01 2011-07-01 false Responsibilities of the Director,...

  12. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION... Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 1 Bracketed references pertain... 32 National Defense 6 2010-07-01 2010-07-01 false Responsibilities of the Director,...

  13. 14 CFR § 1203.408 - Assistance by Information Security Specialist in the Center Protective Services Office.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Assistance by Information Security Specialist in the Center Protective Services Office. § 1203.408 Section § 1203.408 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM Guides for...

  14. 76 FR 27002 - Information Collection; National Recreation Program Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-10

    ... Forest Service Information Collection; National Recreation Program Administration AGENCY: Forest Service... new information collection, National Recreation Program Administration. DATES: Comments must be... addressed to Katie Donahue, Recreation, Heritage, and Volunteer Resources Staff, Mail Stop 1125, U.S....

  15. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. PMID:25467897

  16. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients.

  17. Approach to spatial information security based on digital certificate

    NASA Astrophysics Data System (ADS)

    Cong, Shengri; Zhang, Kai; Chen, Baowen

    2005-11-01

    With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

  18. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Suits against the Social Security Administration and its employees in their official capacities. 423.1 Section 423.1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and...

  19. 75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-29

    ... SECURITY Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday, August... meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet from... Homeland Security Information Network Advisory Committee is to identify issues and provide to...

  20. Information Security for Compliance with Select Agent Regulations

    PubMed Central

    Lewis, Nick; Campbell, Mark J.

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  1. Information security for compliance with select agent regulations.

    PubMed

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  2. Information security for compliance with select agent regulations.

    PubMed

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

  3. Information security requirements in patient-centred healthcare support systems.

    PubMed

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  4. 20 CFR 217.7 - Claim filed with the Social Security Administration.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 1 2014-04-01 2012-04-01 true Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the...

  5. 20 CFR 217.7 - Claim filed with the Social Security Administration.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 1 2013-04-01 2012-04-01 true Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the...

  6. 20 CFR 217.7 - Claim filed with the Social Security Administration.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 1 2012-04-01 2012-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the...

  7. 20 CFR 217.7 - Claim filed with the Social Security Administration.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the...

  8. 20 CFR 217.7 - Claim filed with the Social Security Administration.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 1 2011-04-01 2011-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the...

  9. A Framework for the Governance of Information Security

    ERIC Educational Resources Information Center

    Edwards, Charles K.

    2013-01-01

    Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

  10. How to Keep Your Health Information Private and Secure

    MedlinePlus

    ... communities, such as message boards. · Store in a personal health record (PHR) that is not offered through ... information. Here are some tips to ensure your personal health information is private and secure when accessing ...

  11. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    SciTech Connect

    Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo; Mili, Ali; Trien, Joseph P

    2006-01-01

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  12. 76 FR 38179 - Information Collection; General Services Administration; Information Specific to a Contract or...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-29

    ... ADMINISTRATION Information Collection; General Services Administration; Information Specific to a Contract or... previously approved information collection requirement regarding information specific to a contract or..., Procurement Analyst, Acquisition Policy Division, at telephone (202) 219-1813 or e-mail...

  13. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access to restricted data and national security information introduced into proceedings. Except as...

  14. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ..., programming, and system administration of computer systems, networks, and telecommunications systems. (c... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a... laws that include, but are not limited to, the Computer Security Act of 1987 (40 U.S.C. 1441 et...

  15. 75 FR 29568 - Extension of Agency Information Collection Activity Under OMB Review: Aircraft Operator Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-26

    ... its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on March 16, 2010. 75 FR 12559. The collection...-day notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA)...

  16. 77 FR 19025 - Extension of Agency Information Collection Activity Under OMB Review: Aircraft Operator Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-29

    ... its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on January 26, 2012 (77 FR 4055). TSA has implemented...-Day notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA)...

  17. 78 FR 4856 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-23

    ... OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation Security... Aviation Security Infrastructure Fee (ASIF), including information about air carriers' and foreign air.... Information Collection Requirement Title: Aviation Security Infrastructure Fee Records Retention. Type...

  18. 78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-07

    ... National Security Information and Restricted Data AGENCY: Nuclear Regulatory Commission. ACTION: Proposed... INFORMATION AND RESTRICTED DATA 0 1. The authority citation for part 95 continues to read as follows... Information (75 FR 707; January 5, 2010), before derivatively classifying information and at least once...

  19. Securing information display by use of visual cryptography.

    PubMed

    Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo

    2003-09-01

    We propose a secure display technique based on visual cryptography. The proposed technique ensures the security of visual information. The display employs a decoding mask based on visual cryptography. Without the decoding mask, the displayed information cannot be viewed. The viewing zone is limited by the decoding mask so that only one person can view the information. We have developed a set of encryption codes to maintain the designed viewing zone and have demonstrated a display that provides a limited viewing zone.

  20. 78 FR 4393 - Applications for New Awards; Minorities and Retirement Security Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-22

    ... SOCIAL SECURITY ADMINISTRATION Applications for New Awards; Minorities and Retirement Security Program... Policy, Social Security Administration. ACTION: Notice. Overview Information: Minorities and Retirement... Education (ED or the Department) and the United States Social Security Administration (SSA). The MRS...

  1. The Impact of Information Richness on Information Security Awareness Training Effectiveness

    ERIC Educational Resources Information Center

    Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

    2009-01-01

    In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

  2. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 CFR 1542.303, 1544.305, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security; or (iii) Any...) Information Circular issued by TSA under 49 CFR 1542.303 or 1544.305, or other authority; and (ii)...

  3. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 CFR 1542.303, 1544.305, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security; or (iii) Any...) Information Circular issued by TSA under 49 CFR 1542.303 or 1544.305, or other authority; and (ii)...

  4. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 CFR 1542.303, 1544.305, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security; or (iii) Any...) Information Circular issued by TSA under 49 CFR 1542.303 or 1544.305, or other authority; and (ii)...

  5. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 CFR 1542.303, 1544.305, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security; or (iii) Any...) Information Circular issued by TSA under 49 CFR 1542.303 or 1544.305, or other authority; and (ii)...

  6. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 CFR 1542.303, 1544.305, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security; or (iii) Any...) Information Circular issued by TSA under 49 CFR 1542.303 or 1544.305, or other authority; and (ii)...

  7. An Examination of Issues Surrounding Information Security in California Colleges

    ERIC Educational Resources Information Center

    Butler, Robert D.

    2013-01-01

    Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

  8. An Innovative Community College Program and Partnership in Information Security.

    ERIC Educational Resources Information Center

    Howard, Barbara C; Morneau, Keith A.

    This report describes an innovative network security program initiated by Northern Virginia Community College and funded with a grant from the Northern Virginia Regional Partnership. The program educates and trains students in the instillation, configuration, and troubleshooting of the hardware and software infrastructure of information security.…

  9. Information Security Issues in Higher Education and Institutional Research

    ERIC Educational Resources Information Center

    Custer, William L.

    2010-01-01

    Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

  10. Federal Information Security Amendments Act of 2013

    THOMAS, 113th Congress

    Rep. Issa, Darrell E. [R-CA-49

    2013-03-14

    04/17/2013 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Notes: For further action, see S.2521, which became Public Law 113-283 on 12/18/2014. Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

  11. Federal Information Security Amendments Act of 2012

    THOMAS, 112th Congress

    Rep. Issa, Darrell E. [R-CA-49

    2012-03-26

    05/07/2012 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

  12. Protecting Office Information: Computer and Data Security.

    ERIC Educational Resources Information Center

    Davis-Newton, Hazel C.

    1986-01-01

    Discusses the nature of modern office automation, microcomputer access controls that can be activated to improve security (passwords, error lockout, palm geometry, automatic shutoff, time lock, call back), data communications controls (cryptographic transmission of data, scramblers, dial-back-devices), and management practices that may be…

  13. Modeling behavioral considerations related to information security.

    SciTech Connect

    Martinez-Moyano, I. J.; Conrad, S. H.; Andersen, D. F.

    2011-01-01

    The authors present experimental and simulation results of an outcome-based learning model for the identification of threats to security systems. This model integrates judgment, decision-making, and learning theories to provide a unified framework for the behavioral study of upcoming threats.

  14. Secure communication of medical information using mobile agents.

    PubMed

    Nikooghadam, Morteza; Zakerolhosseini, Ali

    2012-12-01

    Recently several efficient schemes are proposed to provide security of e-medicine systems. Almost all of these schemes have tried to achieve the highest security level in transmission of patients' medical information to medical institutions through a heterogeneous network like Internet. In this paper, we explain the insecurity of these schemes against "man-in-the-middle" attack. Furthermore, a dynamic mobile agent system based on hybrid cryptosystem is proposed that is both secure and also efficient in computation cost. Analyzing the security criteria confirms suitability of the proposed scheme for e-medicine systems. PMID:22569875

  15. Energy Information Administration new releases. Volume 1

    SciTech Connect

    1997-04-01

    This publication of the National Energy Information Center contains news items and information sources related primarily to electricity generation. News items reported on in this issue include utility compliance costs for the Clean Air Act, 1995 profits for major energy companies, and competition issues in the electric power and natural gas industries. A summary report on crude oil prices is also presented. Other information provided includes a listing of 1996 publications from the center, electronic information services, and energy data information contacts.

  16. Agents Based e-Commerce and Securing Exchanged Information

    NASA Astrophysics Data System (ADS)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  17. 77 FR 72814 - Information Collection; Secure Rural Schools Act

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-06

    ... Secure Rural Schools and Community Self-Determination Act of 2000 (the Act) (16 U.S.C. 7101 et seq.), as... information may be submitted by hard copy and/or electronically scanned and included as an attachment...

  18. Information Security Management - Part Of The Integrated Management System

    NASA Astrophysics Data System (ADS)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  19. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... COUNCIL REGULATIONS TO IMPLEMENT E.O. 12065-INCLUDING PROCEDURES FOR PUBLIC ACCESS TO DOCUMENTS THAT MAY BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The...

  20. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... COUNCIL REGULATIONS TO IMPLEMENT E.O. 12065-INCLUDING PROCEDURES FOR PUBLIC ACCESS TO DOCUMENTS THAT MAY BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The...

  1. 78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-19

    ... Information and Restricted Data AGENCY: Nuclear Regulatory Commission. ACTION: Direct final rule; confirmation...; telephone: 301-415-3501; email: Daniel.Lenehan@nrc.gov . SUPPLEMENTARY INFORMATION: On August 7, 2013 (78 FR..., Classified National Security Information. In addition, this direct final rule allowed licensees...

  2. How Homeland Security Affects Spatial Information

    ERIC Educational Resources Information Center

    Zellmer, Linda

    2004-01-01

    A recent article in Security-Focus described the fact that several U.S. government buildings in Washington DC could no longer be clearly seen by people using MapQuest's aerial photo database. In addition, the photos of these buildings were altered at the Web sites wherein they are posted at the request of the U.S. Secret Service. This is an…

  3. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Security Intelligence Service (TSIS) Operations Files System of Records (69 FR 71828, December 10, 2004...(j)(2), (k)(1), (k)(2) and (k)(5) as reflected in the final rule published on August 4, 2006 in 71 FR...)(2), and (k)(5) as reflected in the final rule published on August 4, 2006, in 71 FR 44223....

  4. An integrative behavioral model of information security policy compliance.

    PubMed

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  5. An Integrative Behavioral Model of Information Security Policy Compliance

    PubMed Central

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  6. An integrative behavioral model of information security policy compliance.

    PubMed

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  7. How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

    PubMed Central

    Cazier, Joseph A; Medlin, B. Dawn

    2006-01-01

    For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

  8. Three Essays on Information Technology Security Management in Organizations

    ERIC Educational Resources Information Center

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  9. Information Security Management Practices of K-12 School Districts

    ERIC Educational Resources Information Center

    Nyachwaya, Samson

    2013-01-01

    The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

  10. The European cooperative approach to securing critical information infrastructure.

    PubMed

    Purser, Steve

    2011-10-01

    This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps. PMID:22130342

  11. The European cooperative approach to securing critical information infrastructure.

    PubMed

    Purser, Steve

    2011-10-01

    This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

  12. Blood Donor Locator Service--Social Security Administration. Final rules.

    PubMed

    1991-12-24

    We are issuing these final regulations to govern the Blood Donor Locator Service, which we will establish and conduct, as required by section 8008 of the Technical and Miscellaneous Revenue Act of 1988 (Pub. L. 100-647). Under these regulations, we will furnish to participating States at their request the last known personal mailing address (residence or post office box) of blood donors whose blood donation shows that they are or may be infected with the human immunodeficiency virus (HIV) which causes acquired immune deficiency syndrome, if the State or an authorized blood donation facility has been unable to locate the donors. If our records or those of the Internal Revenue Service (IRS) contain an adequate personal mailing address for the donor, we will provide it to the State so that the State or the blood donation facility can inform the donor that he or she may need medical care and treatment. PMID:10116070

  13. Fuzzy assessment of health information system users' security awareness.

    PubMed

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  14. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    PubMed

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

  15. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    PubMed Central

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

  16. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    PubMed

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  17. 75 FR 47311 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-05

    ... OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation Security... retention of certain information necessary for TSA to help set the Aviation Security Infrastructure Fee... Title: Aviation Security Infrastructure Fee Records Retention. Type of Request: Extension of a...

  18. Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

    ERIC Educational Resources Information Center

    Imam, Abbas H.

    2013-01-01

    Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

  19. How to implement security controls for an information security program at CBRN facilities

    SciTech Connect

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  20. Supplemental Security Income: determining disability for a child under age 18. Social Security Administration. Final rules.

    PubMed

    2000-09-11

    On February 11, 1997, we published interim final rules with a request for comments to implement the Supplemental Security Income (SSI) childhood disability provisions of sections 211 and 212 of Public Law (Pub. L.) 104-193, the Personal Responsibility and Work Opportunity Reconciliation Act of 1996. We are now publishing revised final rules in response to public comments. We are also conforming our rules to amendments to Public Law 104-193 made by the Balanced Budget Act of 1997, Public Law 105-33. Finally, we are simplifying and clarifying some rules in keeping with the President's goal of using plain language in regulations. PMID:11503639

  1. The Social Security Administration's Youth Transition Demonstration Projects: Interim Report on Transition WORKS

    ERIC Educational Resources Information Center

    Fraker, Thomas; Black, Alison; Mamun, Arif; Manno, Michelle; Martinez, John; O'Day, Bonnie; O'Toole, Meghan; Rangarajan, Anu; Reed, Debbie

    2011-01-01

    The Social Security Administration is funding a random assignment evaluation of six demonstration projects to improve employment and other outcomes for youth ages 14 to 25 who are either receiving disability benefits or are at high risk of receiving them in the future. This report reviews the Youth Transition Demonstration (YTD) projects, located…

  2. Strategic approach to information security and assurance in health research.

    PubMed

    Akazawa, Shunichi; Igarashi, Manabu; Sawa, Hirofumi; Tamashiro, Hiko

    2005-09-01

    Information security and assurance are an increasingly critical issue in health research. Whether health research be in genetics, new drugs, disease outbreaks, biochemistry, or effects of radiation, it deals with information that is highly sensitive and which could be targeted by rogue individuals or groups, corporations, national intelligence agencies, or terrorists, looking for financial, social, or political gains. The advents of the Internet and advances in recent information technologies have also dramatically increased opportunities for attackers to exploit sensitive and valuable information.Government agencies have deployed legislative measures to protect the privacy of health information and developed information security guidelines for epidemiological studies. However, risks are grossly underestimated and little effort has been made to strategically and comprehensively protect health research information by institutions, governments and international communities.There is a need to enforce a set of proactive measures to protect health research information locally and globally. Such measures should be deployed at all levels but will be successful only if research communities collaborate actively, governments enforce appropriate legislative measures at national level, and the international community develops quality standards, concluding treaties if necessary, at the global level.Proactive measures for the best information security and assurance would be achieved through rigorous management process with a cycle of "plan, do, check, and act". Each health research entity, such as hospitals, universities, institutions, or laboratories, should implement this cycle and establish an authoritative security and assurance organization, program and plan coordinated by a designatedChief Security Officer who will ensure implementation of the above process, putting appropriate security controls in place, with key focus areas such aspolicies and best practices, enforcement

  3. Strategic approach to information security and assurance in health research.

    PubMed

    Akazawa, Shunichi; Igarashi, Manabu; Sawa, Hirofumi; Tamashiro, Hiko

    2005-09-01

    Information security and assurance are an increasingly critical issue in health research. Whether health research be in genetics, new drugs, disease outbreaks, biochemistry, or effects of radiation, it deals with information that is highly sensitive and which could be targeted by rogue individuals or groups, corporations, national intelligence agencies, or terrorists, looking for financial, social, or political gains. The advents of the Internet and advances in recent information technologies have also dramatically increased opportunities for attackers to exploit sensitive and valuable information.Government agencies have deployed legislative measures to protect the privacy of health information and developed information security guidelines for epidemiological studies. However, risks are grossly underestimated and little effort has been made to strategically and comprehensively protect health research information by institutions, governments and international communities.There is a need to enforce a set of proactive measures to protect health research information locally and globally. Such measures should be deployed at all levels but will be successful only if research communities collaborate actively, governments enforce appropriate legislative measures at national level, and the international community develops quality standards, concluding treaties if necessary, at the global level.Proactive measures for the best information security and assurance would be achieved through rigorous management process with a cycle of "plan, do, check, and act". Each health research entity, such as hospitals, universities, institutions, or laboratories, should implement this cycle and establish an authoritative security and assurance organization, program and plan coordinated by a designatedChief Security Officer who will ensure implementation of the above process, putting appropriate security controls in place, with key focus areas such aspolicies and best practices, enforcement

  4. Security of information in IT systems

    NASA Astrophysics Data System (ADS)

    Kaliczynska, Malgorzata

    2005-02-01

    The aim of the paper is to increase human awareness of the dangers connected with social engineering methods of obtaining information. The article demonstrates psychological and sociological methods of influencing people used in the attacks on IT systems. Little known techniques are presented about one of the greater threats that is electromagnetic emission or corona effect. Moreover, the work shows methods of protecting against this type of dangers. Also, in the paper one can find information on devices made according to the TEMPEST technology. The article not only discusses the methods of gathering information, but also instructs how to protect against its out-of-control loss.

  5. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  6. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 6 Domestic Security 1 2012-01-01 2012-01-01 false Information regarding security risk for a... SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order...

  7. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 6 Domestic Security 1 2013-01-01 2013-01-01 false Information regarding security risk for a... SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order...

  8. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Information regarding security risk for a... SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order...

  9. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 6 Domestic Security 1 2011-01-01 2011-01-01 false Information regarding security risk for a... SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order...

  10. Security of healthcare information systems based on the CORBA middleware.

    PubMed

    Blobel, B; Holena, M

    1997-01-01

    The development of healthcare systems in accordance to the "Shared Care" paradigm results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems demand a high level of data protection and data security, both with respect to patient information and with respect to users. The security concepts and measures available and additionally needed in health information systems based on CORBA architecture are described in this paper. The proposed security solution is also open to other middleware approaches, such as DHE or HL7. PMID:10179515

  11. Security of healthcare information systems based on the CORBA middleware.

    PubMed

    Blobel, B; Holena, M

    1997-01-01

    The development of healthcare systems in accordance to the "Shared Care" paradigm results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems demand a high level of data protection and data security, both with respect to patient information and with respect to users. The security concepts and measures available and additionally needed in health information systems based on CORBA architecture are described in this paper. The proposed security solution is also open to other middleware approaches, such as DHE or HL7.

  12. ARTEMIS: towards a secure interoperability infrastructure for healthcare information systems.

    PubMed

    Boniface, Mike; Wilken, Paul

    2005-01-01

    The ARTEMIS project is developing a semantic web service based P2P interoperability infrastructure for healthcare information systems. The strict legislative framework in which these systems are deployed means that the interoperability of security and privacy mechanisms is an important requirement in supporting communication of electronic healthcare records across organisation boundaries. In ARTEMIS, healthcare providers define semantically annotated security and privacy policies for web services based on organisational requirements. The ARTEMIS mediator uses these semantic web service descriptions to broker between organisational policies by reasoning over security and clinical concept ontologies.

  13. National Security and Information Technology: The New Regulatory Option?

    ERIC Educational Resources Information Center

    Irwin, Manley R.

    1987-01-01

    Summarizes recent developments in information technology research and development, telecommunication services, telephone manufacturing, telecommunication networks, information processing, and U.S. import/export policy. It is concluded that government regulation as a policy strategy depends on how one defines national security. (Author/CLB)

  14. Secure and Privacy-Preserving Distributed Information Brokering

    ERIC Educational Resources Information Center

    Li, Fengjun

    2010-01-01

    As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

  15. 76 FR 81827 - Declassification of National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-29

    ... Order, Classified National Security Information,'' 75 FR 733, 3 CFR, 2009 Comp., p. 412; 32 CFR Part...@nara.gov . ] SUPPLEMENTARY INFORMATION: On July 8, 2011, NARA published a proposed rule (76 FR 40296... without proper authority? Authority: 44 U.S.C. 2101 to 2118; 5 U.S.C. 552; E.O. 13526, 75 FR 707, 3...

  16. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... under 49 CFR 1542.303, 1544.305, 1548.19, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security..., including any— (i) Information circular issued by TSA under 49 CFR 1542.303, 1544.305, 1548.19, or...

  17. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... under 49 CFR 1542.303, 1544.305, 1548.19, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime security..., including any— (i) Information circular issued by TSA under 49 CFR 1542.303, 1544.305, 1548.19, or...

  18. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  19. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  20. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  1. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  2. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  3. An Information System for an Educational Administrator.

    ERIC Educational Resources Information Center

    Lewis, S. G.

    The Management Systems Series consists of documents of interest to persons concerned with the management of public resources. Operation PEP (Prepare Educational Planners), which called for a three-day session of instruction on Executive (Management Information Systems) was documented in detail as part of this series. This portion attempts to…

  4. 6 CFR 7.10 - Authority of the Chief Security Officer, Office of Security.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Authority of the Chief Security Officer, Office of Security. 7.10 Section 7.10 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.10 Authority of the Chief Security Officer, Office of Security. (a) The DHS...

  5. Directory of energy information administration models 1995

    SciTech Connect

    1995-07-13

    This updated directory has been published annually; after this issue, it will be published only biennially. The Disruption Impact Simulator Model in use by EIA is included. Model descriptions have been updated according to revised documentation approved during the past year. This directory contains descriptions about each model, including title, acronym, purpose, followed by more detailed information on characteristics, uses, and requirements. Sources for additional information are identified. Included are 37 EIA models active as of February 1, 1995. The first group is the National Energy Modeling System (NEMS) models. The second group is all other EIA models that are not part of NEMS. Appendix A identifies major EIA modeling systems and the models within these systems. Appendix B is a summary of the `Annual Energy Outlook` Forecasting System.

  6. Directory of Energy Information Administration Models 1993

    SciTech Connect

    Not Available

    1993-07-06

    This directory contains descriptions about each model, including the title, acronym, purpose, followed by more detailed information on characteristics, uses, and requirements. Sources for additional information are identified. Included in this directory are 35 EIA models active as of May 1, 1993. Models that run on personal computers are identified by ``PC`` as part of the acronym. EIA is developing new models, a National Energy Modeling System (NEMS), and is making changes to existing models to include new technologies, environmental issues, conservation, and renewables, as well as extend forecast horizon. Other parts of the Department are involved in this modeling effort. A fully operational model is planned which will integrate completed segments of NEMS for its first official application--preparation of EIA`s Annual Energy Outlook 1994. Abstracts for the new models will be included in next year`s version of this directory.

  7. A secure and robust information hiding technique for covert communication

    NASA Astrophysics Data System (ADS)

    Parah, S. A.; Sheikh, J. A.; Hafiz, A. M.; Bhat, G. M.

    2015-08-01

    The unprecedented advancement of multimedia and growth of the internet has made it possible to reproduce and distribute digital media easier and faster. This has given birth to information security issues, especially when the information pertains to national security, e-banking transactions, etc. The disguised form of encrypted data makes an adversary suspicious and increases the chance of attack. Information hiding overcomes this inherent problem of cryptographic systems and is emerging as an effective means of securing sensitive data being transmitted over insecure channels. In this paper, a secure and robust information hiding technique referred to as Intermediate Significant Bit Plane Embedding (ISBPE) is presented. The data to be embedded is scrambled and embedding is carried out using the concept of Pseudorandom Address Vector (PAV) and Complementary Address Vector (CAV) to enhance the security of the embedded data. The proposed ISBPE technique is fully immune to Least Significant Bit (LSB) removal/replacement attack. Experimental investigations reveal that the proposed technique is more robust to various image processing attacks like JPEG compression, Additive White Gaussian Noise (AWGN), low pass filtering, etc. compared to conventional LSB techniques. The various advantages offered by ISBPE technique make it a good candidate for covert communication.

  8. Develop security architecture for both in-house healthcare information systems and electronic patient record

    NASA Astrophysics Data System (ADS)

    Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

    2003-05-01

    In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

  9. The enhancement of security in healthcare information systems.

    PubMed

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  10. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings;...

  11. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings;...

  12. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings;...

  13. National Aeronautics and Space Administration Scientific and Technical Information Programs.

    ERIC Educational Resources Information Center

    Pinelli, Thomas E., Ed.

    1990-01-01

    Eleven articles discuss informational and educational programs of the National Aeronautics and Space Administration (NASA). Some of the areas discussed include scientific and technical information management, the new Space and Earth Science Information Systems, transfer of technology to other industries, intellectual property issues, and the…

  14. Guidelines for contingency planning NASA (National Aeronautics and Space Administration) ADP security risk reduction decision studies

    NASA Technical Reports Server (NTRS)

    Tompkins, F. G.

    1984-01-01

    Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.

  15. Information technology security at the Advanced Photon Source.

    SciTech Connect

    Sidorowicz, K. V.; McDowell, W.; APS Engineering Support Division

    2007-01-01

    The proliferation of 'botnets,' phishing schemes, denial-of-service attacks, root kits, and other cyber attack schemes designed to capture a system or network creates a climate of concern for system administrators, especially for those managing accelerator and large experimental-physics facilities, as they are very public targets. This paper will describe the steps being taken at the Advanced Photon Source (APS) to protect the infrastructure of the overall network with emphasis on security for the APS control system.

  16. 76 FR 80329 - Information Collection; Grazing Permit Administration Forms

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-23

    ... Forest Service Information Collection; Grazing Permit Administration Forms AGENCY: Forest Service, USDA... Forest Service is seeking comments from all interested individuals and organizations on the extension...: Comments concerning this notice should be addressed to: USDA, Forest Service, Attn: Director,...

  17. 75 FR 31744 - Information Collection; Contract Operations and Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-04

    ...) identifying contractor resources that may be used in emergency fire fighting situations, (5) determining... Forest Service Information Collection; Contract Operations and Administration AGENCY: Forest Service... 1995, the Forest Service is seeking comments from all interested individuals and organizations on a...

  18. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    PubMed Central

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  19. Information Security Analysis Using Game Theory and Simulation

    SciTech Connect

    Schlicher, Bob G; Abercrombie, Robert K

    2012-01-01

    Information security analysis can be performed using game theory implemented in dynamic simulations of Agent Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability that allows us to also address previous limitations of current stochastic game models. Such models only consider perfect information assuming that the defender is always able to detect attacks; assuming that the state transition probabilities are fixed before the game assuming that the players actions are always synchronous; and that most models are not scalable with the size and complexity of systems under consideration. Our use of ABMs yields results of selected experiments that demonstrate our proposed approach and provides a quantitative measure for realistic information systems and their related security scenarios.

  20. Information security: where computer science, economics and psychology meet.

    PubMed

    Anderson, Ross; Moore, Tyler

    2009-07-13

    Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

  1. Securing information using optically generated biometric keys

    NASA Astrophysics Data System (ADS)

    Verma, Gaurav; Sinha, Aloka

    2016-11-01

    In this paper, we present a new technique to obtain biometric keys by using the fingerprint of a person for an optical image encryption system. The key generation scheme uses the fingerprint biometric information in terms of the amplitude mask (AM) and the phase mask (PM) of the reconstructed fingerprint image that is implemented using the digital holographic technique. Statistical tests have been conducted to check the randomness of the fingerprint PM key that enables its usage as an image encryption key. To explore the utility of the generated biometric keys, an optical image encryption system has been further demonstrated based on the phase retrieval algorithm and the double random phase encoding scheme in which keys for the encryption are used as the AM and the PM key. The advantage associated with the proposed scheme is that the biometric keys’ retrieval requires the simultaneous presence of the fingerprint hologram and the correct knowledge of the reconstruction parameters at the decryption stage, which not only verifies the authenticity of the person but also protects the valuable fingerprint biometric features of the keys. Numerical results are carried out to prove the feasibility and the effectiveness of the proposed encryption system.

  2. Federal Agency and Federal Library Reports: Library of Congress; Center for the Book; Federal Library and Information Center Committee; National Agricultural Library; National Library of Medicine; United States Government Printing Office; National Technical Information Service; National Archives and Records Administration; National Center for Education Statistics Library Statistics Program; National Commission on Libraries and Information Science; National Library of Education; Educational Resources Information Center.

    ERIC Educational Resources Information Center

    Fischer, Audrey; Cole, John Y.; Tarr, Susan M.; Carey, Len; Mehnert, Robert; Sherman, Andrew M.; Davis, Linda; Leahy, Debra W.; Chute, Adrienne; Willard, Robert S.; Dunn, Christina

    2003-01-01

    Includes annual reports from 12 federal agencies and libraries that discuss security, budgets, legislation, digital projects, preservation, government role, information management, personnel changes, collections, databases, financial issues, services, administration, Web sites, access to information, customer service, statistics, international…

  3. An Undergraduate Information Security Program: More than a Curriculum

    ERIC Educational Resources Information Center

    Woodward, Belle; Imboden, Thomas; Martin, Nancy L.

    2013-01-01

    This paper describes the implementation of an information security program at a large Midwestern university. The initial work is briefly summarized and improvements that have occurred over time are described. Current activities and future plans are discussed. This paper offers insight and lessons learned for organizations that have or are…

  4. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 15 Commerce and Foreign Trade 3 2010-01-01 2010-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  5. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 15 Commerce and Foreign Trade 3 2011-01-01 2011-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  6. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 15 Commerce and Foreign Trade 3 2013-01-01 2013-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  7. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 15 Commerce and Foreign Trade 3 2014-01-01 2014-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  8. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 15 Commerce and Foreign Trade 3 2012-01-01 2012-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  9. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    SciTech Connect

    Chavez, Gregory M; Key, Brian P; Zerkle, David K; Shevitz, Daniel W

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  10. Information Security in the Age of Cloud Computing

    ERIC Educational Resources Information Center

    Sims, J. Eric

    2012-01-01

    Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

  11. Privacy and Security in an Oncology Information System

    PubMed Central

    Blum, Bruce I.; Lenhard, Raymond E.

    1978-01-01

    The growing number of automated medical data bases has focused attention upon the problems associated with privacy and security of patient data. This paper briefly reviews some of the approaches to data base protection and then describes the solution to these problems which have been implemented in the Johns Hopkins Oncology Center Clinical Information System.

  12. Administrator Highlights U.S.-Georgian Nuclear Security Cooperation in Tbilisi

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    NNSA Administrator Thomas D'Agostino highlighted the strong U.S.-Georgian cooperation on nuclear security issues during a day-long visit to the Republic of Georgia in mid-June. He briefed the media at availability at the Tbilisi airport. In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." In order to meet that challenge, the President's FY2011 Budget Request includes close to $2.7 billion for the National Nuclear Security Administration's Defense Nuclear Nonproliferation program -- an increase of 25.7 percent over FY2010. Included in that request is NNSA's Second Line of Defense (SLD) program, which works around the world to strengthen the capability of foreign governments to deter, detect, and interdict illicit trafficking in nuclear and other radioactive materials across international borders and through the global maritime shipping system.

  13. Administrator Highlights U.S.-Georgian Nuclear Security Cooperation in Tbilisi

    SciTech Connect

    Thomas D'Agostino

    2010-07-16

    NNSA Administrator Thomas D'Agostino highlighted the strong U.S.-Georgian cooperation on nuclear security issues during a day-long visit to the Republic of Georgia in mid-June. He briefed the media at availability at the Tbilisi airport. In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." In order to meet that challenge, the President's FY2011 Budget Request includes close to $2.7 billion for the National Nuclear Security Administration's Defense Nuclear Nonproliferation program -- an increase of 25.7 percent over FY2010. Included in that request is NNSA's Second Line of Defense (SLD) program, which works around the world to strengthen the capability of foreign governments to deter, detect, and interdict illicit trafficking in nuclear and other radioactive materials across international borders and through the global maritime shipping system.

  14. Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

    NASA Technical Reports Server (NTRS)

    Takamura, Eduardo; Mangum, Kevin

    2016-01-01

    The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

  15. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.25 Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while... Information and/or Restricted Data depending upon the matter authorized to be stored in the security...

  16. Energy Information Administration New Releases, July--August 1990

    SciTech Connect

    Jacobus, P.; Springer, I.

    1990-09-01

    New Releases'' is Energy Information Administration's news letter, which reports its activities, publications, and machine-readable data files and modeling programs. For each publication or report, an abstract, subscription price, availability, and other bibliographical information are included. It covers crude oil, natural gas, and natural gas liquids reserves, coal, electricity, nuclear fuel, renewable energy and conservation, and petroleum. Order forms are also provided.

  17. A security architecture for interconnecting health information systems.

    PubMed

    Gritzalis, Dimitris; Lambrinoudakis, Costas

    2004-03-31

    Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

  18. Homeland security: sharing and managing critical incident information

    NASA Astrophysics Data System (ADS)

    Ashley, W. R., III

    2003-09-01

    Effective critical incident response for homeland security requires access to real-time information from many organizations. Command and control, as well as basic situational awareness, are all dependant on quickly communicating a dynamically changing picture to a variety of decision makers. For the most part, critical information management is not unfamiliar or new to the public safety community. However, new challenges present themselves when that information needs to be seamlessly shared across multiple organizations at the local, state and federal level in real-time. The homeland security problem does not lend itself to the traditional military joint forces planning model where activities shift from a deliberate planning process to a crisis action planning process. Rather, the homeland security problem is more similar to a traditional public safety model where the current activity state moves from complete inactivity or low-level attention to immediate crisis action planning. More often than not the escalation occurs with no warning or baseline information. This paper addresses the challenges of sharing critical incident information and the impacts new technologies will have on this problem. The value of current and proposed approaches will be critiqued for operational value and areas will be identified for further development.

  19. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency. PMID:26084587

  20. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

  1. Individual social security accounts: issues in assessing administrative feasibility and costs.

    PubMed

    Olsen, K A; Salisbury, D L

    1998-11-01

    Whether to add individual accounts (IAs) to the Social Security system is a highly political issue. But almost lost in the debate so far have been any practical considerations about how to administer such accounts. Any discussion of whether to create individual accounts must also address the basic but critical questions of how they would work: Who would run them? What would they cost? Logistically, are they even possible? This EBRI Issue Brief provides an overview of the most salient administrative issues facing the current Social Security reform debate--issues that challenge proponents to carefully think through how their proposals could be implemented so as to achieve their policy goals. The options and difficulties in administering IAs raise concerns that cut across ideology. The object of this report is neither to dissuade the advocates nor support the critics of individual accounts. Rather, it is to bring practical considerations to a political debate that has largely ignored the pragmatic challenges of whether IAs would be too complex for participants to understand or too difficult for record keepers to administer. The major findings in this analysis include: Adding individual accounts to Social Security could be the largest undertaking in the history of the U.S. financial market, and no system to date has the capacity to administer such a system. The number of workers currently covered by Social Security--the largest single entitlement program in the nation--is at least four times higher than the combined number of all tax-favored employment-based retirement accounts in the United States, which are administered by hundreds of entities. Direct comparisons between employment-based retirement savings plans and Social Security reform are tenuous at best. Social Security covers workers and businesses that are disproportionately excluded from employment-based plans. Because of these differences, a system of individual Social Security accounts would be more

  2. Employee Retirement Income Security Act of 1974: rules and regulations for administration and enforcement; claims procedure. Pension and Welfare Benefits Administration, Labor. Final regulation.

    PubMed

    2000-11-21

    This document contains a final regulation revising the minimum requirements for benefit claims procedures of employee benefit plans covered by Title I of the Employee Retirement Income Security Act of 1974 (ERISA or the Act). The regulation establishes new standards for the processing of claims under group health plans and plans providing disability benefits and further clarifies existing standards for all other employee benefit plans. The new standards are intended to ensure more timely benefit determinations, to improve access to information on which a benefit determination is made, and to assure that participants and beneficiaries will be afforded a full and fair review of denied claims. When effective, the regulation will affect participants and beneficiaries of employee benefit plans, employers who sponsor employee benefit plans, plan fiduciaries, and others who assist in the provision of plan benefits, such as third-party benefits administrators and health service providers or health maintenance organizations that provide benefits to participants and beneficiaries of employee benefit plans.

  3. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200...

  4. Administrative Information Systems Plan, FY91--FY95

    SciTech Connect

    Detry, R.J.; Pitts, L.H.

    1991-01-01

    In FY90 important milestones from past Administrative Information Systems (AIS) plans were realized. The first phase of the Payroll migration was implemented early in the year. This event signified the completion of a major migration milestone and the transition of the Laboratory Information Systems (LIS) machine to a production environment. The Access Clearance System (A CS) system and several early deliverables from other migration projects were also implemented during the year. FY91 promises to be another challenging year for those involved with administrative information systems. Aggressive schedules are in effect for the migration projects; the Financial Migration, Human Resources (HR) Migration, and Integrated Procurement System Replacement (IPS/R) efforts will deliver major system components this year. The administrative computing consolidation is underway and will be completed early in FY91. Consolidating computing hardware resources will provide adequate resources and better systems support for the entire AIS community. 8 figs.

  5. Future of security and privacy in medical information.

    PubMed

    Wiederhold, Gio

    2002-01-01

    Today, issues of privacy and confidentiality in healthcare are dealt largely informally. Little legislation exists, and the awkwardness of accessing paper records makes violations of patients' privacy sporadic. As healthcare institutions move towards a future where all information is kept in an Electronic Medical Record (EMR), the casual attitudes that are prevalent will be in conflict with the desires and expectations of the patients. Legislation has been passed to make the holders of medical data responsible for securely protecting the patients privacy. Specific implementation guidelines are still lacking. There is much institutional resistance to the adoption of rigorous rules, but we expect that in the near future reliable procedures will have to be implemented to comply both with legal guidelines and patient's expectations. After introducing the issue more precisely we provide an overview over the concepts needed to understand the roles of technology of privacy and security and the people that must manage the technology. We then discuss the components of secure EMR systems and will point out where adequate technology exists and where future improvements are essential. We conclude with some advice to healthcare management facing the demands for security and privacy that the future will bring.

  6. Informal Workers in Thailand: Occupational Health and Social Security Disparities.

    PubMed

    Kongtip, Pornpimol; Nankongnab, Noppanun; Chaikittiporn, Chalermchai; Laohaudomchok, Wisanti; Woskie, Susan; Slatin, Craig

    2015-08-01

    Informal workers in Thailand lack employee status as defined under the Labor Protection Act (LPA). Typically, they do not work at an employer's premise; they work at home and may be self-employed or temporary workers. They account for 62.6 percent of the Thai workforce and have a workplace accident rate ten times higher than formal workers. Most Thai Labor laws apply only to formal workers, but some protect informal workers in the domestic, home work, and agricultural sectors. Laws that protect informal workers lack practical enforcement mechanisms and are generally ineffective because informal workers lack employment contracts and awareness of their legal rights. Thai social security laws fail to provide informal workers with treatment of work-related accidents, diseases, and injuries; unemployment and retirement insurance; and workers' compensation. The article summarizes the differences in protections available for formal and informal sector workers and measures needed to decrease these disparities in coverage. PMID:25995374

  7. Informal Workers in Thailand: Occupational Health and Social Security Disparities.

    PubMed

    Kongtip, Pornpimol; Nankongnab, Noppanun; Chaikittiporn, Chalermchai; Laohaudomchok, Wisanti; Woskie, Susan; Slatin, Craig

    2015-08-01

    Informal workers in Thailand lack employee status as defined under the Labor Protection Act (LPA). Typically, they do not work at an employer's premise; they work at home and may be self-employed or temporary workers. They account for 62.6 percent of the Thai workforce and have a workplace accident rate ten times higher than formal workers. Most Thai Labor laws apply only to formal workers, but some protect informal workers in the domestic, home work, and agricultural sectors. Laws that protect informal workers lack practical enforcement mechanisms and are generally ineffective because informal workers lack employment contracts and awareness of their legal rights. Thai social security laws fail to provide informal workers with treatment of work-related accidents, diseases, and injuries; unemployment and retirement insurance; and workers' compensation. The article summarizes the differences in protections available for formal and informal sector workers and measures needed to decrease these disparities in coverage.

  8. 75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-02

    ... comply with FISMA, NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal... security standards. NIST SP 800-100, Information Security Handbook: A Guide for Managers, also provides overview information for developing a security plan. NIST currently makes available over 30...

  9. Information Security Awareness On-Line Materials Design with Knowledge Maps

    ERIC Educational Resources Information Center

    Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

    2011-01-01

    Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

  10. Secure authentication system that generates seed from biometric information.

    PubMed

    Kim, Yeojin; Ahn, Jung-Ho; Byun, Hyeran

    2005-02-10

    As biometric recognition techniques are gradually improved, the stability of biometric authentication systems are enhanced. Although bioinformation has properties that make it resistant to fraud, biometric authentication systems are not immune to hacking. We show a secure biometric authentication system (1) to guarantee the integrity of biometric information by mixing data by use of a biometric key and (2) to raise recognition rates by use of bimodal biometrics. PMID:15751854

  11. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data....

  12. Exploring security and privacy issues in hospital information system: an Information Boundary Theory perspective.

    PubMed

    Zakaria, Nasriah; Stanton, Jeffrey; Stam, Kathryn

    2003-01-01

    A small community hospital (67 beds) in Central New York was undergoing a major technological change within the organization, as they move from the use of several legacy information systems to a hospital-wide information system. The focus of the present research is to explore the privacy and security information issues using a framework called Information Boundary Theory [Stanton, 2002]. IBT explains the motivational factors that lead to the revelation or disclosing of information.

  13. 77 FR 5020 - General Services Administration Acquisition Regulation; Information Collection; GSA Form 527...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-02-01

    ... ADMINISTRATION General Services Administration Acquisition Regulation; Information Collection; GSA Form 527... and Financial Information'' on your attached document. Fax: (202) 501-4067. Mail: General Services... provided. SUPPLEMENTARY INFORMATION: A. Purpose The General Services Administration will be requesting...

  14. Security core to the edge: securing critical information through enhanced Cross Domain Systems (CDS) to the tactical edge

    NASA Astrophysics Data System (ADS)

    Farroha, Bassam S.; Farroha, Deborah L.; Whitfield, Melinda M.

    2010-04-01

    This paper analyzes secure data sharing outside its security domain with services, agencies, coalition partners and state/local authorities. There is a high demand for multiple levels of secure data at the tactical edge; however the threat level at that point is elevated compared to the enterprise environment. This paper investigates the requirements, technologies and risk mitigation techniques for securely sharing information with the tactical warfighter while protecting the data and the information systems from intruders and malware. The new CD Systems need to eliminate the stovepipe architectures and open the doors to share information across traditional and non-traditional domain boundaries.

  15. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage Credits for Veterans and Members of the Uniformed Services Effect of Other Benefits on Payment of...

  16. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage Credits for Veterans and Members of the Uniformed Services Effect of Other Benefits on Payment of...

  17. 20 CFR 655.665 - Notice to the Department of Homeland Security and the Employment and Training Administration.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 3 2011-04-01 2011-04-01 false Notice to the Department of Homeland Security... Activities in U.S. Ports § 655.665 Notice to the Department of Homeland Security and the Employment and... AND TRAINING ADMINISTRATION, DEPARTMENT OF LABOR TEMPORARY EMPLOYMENT OF FOREIGN WORKERS IN THE...

  18. 20 CFR 655.665 - Notice to the Department of Homeland Security and the Employment and Training Administration.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 3 2014-04-01 2014-04-01 false Notice to the Department of Homeland Security... Activities in U.S. Ports § 655.665 Notice to the Department of Homeland Security and the Employment and... AND TRAINING ADMINISTRATION, DEPARTMENT OF LABOR TEMPORARY EMPLOYMENT OF FOREIGN WORKERS IN THE...

  19. 20 CFR 655.665 - Notice to the Department of Homeland Security and the Employment and Training Administration.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Notice to the Department of Homeland Security... Activities in U.S. Ports § 655.665 Notice to the Department of Homeland Security and the Employment and... AND TRAINING ADMINISTRATION, DEPARTMENT OF LABOR TEMPORARY EMPLOYMENT OF FOREIGN WORKERS IN THE...

  20. 20 CFR 655.665 - Notice to the Department of Homeland Security and the Employment and Training Administration.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 3 2013-04-01 2013-04-01 false Notice to the Department of Homeland Security... Activities in U.S. Ports § 655.665 Notice to the Department of Homeland Security and the Employment and... AND TRAINING ADMINISTRATION, DEPARTMENT OF LABOR TEMPORARY EMPLOYMENT OF FOREIGN WORKERS IN THE...

  1. 20 CFR 655.665 - Notice to the Department of Homeland Security and the Employment and Training Administration.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 3 2012-04-01 2012-04-01 false Notice to the Department of Homeland Security... Activities in U.S. Ports § 655.665 Notice to the Department of Homeland Security and the Employment and... AND TRAINING ADMINISTRATION, DEPARTMENT OF LABOR TEMPORARY EMPLOYMENT OF FOREIGN WORKERS IN THE...

  2. Virtualization in education: Information Security lab in your hands

    NASA Astrophysics Data System (ADS)

    Karlov, A. A.

    2016-09-01

    The growing demand for qualified specialists in advanced information technologies poses serious challenges to the education and training of young personnel for science, industry and social problems. Virtualization as a way to isolate the user from the physical characteristics of computing resources (processors, servers, operating systems, networks, applications, etc.), has, in particular, an enormous influence in the field of education, increasing its efficiency, reducing the cost, making it more widely and readily available. The study of Information Security of computer systems is considered as an example of use of virtualization in education.

  3. Resistance and Security Index of Networks: Structural Information Perspective of Network Security.

    PubMed

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-01-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks. PMID:27255783

  4. Resistance and Security Index of Networks: Structural Information Perspective of Network Security

    PubMed Central

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-01-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks. PMID:27255783

  5. Resistance and Security Index of Networks: Structural Information Perspective of Network Security.

    PubMed

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-03

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  6. Resistance and Security Index of Networks: Structural Information Perspective of Network Security

    NASA Astrophysics Data System (ADS)

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  7. The systems approach to airport security: The FAA (Federal Aviation Administration)/BWI (Baltimore-Washington International) Airport demonstration project

    SciTech Connect

    Caskey, D.L.; Olascoaga, M.T.

    1990-01-01

    Sandia National Laboratories has been involved in designing, installing and evaluating security systems for various applications during the past 15 years. A systems approach to security that evolved from this experience was applied to aviation security for the Federal Aviation Administration. A general systems study of aviation security in the United States was concluded in 1987. One result of the study was a recommendation that an enhanced security system concept designed to meet specified objectives be demonstrated at an operational airport. Baltimore-Washington International Airport was selected as the site for the demonstration project which began in 1988 and will be completed in 1992. This article introduced the systems approach to airport security and discussed its application at Baltimore-Washington International Airport. Examples of design features that could be included in an enhanced security concept also were presented, including details of the proposed Ramps Area Intrusion Detection System (RAIDS).

  8. Statistical process control based chart for information systems security

    NASA Astrophysics Data System (ADS)

    Khan, Mansoor S.; Cui, Lirong

    2015-07-01

    Intrusion detection systems have a highly significant role in securing computer networks and information systems. To assure the reliability and quality of computer networks and information systems, it is highly desirable to develop techniques that detect intrusions into information systems. We put forward the concept of statistical process control (SPC) in computer networks and information systems intrusions. In this article we propose exponentially weighted moving average (EWMA) type quality monitoring scheme. Our proposed scheme has only one parameter which differentiates it from the past versions. We construct the control limits for the proposed scheme and investigate their effectiveness. We provide an industrial example for the sake of clarity for practitioner. We give comparison of the proposed scheme with EWMA schemes and p chart; finally we provide some recommendations for the future work.

  9. Secure Information Exchange Gateway for Electric Grid Operations

    SciTech Connect

    Robertson, F. Russell; Carroll, J. Ritchie; Sanders, William; Yardley, Timothy; Heine, Erich; Hadley, Mark; McKinnon, David; Motteler, Barbara; Giri, Jay; Walker, William; McCartha, Esrick

    2014-09-30

    The major objectives of the SIEGate project were to improve the security posture and minimize the cyber-attack surface of electric utility control centers and to reduce the cost of maintaining control-room-to-control-room information exchange. Major project goals included the design, development, testing, and commercialization of a single security-hardened appliance that could meet industry needs for resisting cyber-attacks while protecting the confidentiality and integrity of a growing volume of real-time information needed to ensure the reliability of the bulk electric system and interoperating with existing data formats and networking technologies. The SIEGate project has achieved its goals and objectives. The SIEGate Design Document, issued in March 2012, presented SIEGate use cases, provided SIEGate requirements, established SIEGate design principles, and prescribed design functionality of SIEGate as well as the components that make up SIEGate. SIEGate Release Version 1.0 was posted in January 2014. Release Version 1.0.83, which was posted on March 28, 2014, fixed many issues discovered by early adopters and added several new features. Release Candidate 1.1, which added additional improvements and bug fixes, was posted in June 2014. SIEGate executables have been downloaded more than 300 times. SIEGate has been tested at PJM, Entergy, TVA, and Southern. Security testing and analysis of SIEGate has been conducted at PNNL and PJM. Alstom has provided a summary of recommended steps for commercialization of the SIEGate Appliance and identified two deployment models with immediate commercial application.

  10. 49 CFR 1580.201 - Rail security coordinator.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY MARITIME AND LAND TRANSPORTATION SECURITY RAIL TRANSPORTATION... any of this information changes. (e) Each passenger railroad carrier and rail transit system...

  11. Facial Recognition in Uncontrolled Conditions for Information Security

    NASA Astrophysics Data System (ADS)

    Xiao, Qinghan; Yang, Xue-Dong

    2010-12-01

    With the increasing use of computers nowadays, information security is becoming an important issue for private companies and government organizations. Various security technologies have been developed, such as authentication, authorization, and auditing. However, once a user logs on, it is assumed that the system would be controlled by the same person. To address this flaw, we developed a demonstration system that uses facial recognition technology to periodically verify the identity of the user. If the authenticated user's face disappears, the system automatically performs a log-off or screen-lock operation. This paper presents our further efforts in developing image preprocessing algorithms and dealing with angled facial images. The objective is to improve the accuracy of facial recognition under uncontrolled conditions. To compare the results with others, the frontal pose subset of the Face Recognition Technology (FERET) database was used for the test. The experiments showed that the proposed algorithms provided promising results.

  12. Secure Retrieval of FFTF Testing, Design, and Operating Information

    SciTech Connect

    Butner, R. Scott; Wootan, David W.; Omberg, Ronald P.; Makenas, Bruce J.; Nielsen, Deborah

    2009-10-01

    One of the goals of the Advanced Fuel Cycle Initiative (AFCI) is to preserve the knowledge that has been gained in the United States on Liquid Metal Reactors (LMR). In addition, preserving LMR information and knowledge is part of a larger international collaborative activity conducted under the auspices of the International Atomic Energy Agency (IAEA). A similar program is being conducted for EBR-II at the Idaho Nuclear Laboratory (INL) and international programs are also in progress. Knowledge preservation at the FFTF is focused on the areas of design, construction, startup, and operation of the reactor. As the primary function of the FFTF was testing, the focus is also on preserving information obtained from irradiation testing of fuels and materials. This information will be invaluable when, at a later date, international decisions are made to pursue new LMRs. In the interim, this information may be of potential use for international exchanges with other LMR programs around the world. At least as important in the United States, which is emphasizing large-scale computer simulation and modeling, this information provides the basis for creating benchmarks for validating and testing these large scale computer programs. Although the preservation activity with respect to FFTF information as discussed below is still underway, the team of authors above is currently retrieving and providing experimental and design information to the LMR modeling and simulation efforts for use in validating their computer models. On the Hanford Site, the FFTF reactor plant is one of the facilities intended for decontamination and decommissioning consistent with the cleanup mission on this site. The reactor facility has been deactivated and is being maintained in a cold and dark minimal surveillance and maintenance mode until final decommissioning is pursued. In order to ensure protection of information at risk, the program to date has focused on sequestering and secure retrieval

  13. 78 FR 55274 - Privacy Act of 1974; Department of Homeland Security/Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... screening at participating U.S. airport security checkpoints. Additionally, the Department of Homeland... ineligible for the program will continue to be screened at airport security checkpoints according to TSA... screening at airport security checkpoints. The Program retains a component of randomness to maintain...

  14. Mortality Measurement at Advanced Ages: A Study of the Social Security Administration Death Master File

    PubMed Central

    Gavrilov, Leonid A.; Gavrilova, Natalia S.

    2011-01-01

    Accurate estimates of mortality at advanced ages are essential to improving forecasts of mortality and the population size of the oldest old age group. However, estimation of hazard rates at extremely old ages poses serious challenges to researchers: (1) The observed mortality deceleration may be at least partially an artifact of mixing different birth cohorts with different mortality (heterogeneity effect); (2) standard assumptions of hazard rate estimates may be invalid when risk of death is extremely high at old ages and (3) ages of very old people may be exaggerated. One way of obtaining estimates of mortality at extreme ages is to pool together international records of persons surviving to extreme ages with subsequent efforts of strict age validation. This approach helps researchers to resolve the third of the above-mentioned problems but does not resolve the first two problems because of inevitable data heterogeneity when data for people belonging to different birth cohorts and countries are pooled together. In this paper we propose an alternative approach, which gives an opportunity to resolve the first two problems by compiling data for more homogeneous single-year birth cohorts with hazard rates measured at narrow (monthly) age intervals. Possible ways of resolving the third problem of hazard rate estimation are elaborated. This approach is based on data from the Social Security Administration Death Master File (DMF). Some birth cohorts covered by DMF could be studied by the method of extinct generations. Availability of month of birth and month of death information provides a unique opportunity to obtain hazard rate estimates for every month of age. Study of several single-year extinct birth cohorts shows that mortality trajectory at advanced ages follows the Gompertz law up to the ages 102–105 years without a noticeable deceleration. Earlier reports of mortality deceleration (deviation of mortality from the Gompertz law) at ages below 100 appear to be

  15. 76 FR 4362 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-25

    ... Information Collection Request (ICR). OMB Control Number: 1652-0040. Form(s): Aviation Security Known Shipper..., Aviation Security Known Shipper Verification Form. Affected Public: The collections of information that... using the Aviation Security Known Shipper Verification Form and subsequently enter that information...

  16. 10 CFR 2.911 - Admissibility of restricted data or other national security information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data... Restricted Data or other National Security Information to the issues in the preceeding, and its...

  17. 10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice... Restricted Data or National Security Information into the proceeding, it will file a notice of intent...

  18. 32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Information Security Oversight Office. 2400.19 Section 2400.19 National Defense Other Regulations Relating to... SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19 Declassification by the Director of the Information Security Oversight Office. If the Director of the...

  19. 32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Information Security Oversight Office. 2400.19 Section 2400.19 National Defense Other Regulations Relating to... SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19 Declassification by the Director of the Information Security Oversight Office. If the Director of the...

  20. Exploring Factors that Influence Students' Behaviors in Information Security

    ERIC Educational Resources Information Center

    Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

    2012-01-01

    Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept…

  1. Incorporating Global Information Security and Assurance in I.S. Education

    ERIC Educational Resources Information Center

    White, Garry L.; Hewitt, Barbara; Kruck, S. E.

    2013-01-01

    Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

  2. Information Security: A Scientometric Study of the Profile, Structure, and Dynamics of an Emerging Scholarly Specialty

    ERIC Educational Resources Information Center

    Olijnyk, Nicholas Victor

    2014-01-01

    The central aim of the current research is to explore and describe the profile, dynamics, and structure of the information security specialty. This study's objectives are guided by four research questions: 1. What are the salient features of information security as a specialty? 2. How has the information security specialty emerged and evolved from…

  3. Development of Information Security-Focused Incident Prevention Measures for Critical Information Infrastructure in Japan

    NASA Astrophysics Data System (ADS)

    Kobayashi, Hideaki; Watanabe, Kenji; Watanabe, Takahito; Nagayasu, Yukinobu

    In recent years, the dilemma of cyber attacks by malicious third parties targeting security vulnerabilities in information and communication systems has emerged, resulting in security incidents. This situation suggests that the establishment of proactive efforts and recurrence prevention measures are becoming imperative, especially in critical infrastructure sectors.This paper provides an analysis of 58 security incident cases, which occurred in critical infrastructures worldwide and were published in media. The purpose of the analysis is to conclude to a valid list of recurrence prevention measures that constitute good practices.

  4. Controlled information destruction: the final frontier in preserving information security for every organisation

    NASA Astrophysics Data System (ADS)

    Curiac, Daniel-Ioan; Pachia, Mihai

    2015-05-01

    Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

  5. A secure and efficiently searchable health information architecture.

    PubMed

    Yasnoff, William A

    2016-06-01

    Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person's record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed. PMID:27109933

  6. Fast massive preventive security and information communication systems

    NASA Astrophysics Data System (ADS)

    Akopian, David; Chen, Philip; Miryakar, Susheel; Kumar, Abhinav

    2008-04-01

    We present a fast massive information communication system for data collection from distributive sources such as cell phone users. As a very important application one can mention preventive notification systems when timely notification and evidence communication may help to improve safety and security through wide public involvement by ensuring easy-to-access and easy-to-communicate information systems. The technology significantly simplifies the response to the events and will help e.g. special agencies to gather crucial information in time and respond as quickly as possible. Cellular phones are nowadays affordable for most of the residents and became a common personal accessory. The paper describes several ways to design such systems including existing internet access capabilities of cell phones or downloadable specialized software. We provide examples of such designs. The main idea is in structuring information in predetermined way and communicating data through a centralized gate-server which will automatically process information and forward it to a proper destination. The gate-server eliminates a need in knowing contact data and specific local community infrastructure. All the cell phones will have self-localizing capability according to FCC E911 mandate, thus the communicated information can be further tagged automatically by location and time information.

  7. 17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Registration of securities information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND...

  8. Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

    ERIC Educational Resources Information Center

    Edwards, Gregory

    2011-01-01

    Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

  9. Laboratory Information Management System Chain of Custody: Reliability and Security

    PubMed Central

    Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

    2006-01-01

    A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623

  10. 77 FR 66466 - General Services Administration Regulation; Information Collection; Packing List Clause

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-05

    ... From the Federal Register Online via the Government Publishing Office GENERAL SERVICES ADMINISTRATION General Services Administration Regulation; Information Collection; Packing List Clause AGENCY... information collection documents from the General Services Administration, Regulatory Secretariat (MVCB),...

  11. Energy Information Administration (EIA) new releases, January--February 1994

    SciTech Connect

    1994-03-01

    This report is the Jan-Feb 1994 issue of the Energy Information Administration (EIA) New Releases publication. Highlighted articles include: efficiency gains slow growth in U.S. energy demand, dependency on oil imports continues to climb; new EIA report details status of U.S. coal industry; EIA assesses residential vehicle fuel consumption in the U.S.; EIA plans new survey on alternative-fuel vehicles.

  12. "Glitch Logic" and Applications to Computing and Information Security

    NASA Technical Reports Server (NTRS)

    Stoica, Adrian; Katkoori, Srinivas

    2009-01-01

    This paper introduces a new method of information processing in digital systems, and discusses its potential benefits to computing and information security. The new method exploits glitches caused by delays in logic circuits for carrying and processing information. Glitch processing is hidden to conventional logic analyses and undetectable by traditional reverse engineering techniques. It enables the creation of new logic design methods that allow for an additional controllable "glitch logic" processing layer embedded into a conventional synchronous digital circuits as a hidden/covert information flow channel. The combination of synchronous logic with specific glitch logic design acting as an additional computing channel reduces the number of equivalent logic designs resulting from synthesis, thus implicitly reducing the possibility of modification and/or tampering with the design. The hidden information channel produced by the glitch logic can be used: 1) for covert computing/communication, 2) to prevent reverse engineering, tampering, and alteration of design, and 3) to act as a channel for information infiltration/exfiltration and propagation of viruses/spyware/Trojan horses.

  13. 76 FR 11835 - Agency Information Collection Activities: Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-03

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA... . (SSA) Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1333 Annex Building,...

  14. 77 FR 27264 - Agency Information Collection Activities: Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-09

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA... . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Officer, 107 Altmeyer...

  15. 78 FR 56264 - Agency Information Collection Activities: Comment Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-12

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA....gov . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

  16. 78 FR 26843 - Agency Information Collection Activities; Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-08

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request The Social Security Administration (SSA... . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer...

  17. 78 FR 65745 - Agency Information Collection Activities: Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA... ; (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer...

  18. 77 FR 62592 - Agency Information Collection Activities: Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-15

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA... . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer...

  19. 78 FR 59411 - Agency Information Collection Activities: Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-26

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA... . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107 Altmeyer...

  20. 76 FR 74838 - Agency Information Collection Activities: Proposed Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA....eop.gov . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Officer, 107...

  1. 77 FR 4857 - Agency Information Collection Activities: Comment Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-31

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA....eop.gov . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Officer, 107...

  2. 76 FR 12208 - Agency Information Collection Activities: Comment Request

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-04

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA..._Submission@omb.eop.gov (SSA) Social Security Administration, DCBFM, Attn: Reports Clearance Officer,...

  3. Design of a RESTful web information system for drug prescription and administration.

    PubMed

    Bianchi, Lorenzo; Paganelli, Federica; Pettenati, Maria Chiara; Turchi, Stefano; Ciofi, Lucia; Iadanza, Ernesto; Giuli, Dino

    2014-05-01

    Drug prescription and administration processes strongly impact on the occurrence of risks in medical settings for they can be sources of adverse drug events (ADEs). A properly engineered use of information and communication technologies has proven to be a promising approach to reduce these risks. In this study, we propose PHARMA, a web information system which supports healthcare staff in the secure cooperative execution of drug prescription, transcription and registration tasks. PHARMA allows the easy sharing and management of documents containing drug-related information (i.e., drug prescriptions, medical reports, screening), which is often inconsistent and scattered across different information systems and heterogeneous organization domains (e.g., departments, other hospital facilities). PHARMA enables users to access such information in a consistent and secure way, through the adoption of REST and web-oriented design paradigms and protocols. We describe the implementation of the PHARMA prototype, and we discuss the results of the usability evaluation that we carried out with the staff of a hospital in Florence, Italy.

  4. Resilience to Leaking — Dynamic Systems Modeling of Information Security

    PubMed Central

    Hamacher, Kay

    2012-01-01

    Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack ‘unjust’ systems or ‘conspiracies’. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for ‘just’ and ‘unjust’ entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the ‘conspiracy’). In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean’ in direct adversary relations, but do not necessarily increase public benefit and societal immunization to ‘conspiracies’. Furthermore, within the model the exploitation of the (open) competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here. PMID:23227151

  5. Resilience to leaking--dynamic systems modeling of information security.

    PubMed

    Hamacher, Kay

    2012-01-01

    Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack 'unjust' systems or 'conspiracies'. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for 'just' and 'unjust' entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the 'conspiracy'). In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean' in direct adversary relations, but do not necessarily increase public benefit and societal immunization to 'conspiracies'. Furthermore, within the model the exploitation of the (open) competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here. PMID:23227151

  6. Information security governance: a risk assessment approach to health information systems protection.

    PubMed

    Williams, Patricia A H

    2013-01-01

    It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

  7. Information security governance: a risk assessment approach to health information systems protection.

    PubMed

    Williams, Patricia A H

    2013-01-01

    It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed. PMID:24018517

  8. National Nuclear Security Administration Nonproliferation Graduate Fellowship Program Annual Report in Brief: October 2007 - May 2008

    SciTech Connect

    Berkman, Clarissa O.; Fankhauser, Jana G.; Sandusky, Jessica A.

    2009-05-01

    This abbreviated Annual Report covers program activities of the National Nuclear Security Administration (NNSA) Nonproliferation Graduate Fellowship Program (NGFP) from October 2007 through May 2008--the timeframe between the last Annual Report (which covered activities through September 2007) and the next report (which will begin with June 2008 activities). In that timeframe, the NGFP continued building a solid foundation as the program began reaping the benefits of recently implemented changes. This report is organized by Fellowship class and the pertinent program activities for each, including: October 2007 Recruiting events and final applications (Class of 2008) Winter 2007 Selection and hiring (Class of 2008) Spring 2008 Career development roundtables (Class of 2007) Orientation planning (Class of 2008) Recruitment planning and university outreach (Class of 2009) May 2008 Closing ceremony (Class of 2007)

  9. 10 CFR 2.903 - Protection of restricted data and national security information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data...

  10. 10 CFR 2.903 - Protection of restricted data and national security information.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Protection of restricted data and national security... Special Procedures Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing...

  11. 10 CFR 2.903 - Protection of restricted data and national security information.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Protection of restricted data and national security... Special Procedures Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing...

  12. 10 CFR 2.903 - Protection of restricted data and national security information.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data...

  13. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 44 Emergency Management and Assistance 1 2012-10-01 2011-10-01 true Senior FEMA official responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION §...

  14. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Senior FEMA official responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION §...

  15. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 44 Emergency Management and Assistance 1 2011-10-01 2011-10-01 false Senior FEMA official responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION §...

  16. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 44 Emergency Management and Assistance 1 2013-10-01 2013-10-01 false Senior FEMA official responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION §...

  17. 78 FR 25254 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-30

    ... changing reporting categories, and --Update of NIST Computer Security Division. Note that agenda items may... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, June 12,...

  18. 78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-02

    ..., --Legislative Updates, and --Update of NIST Computer Security Division. Note that agenda items may change... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, February...

  19. Security for the digital information age of medicine: issues, applications, and implementation

    NASA Astrophysics Data System (ADS)

    Epstein, Michael A.; Pasieka, Michael S.; Lord, William P.; Wong, Stephen T. C.; Mankovich, Nicholas J.

    1997-05-01

    Privacy and integrity of medical records is expected by patients. This privacy and integrity is often mandated by regulations. Traditionally, the security of medical records has been based on physical lock and key. As the storage of patient record information shifts from paper to digital, new security concerns arise. Digital cryptographic methods provide solutions to many of these new concerns. In this paper we overview new security concerns, new legislation mandating secure medical records and solutions providing security.

  20. Security for the digital information age of medicine: issues, applications, and implementation.

    PubMed

    Epstein, M A; Pasieka, M S; Lord, W P; Wong, S T; Mankovich, N J

    1998-02-01

    Privacy and integrity of medical records is expected by patients. This privacy and integrity is often mandated by regulations. Traditionally, the security of medical records has been based on physical lock and key. As the storage of patient record information shifts from paper to digital, new security concerns arise. Digital cryptographic methods provide solutions to many of these new concerns. In this article we give an overview of new security concerns, new legislation mandating secure medical records and solutions providing security.

  1. Security for the digital information age of medicine: issues, applications, and implementation.

    PubMed

    Epstein, M A; Pasieka, M S; Lord, W P; Mankovich, N J

    1997-08-01

    Privacy and integrity of medical records is expected by patients. This privacy and integrity is often mandated by regulations. Traditionally, the security of medical records has been based on physical lock and key. As the storage of patient record information shifts from paper to digital, we find new security concerns. Digital cryptographic methods provide solutions to many of these new concerns. In this paper we discuss the new security concerns, new legislation mandating secure medical records, and solutions providing this security.

  2. Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

    NASA Technical Reports Server (NTRS)

    Tompkins, F. G.

    1983-01-01

    The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

  3. 28 CFR 14.4 - Administrative claims; evidence and information to be submitted.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Administrative claims; evidence and information to be submitted. 14.4 Section 14.4 Judicial Administration DEPARTMENT OF JUSTICE ADMINISTRATIVE CLAIMS UNDER FEDERAL TORT CLAIMS ACT § 14.4 Administrative claims; evidence and information to be submitted. (a) Death. In support of a claim...

  4. 78 FR 46594 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-01

    ... May 30, 2013, 78 FR 32416. The collection involves surveying travelers to measure customer... OMB Review: Aviation Security Customer Satisfaction Performance Measurement Passenger Survey AGENCY.... Information Collection Requirement Title: Aviation Security Customer Satisfaction Performance...

  5. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ..., Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS... security control testing and evaluation. (d) Personal identity verification. The Contractor shall...

  6. 78 FR 37244 - Submission for Review: We Need Important Information About Your Eligibility for Social Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-20

    ... MANAGEMENT Submission for Review: We Need Important Information About Your Eligibility for Social Security... currently approved information collection request (ICR) 3206-0216, We Need Important Information About Your... Important Information About Your Eligibility for Social Security Disability Benefits. OMB Number:...

  7. Reviewing and reforming policy in health enterprise information security

    NASA Astrophysics Data System (ADS)

    Sostrom, Kristen; Collmann, Jeff R.

    2001-08-01

    Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center, TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG), examined military policies and regulations relating to computer-based information systems and medical records management. Using a system of templates and matrices created for the purpose, P3WG identified gaps and discrepancies in DoD and service compliance with the proposed Health Insurance Portability and Accountability Act (HIPAA) Security Standard. P3WG represents an unprecedented attempt to coordinate policy review and revision across all military health services and the Office of Health Affairs. This method of policy reform can identify where changes need to be made to integrate health management policy and IT policy in to an organizational policy that will enable compliance with HIPAA standards. The process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains.

  8. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. PMID:27256131

  9. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source.

  10. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  11. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  12. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  13. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  14. Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

    NASA Technical Reports Server (NTRS)

    Tompkins, F. G.

    1983-01-01

    This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

  15. Network security system for health and medical information using smart IC card

    NASA Astrophysics Data System (ADS)

    Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

    1998-07-01

    A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

  16. Program Management at the National Nuclear Security Administration Office of Defense Nuclear Security: A Review of Program Management Documents and Underlying Processes

    SciTech Connect

    Madden, Michael S.

    2010-05-01

    The scope of this paper is to review the National Nuclear Security Administration Office of Defense Nuclear Security (DNS) program management documents and to examine the underlying processes. The purpose is to identify recommendations for improvement and to influence the rewrite of the DNS Program Management Plan (PMP) and the documentation supporting it. As a part of this process, over 40 documents required by DNS or its stakeholders were reviewed. In addition, approximately 12 other documents produced outside of DNS and its stakeholders were reviewed in an effort to identify best practices. The complete list of documents reviewed is provided as an attachment to this paper.

  17. Deployment of secure mobile agents for medical information systems.

    PubMed

    Chen, Tzer-Long; Chung, Yu-Fang; Lin, Frank Y S

    2012-08-01

    Changes in global population and demography, and advances in medicine have led to elderly population growth, creating aging societies from which elderly medical care has evolved. In addition, with the elderly susceptible to chronic diseases, this together with the changing lifestyles of young adults have not only pushed up patient numbers of chronic diseases, but also effected into younger patients. These problems have become the major focus for the health care industry. In response to patient demand and the huge shortage of medical resources, we propose remote healthcare medical information systems that combine patient physiological data acquisition equipment with real-time health care analyses. Since remote health care systems are structured around the Internet, in addition to considering the numerous public systems spread across insecure heterogeneous networks, compatibility among heterogeneous networks will also be another concern. To address the aforementioned issues, mobile agents are adopted. With a mobile agent's characteristics of easy adaptability to heterogeneity and autonomy, the problem of heterogeneous network environments can be tackled. To construct a hierarchical safe access control mechanism for monitoring and control of patient data in order to provide the most appropriate medical treatment, we also propose to use the Chinese Remainder Theorem and discrete logarithm to classify different levels of monitoring staff and hence, to grant permission and access according to their authorized levels. We expect the methods proposed can improve medical care quality and reduce medical resource wastage, while ensuring patient privacy. Finally, security analysis of the system is conducted by simulating a variety of typical attacks, from which it can be concluded that the constructed remote healthcare information system be secure. PMID:21526332

  18. Open information systems and data security in medicine.

    PubMed

    Blobel, B

    1996-01-01

    The realization of the German law for a new structure of health care delivery by the assurance of efficient structures and processes in hospitals calls for an optimal design of informational processes. To realize applications near to the users and just in time as well as to build up the complex functional relationships between departments and subsystems in big hospitals, a new design for Hospital Information Systems (HIS) is necessary. The features of modern HIS outlined in the paper can only be established by open systems, which guarantee portability, scalability and interoperability. This is also true in regionally distributed systems like the tumour register at Cancer Centres. In the paper the necessity and possibilities of open systems and different levels of application integration are discussed. The general statements are illustrated by practical realizations in the HIS of the Magdeburg University Hospital as well as in the tumour register at the Cancer Centre of Magdeburg/Sachsen-Anhalt. The creation of integrated structures for communications makes great demands on the assurance of data security and data protection, especially for the inclusion of external partners from the region. In the context of high sensitive data of cancer patients data protection is of top priority. The legal problems of data collection, data storage and exchange in medicine are discussed first. The paper presents some aspects of the concept for data security and data protection in the Magdeburg University HIS and of the related concept for data protection in the tumour register of the Cancer Centre Magdeburg/Sachsen-Anhalt. Appropriate steps of realization are demonstrated. The application of hardware based modern access control systems with integrated encryption of data follows. The statements are extended to the planned installation of hardware based network access control systems with integrated encryption of data in the LAN. PMID:10163732

  19. Deployment of secure mobile agents for medical information systems.

    PubMed

    Chen, Tzer-Long; Chung, Yu-Fang; Lin, Frank Y S

    2012-08-01

    Changes in global population and demography, and advances in medicine have led to elderly population growth, creating aging societies from which elderly medical care has evolved. In addition, with the elderly susceptible to chronic diseases, this together with the changing lifestyles of young adults have not only pushed up patient numbers of chronic diseases, but also effected into younger patients. These problems have become the major focus for the health care industry. In response to patient demand and the huge shortage of medical resources, we propose remote healthcare medical information systems that combine patient physiological data acquisition equipment with real-time health care analyses. Since remote health care systems are structured around the Internet, in addition to considering the numerous public systems spread across insecure heterogeneous networks, compatibility among heterogeneous networks will also be another concern. To address the aforementioned issues, mobile agents are adopted. With a mobile agent's characteristics of easy adaptability to heterogeneity and autonomy, the problem of heterogeneous network environments can be tackled. To construct a hierarchical safe access control mechanism for monitoring and control of patient data in order to provide the most appropriate medical treatment, we also propose to use the Chinese Remainder Theorem and discrete logarithm to classify different levels of monitoring staff and hence, to grant permission and access according to their authorized levels. We expect the methods proposed can improve medical care quality and reduce medical resource wastage, while ensuring patient privacy. Finally, security analysis of the system is conducted by simulating a variety of typical attacks, from which it can be concluded that the constructed remote healthcare information system be secure.

  20. Teleradiology mobile internet system with a new information security solution

    NASA Astrophysics Data System (ADS)

    Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kusumoto, Masahiko; Kaneko, Masahiro; Moriyama, Noriyuki

    2014-03-01

    We have developed an external storage system by using secret sharing scheme and tokenization for regional medical cooperation, PHR service and information preservation. The use of mobile devices such as smart phones and tablets will be accelerated for a PHR service, and the confidential medical information is exposed to the risk of damage and intercept. We verified the transfer rate of the sending and receiving of data to and from the external storage system that connected it with PACS by the Internet this time. External storage systems are the data centers that exist in Okinawa, in Osaka, in Sapporo and in Tokyo by using secret sharing scheme. PACS continuously transmitted 382 CT images to the external data centers. Total capacity of the CT images is about 200MB. The total time that had been required to transmit was about 250 seconds. Because the preservation method to use secret sharing scheme is applied, security is strong. But, it also takes the information transfer time of this system too much. Therefore, DICOM data is masked to the header information part because it is made to anonymity in our method. The DICOM data made anonymous is preserved in the data base in the hospital. Header information including individual information is divided into two or more tallies by secret sharing scheme, and preserved at two or more external data centers. The token to relate the DICOM data anonymity made to header information preserved outside is strictly preserved in the token server. The capacity of header information that contains patient's individual information is only about 2% of the entire DICOM data. This total time that had been required to transmit was about 5 seconds. Other, common solutions that can protect computer communication networks from attacks are classified as cryptographic techniques or authentication techniques. Individual number IC card is connected with electronic certification authority of web medical image conference system. Individual number IC

  1. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... area security plan prepared under 46 U.S.C. 70103; and (iv) Any security incident response plan... under 49 CFR 1542.303, 1544.305, 1548.19, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime...

  2. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... operator, or air cargo security program, or security contingency plan under this chapter; (ii) Any vessel... under 49 CFR 1542.303, 1544.305, 1548.19, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime...

  3. 76 FR 62818 - Extension of Agency Information Collection Activity Under OMB Review: Critical Facility...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-11

    ... operators on facility security policies, procedures, and physical security measures. Information obtained on... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Critical Facility Information of the Top 100 Most Critical Pipelines...

  4. 76 FR 64075 - Membership of the National Telecommunications and Information Administration's Performance Review...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-17

    .... Vincent, Associate Administrator for Telecom Sciences and Director Institute for Telecom Sciences, Career..., ITA, Career SES. Department of Commerce, National Telecommunications and Information Administration Leonard M. Bechtel, Chief Financial Officer and Director of Administration, Career SES, Chairperson,...

  5. 76 FR 66043 - Membership of the National Telecommunications and Information Administration's Performance Review...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-25

    .... Vincent, Associate Administrator for Telecom Sciences and Director Institute for Telecom Sciences, Career..., ITA, Career SES. Department of Commerce, National Telecommunications and Information Administration Fiona M. Alexander, Associate Administrator, Office of International Affairs, Career SES, (New...

  6. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007)...

  7. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information...

  8. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Information...

  9. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information...

  10. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  11. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007)...

  12. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations...

  13. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  14. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information...

  15. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  16. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007)...

  17. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations...

  18. 14 CFR § 1274.937 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... information technology resources. § 1274.937 Section § 1274.937 Aeronautics and Space NATIONAL AERONAUTICS... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  19. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007)...

  20. 48 CFR 1252.239-71 - Information technology security plan and accreditation.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information...

  1. 48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007)...

  2. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  3. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations...

  4. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information...

  5. Getting Employees Involved in Information Security: The Case of Strong Passwords

    ERIC Educational Resources Information Center

    Taylor, Richard G.

    2009-01-01

    With the increasing amount and severity of information security incidents, organizations are constantly looking for better ways to protect their information. The implementation of physical safeguards such as firewalls and intrusion detection systems is an integral part on an organization's overall information security; however these safeguards…

  6. Department of Veterans Affairs' Implementation of Information Security Education Assistance Program. GAO-10-170R

    ERIC Educational Resources Information Center

    Wilshusen, Gregory C.; Melvin, Valerie C.

    2009-01-01

    The Veterans Benefits, Health Care, and Information Technology Act of 2006 authorizes the Secretary of Veterans Affairs to establish an educational assistance program for information security. The Information Security Education Assistance Program is envisioned as a means for the Department of Veterans Affairs (VA) to attract and retain individuals…

  7. Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

    ERIC Educational Resources Information Center

    Mutchler, Leigh Ann

    2012-01-01

    The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

  8. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Reports to Social Security Administration of earnings; wages; net earnings from self-employment. 404.452 Section 404.452 Employees' Benefits SOCIAL... before the 15th day of the fourth month following the close of the taxable year; for example, April...

  9. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  10. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  11. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  12. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  13. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  14. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 3 2011-04-01 2011-04-01 false Application for security deposit...' COMPENSATION ACT AND RELATED STATUTES INSURANCE REGULATIONS Insurance Carrier Security Deposit Requirements § 703.203 Application for security deposit determination; information to be submitted;...

  15. 77 FR 3843 - Agency Information Collection (Procedures, and Security for Government Financing) Activities...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-25

    ... AFFAIRS Agency Information Collection (Procedures, and Security for Government Financing) Activities Under..., Security for Government Financing. OMB Control Number: 2900-0688. Type of Review: Extension of a currently.... b. VAAR 832.202-4, Security for Government Financing--10 hours. Estimated Average Burden...

  16. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    ERIC Educational Resources Information Center

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  17. Information Data Security Specialists' and Business Leaders' Experiences Regarding Communication Challenges

    ERIC Educational Resources Information Center

    Lopez, Robert H.

    2012-01-01

    The problem addressed was the need to maintain data security in the field of information technology. Specifically, the breakdown of communication between business leaders and data security specialists create risks to data security. The purpose of this qualitative phenomenological study was to determine which factors would improve communication…

  18. 76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-11

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to Federal computer systems. Details regarding... relating to computer security research, --Presentation on Access of Classified Information,...

  19. 77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-01

    ... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... NIST Computer Security Division. Note that agenda items may change without notice because of possible... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security...

  20. 78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-02

    ... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's..., --Update on Privacy and Civil Liberties Oversight Board (PCLOB), and --Update on NIST Computer Security... National Institute of Standards and Technology Open Meeting of the Information Security and...

  1. 75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-13

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to federal computer systems. Details regarding... National Institute of Standards and Technology Announcing a Meeting of the Information Security and...

  2. Audit of Bonneville Power Administration`s management of Information Resources

    SciTech Connect

    1996-04-02

    Bonneville Power Administration`s (Bonneville) information resources include computer-related equipment, spare parts, and computer software. The objective of this audit was to determine whether Bonneville acquired and accounted for computer-related equipment properly. We found positive aspects in Bonneville`s management of computer-related equipment. However, improvements could be made in implementing credit card and property procedures. Specifically, we found that improvements were needed to (1) control credit card purchases, (2) ensure that equipment was tagged and included in property records, (3) maintain accountability over spare parts, and (4) identify unused equipment. As a result, about $90,000 of equipment was bought by personnel whose authority to purchase was not properly documented, and about $182,000 of purchases lacked supporting invoices. In addition, one maintenance support group had over $109,000 of spare parts shortages. Furthermore, Bonneville could have saved about $803,000 had unused equipment been redistributed within Bonneville or to other Federal and state agencies. Management concurred with the recommendations to improve internal controls.

  3. 75 FR 73117 - New Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-29

    ..., 74 FR 42086. The collection encompasses interviews and site visits with pipeline operators regarding...: Pipeline Corporate Security Review AGENCY: Transportation Security Administration, DHS. ACTION: 30-day... Budget (OMB) for review and approval under the Paperwork Reduction Act. The ICR describes the nature...

  4. 75 FR 41919 - Occupational Information Development Advisory Panel Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-19

    ... ADMINISTRATION Occupational Information Development Advisory Panel Meeting AGENCY: Social Security Administration... occupational information system tailored specifically for the Social Security Administration's (SSA) disability... programs in the following areas: medical and vocational analysis of disability claims;...

  5. 75 FR 10545 - Occupational Information Development Advisory Panel Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-08

    ... ADMINISTRATION Occupational Information Development Advisory Panel Meeting AGENCY: Social Security Administration... Dictionary of Occupational Titles used in the Social Security Administration's (SSA) disability determination process. The Panel will advise the Agency on creating an occupational information system...

  6. National Nuclear Security Administration Service Center Environmental Programs Long-Term Environmental Stewardship Baseline Handbook

    SciTech Connect

    Griswold, D. D.; Rohde, K.

    2003-02-26

    As environmental restoration (ER) projects move toward completion, the planning, integration, and documentation of long-term environmental stewardship (LTES) activities is increasingly important for ensuring smooth transition to LTES. The Long-Term Environmental Stewardship Baseline Handbook (Handbook) prepared by the National Nuclear Security Administration (NNSA) Service Center Environmental Programs Department (EPD) outlines approaches for integrating site-specific LTES planning and implementation into site ER baseline documentation. Since LTES will vary greatly from site to site, the Handbook also provides for flexibility in addressing LTES in ER Project life-cycle baselines, while clearly identifying Environmental Management (EM) requirements. It provides suggestions for enacting LTES principles and objectives through operational activities described in site-specific LTES plans and life cycle ER Project baseline scope, cost, and schedule documentation and tools for more thorough planning, better quantification, broader understanding of risk and risk management factors, and more comprehensive documentation. LTES planning applied to baselines in a phased approach will facilitate seamlessly integrating LTES into site operational activities, thereby minimizing the use of resources.

  7. 5 CFR 1312.31 - Security violations.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified Information § 1312.31 Security violations. (a) A security violation notice is issued by the...

  8. 76 FR 81941 - General Services Administration Acquisition Regulation; Information Collection; Price Reductions...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-29

    ... From the Federal Register Online via the Government Publishing Office GENERAL SERVICES ADMINISTRATION General Services Administration Acquisition Regulation; Information Collection; Price Reductions.... FOR FURTHER INFORMATION CONTACT: Ms. Dana Munson, General Services Acquisition Policy Division,...

  9. 19 CFR 206.66 - Limited disclosure of certain confidential business information under administrative protective...

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... business information under administrative protective order. 206.66 Section 206.66 Customs Duties UNITED STATES INTERNATIONAL TRADE COMMISSION NONADJUDICATIVE INVESTIGATIONS INVESTIGATIONS RELATING TO GLOBAL... certain confidential business information under administrative protective order. In an investigation...

  10. Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

    ERIC Educational Resources Information Center

    Edwards, Keith

    2015-01-01

    Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

  11. Optical security features by using information carrier digital screening

    NASA Astrophysics Data System (ADS)

    Koltai, Ferenc

    2002-04-01

    Jura is an Austrian-Hungarian company providing security printers with proprietary security printing design software, complete security printing pre=press systems (HW + SW), ultrahigh resolution image setters developed for security printing market, security features, developed by Jura for security printing in general, proprietary security features, destined for document personalization systems. In addition to supply such products Jura is providing its customers with full technical support, as integration, installation, training, hot-line remote and/or on-site support, service and maintenance worldwide. Research and development have always been in the focus of Jura's activity. Development and testing of new software, new security features are the most important parts of the work. Jura was the first on the world to release her Engraver Software enabling artist-engravers to create engraving-styled portraits digitally. This development, incompatibility with Jura's security design software package, enabled a full digital workflow for banknote origination. Jura made a lot of remarkable steps to develop security features also for Document Personalization. This development links the personal data with the photography of the document' holder by encoding personal data to the photography, invisibly for naked human eye, however, decodable by an appropriate decoding device. This feature exists also in machine-readable digital version. Experts of Jura started the research and development on digital screening 15 years ago for commercial printing and 10 years ago on special screens for security printing technologies. In very early stage of this development, when knowledge of creating each screen-dot individually in shape, form and position was acquired, the idea was born to use the screen dots as secondary data holder for encoded messages.

  12. MAINTAINING HIGH RESOLUTION MASS SPECTROMETRY CAPABILITIES FOR NATIONAL NUCLEAR SECURITY ADMINISTRATION APPLICATIONS

    SciTech Connect

    Wyrick, S.; Cordaro, J.; Reeves, G.; Mcintosh, J.; Mauldin, C.; Tietze, K.; Varble, D.

    2011-06-06

    The Department of Energy (DOE) National Nuclear Security Administration (NNSA) has a specialized need for analyzing low mass gas species at very high resolutions. The currently preferred analytical method is electromagnetic sector mass spectrometry. This method allows the NNSA Nuclear Security Enterprise (NSE) to resolve species of similar masses down to acceptable minimum detection limits (MDLs). Some examples of these similar masses are helium-4/deuterium and carbon monoxide/nitrogen. Through the 1980s and 1990s, there were two vendors who supplied and supported these instruments. However, with declining procurements and down turns in the economy, the supply of instruments, service and spare parts from these vendors has become less available, and in some cases, nonexistent. The largest NSE user of this capability is the Savannah River Site (SRS), located near Aiken, South Carolina. The Research and Development Engineering (R&DE) Group in the Savannah River National Laboratory (SRNL) investigated the areas of instrument support that were needed to extend the life cycle of these aging instruments. Their conclusions, as to the focus areas of electromagnetic sector mass spectrometers to address, in order of priority, were electronics, software and hardware. Over the past 3-5 years, the R&DE Group has designed state of the art electronics and software that will allow high resolution legacy mass spectrometers, critical to the NNSA mission, to be operated for the foreseeable future. The funding support for this effort has been from several sources, including the SRS Defense Programs, NNSA Readiness Campaign, Pantex Plant and Sandia National Laboratory. To date, electronics systems have been upgraded on one development system at SRNL, two production systems at Pantex and one production system at Sandia National Laboratory. An NSE working group meets periodically to review strategies going forward. The R&DE Group has also applied their work to the electronics for a

  13. Vital status ascertainment through the files of the Department of Veterans Affairs and the Social Security Administration.

    PubMed

    Page, W F; Mahan, C M; Kang, H K

    1996-03-01

    Veterans of US military service are a valuable resource for epidemiologic studies, and the Department of Veterans Affairs (VA) files provide an effective way to gather mortality information on veterans, so long as these files provide reasonably complete death reporting. To determine the completeness of VA death reporting, we assembled an independent sample of known veteran deaths among males born between 1936 and 1955 and assessed the performance of VA death reporting in this sample. We also compared VA death ascertainment to Social Security Administration (SSA) ascertainment. Based on the more than 4300 deaths in our study, we found VA death reporting to be approximately 90% complete by itself and 96% complete when used in conjunction with SSA death reporting. In addition, we found no evidence that VA death reporting changed substantially after passage of the Omnibus Budget Reconciliation Act of 1981, which limited eligibility for VA death benefits. Because veterans make up a large segment of the US population, our findings have particular relevance for studies in which mortality is a primary end point. PMID:10068251

  14. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ..., maritime facility, or port area security plan required or directed under Federal law; (iii) Any national or... under 49 CFR 1542.303, 1544.305, 1548.19, or other authority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or 33 U.S.C. 1221 et seq. related to maritime...

  15. Information Security in the 1990s: Keeping the Locks on.

    ERIC Educational Resources Information Center

    Kovac, Ron J.

    1999-01-01

    As the Internet proliferates, it drastically increases an institution's level of data insecurity. Hacker attacks can result in denial of service, data corruption or erasure, and passive theft (via spoofing, splicing, or session stealing). To ensure data security, a firewall (screening software program) and a security policy should be implemented.…

  16. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Telecommunications automated information systems and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National... network security. Each agency head shall ensure that classified information electronically...

  17. Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

    ERIC Educational Resources Information Center

    Foltz, C. Bryan; Renwick, Janet S.

    2011-01-01

    The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

  18. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements for... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition...

  19. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements for... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition...

  20. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements for... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition...

  1. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements for... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition...

  2. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements for... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition...

  3. Teaching Information Security with Workflow Technology--A Case Study Approach

    ERIC Educational Resources Information Center

    He, Wu; Kshirsagar, Ashish; Nwala, Alexander; Li, Yaohang

    2014-01-01

    In recent years, there has been a significant increase in the demand from professionals in different areas for improving the curricula regarding information security. The use of authentic case studies in teaching information security offers the potential to effectively engage students in active learning. In this paper, the authors introduce the…

  4. 10 CFR 2.903 - Protection of restricted data and national security information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or... 10 Energy 1 2010-01-01 2010-01-01 false Protection of restricted data and national...

  5. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while... 10 Energy 2 2013-01-01 2013-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY...

  6. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while... 10 Energy 2 2011-01-01 2011-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY...

  7. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while... 10 Energy 2 2014-01-01 2014-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY...

  8. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while... 10 Energy 2 2012-01-01 2012-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY...

  9. 78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-20

    ... Coordination (78 FR 38949). That Request for Information may be found at https://federalregister.gov/a/2013... National Institute of Standards and Technology Request for Information on Computer Security Incident... submitting comments relating to Computer Security Incident Coordination. NIST experienced...

  10. Toward a generic model of security in organizational context: exploring insider threats to information infrastructure.

    SciTech Connect

    Martinez-Moyano, I. J.; Samsa, M. E.; Burke, J. F.; Akcam, B. K.; Decision and Information Sciences; Rockefeller Coll. at the State Univ. of New York at Albany

    2008-01-01

    This paper presents a generic model for information security implementation in organizations. The model presented here is part of an ongoing research stream related to critical infrastructure protection and insider threat and attack analysis. This paper discusses the information security implementation case.

  11. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Telecommunications automated information systems and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National... network security. Each agency head shall ensure that classified information electronically...

  12. 48 CFR 552.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Procedural Guide 09-48, Security Language for Information Technology Acquisitions Efforts,” to provide IT... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Security Requirements for Unclassified Information Technology Resources. 552.239-71 Section 552.239-71 Federal Acquisition...

  13. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Security requirements for access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Within Industry 3004.470 Security requirements for access to unclassified facilities,...

  14. Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

    ERIC Educational Resources Information Center

    Schultz, Christopher

    2012-01-01

    Empirical research on information security trends and practices in e-learning is scarce. Many articles that have been published apply basic information security concepts to e-learning and list potential threats or propose frameworks for classifying threats. The purpose of this research is to identify, categorize and understand trends and issues in…

  15. Supporting Case-Based Learning in Information Security with Web-Based Technology

    ERIC Educational Resources Information Center

    He, Wu; Yuan, Xiaohong; Yang, Li

    2013-01-01

    Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security…

  16. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ...) Information processing or storage system procurement, (5) Contractual relationships. ... management: (1) Information system development, (2) Information collection, (3) Information handling and processing, (4) Information dissemination and disclosure, (5) Information storage and destruction,...

  17. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ...) Information processing or storage system procurement, (5) Contractual relationships. ... management: (1) Information system development, (2) Information collection, (3) Information handling and processing, (4) Information dissemination and disclosure, (5) Information storage and destruction,...

  18. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ...) Information processing or storage system procurement, (5) Contractual relationships. ... management: (1) Information system development, (2) Information collection, (3) Information handling and processing, (4) Information dissemination and disclosure, (5) Information storage and destruction,...

  19. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ...) Information processing or storage system procurement, (5) Contractual relationships. ... management: (1) Information system development, (2) Information collection, (3) Information handling and processing, (4) Information dissemination and disclosure, (5) Information storage and destruction,...

  20. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ...) Information processing or storage system procurement, (5) Contractual relationships. ... management: (1) Information system development, (2) Information collection, (3) Information handling and processing, (4) Information dissemination and disclosure, (5) Information storage and destruction,...