Science.gov

Sample records for administration information security

  1. Social Security Administration's Master Earnings File: background information.

    PubMed

    Olsen, Anya; Hudson, Russell

    2009-01-01

    The Social Security Administration (SSA) receives reports of earnings for the U.S. working population each year. Earnings data are used to administer the Social Security programs and to conduct research on the populations served by those programs. The administrative needs of SSA and other agencies have changed over time and, as a result, there have been numerous changes to the main source of SSA's earnings data, which is known as the Master Earnings File (MEF). By documenting the history, content, limitations, complexities, and uses of the MEF (and data files derived from the MEF), this article serves as a resource for researchers who use earnings data to study work patterns and their implications. It is also a resource for policymakers and administrators who must understand the data used in administering current-law programs and the data available to inform potential changes to those programs.

  2. National Aeronautics and Space Administration's (NASA) Automated Information Security Handbook

    NASA Technical Reports Server (NTRS)

    Roback, E.

    1991-01-01

    The NASA Automated Information Security Handbook provides NASA's overall approach to automated information systems security including discussions of such aspects as: program goals and objectives, assignment of responsibilities, risk assessment, foreign national access, contingency planning and disaster recovery, awareness training, procurement, certification, planning, and special considerations for microcomputers.

  3. 75 FR 64389 - Proposed Recommendation to the Social Security Administration for Occupational Information System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-19

    ... ADMINISTRATION Proposed Recommendation to the Social Security Administration for Occupational Information System... on plans and activities to create an occupational information system tailored specifically for our... System Development Planning. The comment period is open through November 8, 2010. Contact...

  4. Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

    PubMed

    Kraemer, Sara; Carayon, Pascale

    2007-03-01

    This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

  5. Security of Data, Stored in Information Systems of Bulgarian Municipal Administrations

    NASA Astrophysics Data System (ADS)

    Kapralyakov, Petko

    2011-12-01

    Massive influx of information technology in municipal administrations increases their efficiency in delivering public services but increased the risk of theft of confidential information electronically. The report proposed an approach for improving information security for small municipal governments in Bulgaria through enhanced intrusion detection and prevention system.

  6. Transportation Security Administration

    MedlinePlus

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index What Can I Bring? ... form Search the Site Main menu Administrator Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  7. Social Security Administration

    MedlinePlus

    ... Closings & Emergencies Podcasts Webinars Ticket to Work helps Disability beneficiaries return to work Need information about benefits for same-sex couples? Open Government at Social Security myRA - Retirement Savings Made Easy Plain Writing ...

  8. 76 FR 2142 - Employee Benefits Security Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-12

    ... Benefits Security Administration Hearing on Definition of ``Fiduciary'' AGENCY: Employee Benefits Security... that the Employee Benefits Security Administration will hold a hearing to consider issues attendant to... and Interpretations, Employee Benefits Security Administration, U.S. Department of Labor, at (202)...

  9. Homeland Security and Information.

    ERIC Educational Resources Information Center

    Relyea, Harold C.

    2002-01-01

    Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

  10. Addressing Information Security Risk

    ERIC Educational Resources Information Center

    Qayoumi, Mohammad H.; Woody, Carol

    2005-01-01

    Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…

  11. 76 FR 40296 - Declassification of National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-08

    ... RECORDS ADMINISTRATION 36 CFR Part 1260 RIN 3095-AB64 Declassification of National Security Information... would update NARA's regulations related to declassification of classified national security information... of Executive Order 13526, Classified National Security Information, and its Implementing...

  12. 77 FR 25188 - Extension of Agency Information Collection Activity Under OMB Review: Enhanced Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-04-27

    ... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under...: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB......

  13. 78 FR 4856 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-23

    ... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under... Administration, DHS. ACTION: 30-Day notice. SUMMARY: This notice announces that the Transportation Security..., Office of Information Technology (OIT), TSA-11, Transportation Security Administration, 601 South...

  14. 76 FR 81827 - Declassification of National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-29

    ... RECORDS ADMINISTRATION 36 CFR Part 1260 RIN 3095-AB64 Declassification of National Security Information... classified national security information in records transferred to NARA's legal custody. The rule incorporates changes resulting from issuance of Executive Order 13526, Classified National Security...

  15. 76 FR 4079 - Information Technology (IT) Security

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-24

    ... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... expired February 2, 2009. Six comments were received from two respondents. Comment: IT Security should be... that the Defense Acquisition Regulation (DAR) Council consider a government-wide IT Security...

  16. 49 CFR 1548.19 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an...

  17. 78 FR 13367 - Extension of Agency Information Collection Activity Under OMB Review: Security Threat Assessment...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-27

    ... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under... for a Commercial Drivers License AGENCY: Transportation Security Administration, DHS. ACTION: 30-day notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA)...

  18. Security classification of information

    SciTech Connect

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  19. 78 FR 67210 - Charging Standard Administrative Fees for Nonprogram-Related Information; Correction

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-08

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY...: Social Security Administration. ACTION: Notice of standard administrative fees for providing information... administrative fees; Correction. SUMMARY: The Social Security Administration published a document in the...

  20. 49 CFR 1544.305 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security...

  1. 14 CFR § 1203.201 - Information security objectives.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Information security objectives. § 1203.201 Section § 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives....

  2. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  3. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  4. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  5. 14 CFR 1203.201 - Information security objectives.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives...

  6. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  7. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 12 Banks and Banking 7 2013-01-01 2013-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  8. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 12 Banks and Banking 7 2012-01-01 2012-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  9. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 12 Banks and Banking 7 2014-01-01 2014-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  10. 12 CFR 605.501 - Information Security Officer.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by...

  11. 49 CFR 1549.109 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CERTIFIED CARGO SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue...

  12. National Information Systems Security (INFOSEC) Glossary

    DTIC Science & Technology

    2000-09-01

    Systems Security Engineering ISSM Information Systems Security Manager ISSO Information Systems Security Officer IT Information Technology ITAR ...Digital Net Radio Interface Unit SDNS Secure Data Network System SDR System Design Review SFA Security Fault Analysis SHA Secure Hash Algorithm

  13. 76 FR 11307 - Small Business Information Security Task Force

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-01

    ... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, January 12, 2011... meeting minutes for the third meeting of the Small Business Information Security Task Force. Chairman,...

  14. 75 FR 77934 - Small Business Information Security Task Force

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-14

    ... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, November 10, 2010... meeting minutes for the second meeting of the Small Business Information Security Task Force....

  15. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  16. 76 FR 34761 - Classified National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... Classified National Security Information AGENCY: Marine Mammal Commission. ACTION: Notice. SUMMARY: This... information, as directed by Information Security Oversight Office regulations. FOR FURTHER INFORMATION CONTACT..., ``Classified National Security Information,'' and 32 CFR part 2001, ``Classified National Security...

  17. Michigan Occupational Information System. Administrator's Handbook.

    ERIC Educational Resources Information Center

    Michigan State Dept. of Education, Lansing. Michigan Occupational Information System.

    This handbook is designed to give introductory and reference information about the Michigan Occupational Information System (MOIS). Although focused in Michigan, it is not specifically oriented to any particular population; rather, it answers basic questions common to administrators, school principals, Michigan Employment Security Directors,…

  18. Securing Information Technology in Healthcare

    PubMed Central

    Anthony, Denise; Campbell, Andrew T.; Candon, Thomas; Gettinger, Andrew; Kotz, David; Marsch, Lisa A.; Molina-Markham, Andrés; Page, Karen; Smith, Sean W.; Gunter, Carl A.; Johnson, M. Eric

    2014-01-01

    Dartmouth College’s Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops. PMID:25379030

  19. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Security Administration--011, Transportation Security Intelligence Service Operations Files Systems of... Administration--011 Transportation Security Intelligence Service Operations Files previously published on... Transportation Security Intelligence Service Operations Filing System contains records on individuals...

  20. Health Information Security in Hospitals: the Application of Security Safeguards

    PubMed Central

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-01-01

    Introduction: A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. Methods: This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach’s coefficient alpha (α=0.75). Results: The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. Conclusion: According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended. PMID:27046944

  1. 49 CFR 1542.303 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 Transportation 9 2013-10-01 2013-10-01 false Security Directives and Information Circulars. 1542.303 Section 1542.303 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT...

  2. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 Transportation 9 2013-10-01 2013-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION...

  3. 49 CFR 1542.303 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 9 2011-10-01 2011-10-01 false Security Directives and Information Circulars. 1542.303 Section 1542.303 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT...

  4. 49 CFR 1542.303 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 Transportation 9 2012-10-01 2012-10-01 false Security Directives and Information Circulars. 1542.303 Section 1542.303 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT...

  5. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION...

  6. 49 CFR 1542.303 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 9 2014-10-01 2014-10-01 false Security Directives and Information Circulars. 1542.303 Section 1542.303 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT...

  7. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 9 2011-10-01 2011-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION...

  8. 49 CFR 1542.303 - Security Directives and Information Circulars.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars. 1542.303 Section 1542.303 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT...

  9. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 1 2013-04-01 2012-04-01 true Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board... Security Administration considers in determining benefits payable) to the Social Security...

  10. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 1 2011-04-01 2011-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board... Security Administration considers in determining benefits payable) to the Social Security...

  11. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 1 2014-04-01 2012-04-01 true Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board... Security Administration considers in determining benefits payable) to the Social Security...

  12. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 1 2012-04-01 2012-04-01 false Social Security Administration jurisdiction... RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The Board... Security Administration considers in determining benefits payable) to the Social Security...

  13. Information risk and security modeling

    NASA Astrophysics Data System (ADS)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  14. Managing information technology security risk

    NASA Technical Reports Server (NTRS)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  15. 75 FR 70764 - Small Business Information Security Task Force

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-18

    ... From the Federal Register Online via the Government Publishing Office SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, October 13,...

  16. 75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security Administration--023 Workplace Violence Prevention Program System of Records AGENCY: Privacy Office..., ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention... and maintain records on their Workplace Violence Prevention Program. Additionally, the Department...

  17. Information Security and the Internet.

    ERIC Educational Resources Information Center

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  18. Improving Information Security Risk Management

    ERIC Educational Resources Information Center

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  19. 75 FR 707 - Classified National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ... National Security Information Memorandum of December 29, 2009--Implementation of the Executive Order ``Classified National Security Information'' Order of December 29, 2009--Original Classification Authority #0... 13526 of December 29, 2009 Classified National Security Information This order prescribes a...

  20. Information Security and Integrity Systems

    NASA Technical Reports Server (NTRS)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  1. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically...

  2. NASA Automatic Information Security Handbook

    NASA Technical Reports Server (NTRS)

    1993-01-01

    This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

  3. 39 CFR 267.5 - National Security Information.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive...

  4. 78 FR 1878 - Agency Information Collection Activities: Administrative Rulings

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-09

    ... SECURITY U.S. Customs and Border Protection Agency Information Collection Activities: Administrative Rulings AGENCY: U.S. Customs and Border Protection, Department of Homeland Security. ACTION: 30-Day notice and request for comments; Extension of an existing information collection. SUMMARY: U.S. Customs...

  5. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--002 Transportation Security Threat Assessment System System of Records AGENCY... accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and...

  6. 78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... SECURITY Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--DHS/TSA-001 Transportation Security Enforcement Record System System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records Update. SUMMARY:...

  7. 77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-26

    ... RECORDS ADMINISTRATION Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records Administration, Information.... ADDRESSES: National Archives and Records Administration, 700 Pennsylvania Avenue NW, Jefferson...

  8. Two RFID-based solutions for secure inpatient medication administration.

    PubMed

    Yen, Yi-Chung; Lo, Nai-Wei; Wu, Tzong-Chen

    2012-10-01

    Medication error can easily cause serious health damage to inpatients in hospital. Consequently, the whole society has to spend huge amount of extra resources for additional therapies and medication on those affected inpatients. In order to prevent medication errors, secure inpatient medication administration system is required in a hospital. Using RFID technology, such administration system provides automated medication verification for inpatient's medicine doses and generates corresponding medication evidence, which may be audited later for medical dispute. Recently, Peris-Lopez et al. (Int. J. Med. Inform., 2011) proposed an IS-RFID system to enhance inpatient medication safety. Nevertheless, IS-RFID system does not detect the denial of proof attack efficiently and the generated medication evidence cannot defend against counterfeit evidence generated from the hospital. That is, the hospital possesses enough privilege from the design of IS-RFID system to modify generated medication evidence whenever it is necessary. Hence, we design two lightweight RFID-based solutions for secure inpatient medication administration, one for online verification environment and the other for offline validation situation, to achieve system security on evidence generation and provide early detection on denial of proof attack.

  9. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... Forest Service Information Collection; Financial Information Security Request Form AGENCY: Forest Service... extension with revision of a currently approved information collection, Financial Information Security...: Comments concerning this notice should be addressed to Financial Policy, Mail Stop 1149, USDA,...

  10. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-02

    ... SECURITY Homeland Security Information Network Advisory Committee AGENCY: Department of Homeland Security... Applicants for Appointment to Homeland Security Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information...

  11. 5 CFR 930.301 - Information systems security awareness training program.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information...

  12. 20 CFR 221.3 - Social Security Administration jurisdiction.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social Security Administration jurisdiction. 221.3 Section 221.3 Employees' Benefits RAILROAD RETIREMENT BOARD REGULATIONS UNDER THE RAILROAD RETIREMENT ACT JURISDICTION DETERMINATIONS § 221.3 Social Security Administration jurisdiction. The...

  13. An Agile Enterprise Regulation Architecture for Health Information Security Management

    PubMed Central

    Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-01-01

    Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

  14. An agile enterprise regulation architecture for health information security management.

    PubMed

    Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-09-01

    Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

  15. 76 FR 10262 - Information Security Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-24

    ... 46 CFR Part 503 RIN 3072-AC40 Information Security Program AGENCY: Federal Maritime Commission... relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect January 5, 2010, and which prescribes a...

  16. 76 FR 62630 - Information Security Regulations

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-11

    ... 32 CFR Part 1902 Information Security Regulations AGENCY: Central Intelligence Agency. ACTION: Final rule. SUMMARY: The Central Intelligence agency is removing certain information security regulations... Information security regulations. PART 1902 Sec. 1902.13 0 Accordingly, under the authority of Executive...

  17. Information Sharing for IT Security Professionals

    ERIC Educational Resources Information Center

    Petersen, Rodney J.

    2008-01-01

    Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

  18. 75 FR 28777 - Information Collection; Financial Information Security Request Form

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-24

    ...; ] DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security Request Form... Information Security Request Form. DATES: Comments must be received in writing on or before July 23, 2010 to... INFORMATION: Title: Financial Information Security Request Form. OMB Number: 0596-0204. Expiration Date...

  19. [Information security in health care].

    PubMed

    Ködmön, József; Csajbók, Zoltán Ernő

    2015-07-05

    Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

  20. Incentive Issues in Information Security Management

    ERIC Educational Resources Information Center

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

  1. A Unified Approach to Information Security Compliance

    ERIC Educational Resources Information Center

    Adler, M. Peter

    2006-01-01

    The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the…

  2. Information technology security system engineering methodology

    NASA Technical Reports Server (NTRS)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  3. 5 CFR 930.301 - Information systems security awareness training program.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 5 Administrative Personnel 2 2011-01-01 2011-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop...

  4. 5 CFR 930.301 - Information systems security awareness training program.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop...

  5. 5 CFR 930.301 - Information systems security awareness training program.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop...

  6. 5 CFR 930.301 - Information systems security awareness training program.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 5 Administrative Personnel 2 2012-01-01 2012-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop...

  7. 75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--006 Correspondence and Matters Tracking Records AGENCY: Privacy Office, DHS. ] ACTION: Notice to alter an existing Privacy Act system of records. SUMMARY: In accordance with...

  8. A Layered Trust Information Security Architecture

    PubMed Central

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  9. A layered trust information security architecture.

    PubMed

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  10. 75 FR 65511 - Employee Benefits Security Administration; Submission for OMB Review

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-25

    ... of the Secretary Employee Benefits Security Administration; Submission for OMB Review ACTION: Notice..., Attn: OMB Desk Officer for the Department of Labor--Employee Benefits Security Administration (EBSA...., permitting electronic submission of responses. Agency: Employee Benefits Security Administration. Type...

  11. 77 FR 3836 - Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-25

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2011...

  12. 78 FR 6168 - Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-29

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2012...

  13. 77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-18

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration....

  14. Three Essays on Information Security Policies

    ERIC Educational Resources Information Center

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  15. Effective Management of Information Security and Privacy

    ERIC Educational Resources Information Center

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  16. A Security Architecture for Health Information Networks

    PubMed Central

    Kailar, Rajashekar

    2007-01-01

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

  17. A security architecture for health information networks.

    PubMed

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  18. Information Processing - Administrative Data Processing

    NASA Astrophysics Data System (ADS)

    Bubenko, Janis

    A three semester, 60-credit course package in the topic of Administrative Data Processing (ADP), offered in 1966 at Stockholm University (SU) and the Royal Institute of Technology (KTH) is described. The package had an information systems engineering orientation. The first semester focused on datalogical topics, while the second semester focused on the infological topics. The third semester aimed to deepen the students’ knowledge in different parts of ADP and at writing a bachelor thesis. The concluding section of this paper discusses various aspects of the department’s first course effort. The course package led to a concretisation of our discipline and gave our discipline an identity. Our education seemed modern, “just in time”, and well adapted to practical needs. The course package formed the first concrete activity of a group of young teachers and researchers. In a forty-year perspective, these people have further developed the department and the topic to an internationally well-reputed body of knowledge and research. The department has produced more than thirty professors and more than one hundred doctoral degrees.

  19. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-07-25

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA..., SSA, as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy... persons. The Privacy Act, as amended, regulates the use of computer matching by Federal agencies...

  20. 77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-06

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA..., SSA, as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy... persons. The Privacy Act, as amended, regulates the use of computer matching by Federal agencies...

  1. A Security Audit Framework to Manage Information System Security

    NASA Astrophysics Data System (ADS)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  2. 78 FR 46358 - Extension of Agency Information Collection Activity Under OMB Review: Security Programs for...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-31

    ... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under... against acts of criminal violence and air piracy, and the introduction of explosives, incendiaries,...

  3. ITIL{sup ®} and information security

    SciTech Connect

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-03-10

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  4. Securing Information with Complex Optical Encryption Networks

    DTIC Science & Technology

    2015-08-11

    encryption networks, and to provide effective and reliable solutions for information security. 15. SUBJECT TERMS Optical Encryption...popularization of networking and internet , much research effort is made in the field of information security. Military communication system makes an...objective is to propose the architectures for a number of complex optical encryption networks so as to provide effective and reliable solutions for

  5. Security Information and Event Management Tools and Insider Threat Detection

    DTIC Science & Technology

    2013-09-01

    administrative action information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR 18. NUMBER OF PAGES 101 19a...Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20. LIMITATION OF ABSTRACT UU NSN 7540–01–280–5500 Standard Form 298 (Rev. 2–89...without having to define the same filter over and over. This can also help limit mistakes in rule development if a filter is rather complex (Miller

  6. Insider Threat and Information Security Management

    NASA Astrophysics Data System (ADS)

    Coles-Kemp, Lizzie; Theoharidou, Marianthi

    The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

  7. Information Seeking Behaviour of AIOU Administrators

    ERIC Educational Resources Information Center

    Mahmood, Malik Tariq

    2005-01-01

    The main purpose of this research study is to investigate the information-seeking behavior of Allama Iqbal Open University (AIOU) administrators in Pakistan. Information is obtained by using a wide variety of informal and formal sources, human sources, Internet as well as print media. The present study found that AIOU administrators are more…

  8. An Ontology Based Approach to Information Security

    NASA Astrophysics Data System (ADS)

    Pereira, Teresa; Santos, Henrique

    The semantically structure of knowledge, based on ontology approaches have been increasingly adopted by several expertise from diverse domains. Recently ontologies have been moved from the philosophical and metaphysics disciplines to be used in the construction of models to describe a specific theory of a domain. The development and the use of ontologies promote the creation of a unique standard to represent concepts within a specific knowledge domain. In the scope of information security systems the use of an ontology to formalize and represent the concepts of security information challenge the mechanisms and techniques currently used. This paper intends to present a conceptual implementation model of an ontology defined in the security domain. The model presented contains the semantic concepts based on the information security standard ISO/IEC_JTC1, and their relationships to other concepts, defined in a subset of the information security domain.

  9. Network Security: What Non-Technical Administrators Must Know

    ERIC Educational Resources Information Center

    Council, Chip

    2005-01-01

    Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

  10. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Reports to Social Security Administration of...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...) Information required. If you are the beneficiary, your report should show your name, address, Social...

  11. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Reports to Social Security Administration of...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...) Information required. If you are the beneficiary, your report should show your name, address, Social...

  12. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Reports to Social Security Administration of...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...) Information required. If you are the beneficiary, your report should show your name, address, Social...

  13. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Reports to Social Security Administration of...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...) Information required. If you are the beneficiary, your report should show your name, address, Social...

  14. 20 CFR 404.452 - Reports to Social Security Administration of earnings; wages; net earnings from self-employment.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Reports to Social Security Administration of...; and Nonpayments of Benefits § 404.452 Reports to Social Security Administration of earnings; wages...) Information required. If you are the beneficiary, your report should show your name, address, Social...

  15. Implementing healthcare information security: standards can help.

    PubMed

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  16. Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

    ERIC Educational Resources Information Center

    Szuba, Tom

    This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

  17. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 41 Public Contracts and Property Management 3 2013-07-01 2013-07-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION...

  18. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 41 Public Contracts and Property Management 3 2012-01-01 2012-01-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION...

  19. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 41 Public Contracts and Property Management 3 2011-01-01 2011-01-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION...

  20. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 41 Public Contracts and Property Management 3 2014-01-01 2014-01-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION...

  1. 36 CFR 1256.46 - National security-classified information.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 36 Parks, Forests, and Public Property 3 2014-07-01 2014-07-01 false National security-classified information. 1256.46 Section 1256.46 Parks, Forests, and Public Property NATIONAL ARCHIVES AND RECORDS ADMINISTRATION PUBLIC AVAILABILITY AND USE ACCESS TO RECORDS AND DONATED HISTORICAL MATERIALS...

  2. 36 CFR 1256.46 - National security-classified information.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified information. 1256.46 Section 1256.46 Parks, Forests, and Public Property NATIONAL ARCHIVES AND RECORDS ADMINISTRATION PUBLIC AVAILABILITY AND USE ACCESS TO RECORDS AND DONATED HISTORICAL MATERIALS General Restrictions § 1256.46...

  3. An overview in healthcare information systems security.

    PubMed

    Bourka, A; Polemi, N; Koutsouris, D

    2001-01-01

    The scope of this paper is to present the current needs and trends in the field of healthcare systems security. The approach applied within the described review was based on three major steps. The first step was to define the point and ways of penetration and integration of security services in current healthcare related applications addressing technical, organisational and legal/regulatory issues. The second step was to specify and evaluate common security technologies applied in healthcare information systems pointing out gaps and efficient solutions, whereas the third was to draw conclusions for the present conditions and identify the future trends of healthcare information security. A number of EU RTD Projects were selected, categorised, analysed and comparatively evaluated in terms of security. The technical focus was on key security technologies, like Public Key Infrastructures (PKIs) based on Trusted Third Parties (TTPs) in conjunction with other state-of-the-art security components (programming tools, data representation formats, security standards and protocols, security policies and risk assessment techniques). The experience gained within this review will provide valuable input for future security applications in the healthcare sector, solving existing problems and addressing real user needs.

  4. NNSA Administrator Looks to Future of Nuclear Security at STRATCOM Symposium

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas P. DAgostino of the National Nuclear Security Administration (NNSA) discusses the future of the Nuclear Security Enterprise and its strategic deterrence mission in light of President Obamas unprecedented nuclear security agenda.

  5. NNSA Administrator Looks to Future of Nuclear Security at STRATCOM Symposium

    SciTech Connect

    Thomas D'Agostino

    2009-08-05

    Administrator Thomas P. DAgostino of the National Nuclear Security Administration (NNSA) discusses the future of the Nuclear Security Enterprise and its strategic deterrence mission in light of President Obamas unprecedented nuclear security agenda.

  6. TWRS information locator database system administrator`s manual

    SciTech Connect

    Knutson, B.J., Westinghouse Hanford

    1996-09-13

    This document is a guide for use by the Tank Waste Remediation System (TWRS) Information Locator Database (ILD) System Administrator. The TWRS ILD System is an inventory of information used in the TWRS Systems Engineering process to represent the TWRS Technical Baseline. The inventory is maintained in the form of a relational database developed in Paradox 4.5.

  7. Teaching Context in Information Security

    ERIC Educational Resources Information Center

    Bishop, Matt

    2006-01-01

    This article investigates teaching the application of technical ideas by non-technical means, especially by using puzzles to engage students. After discussing the need to teach students to evaluate contexts in which decisions about computer security must be made, we suggest questions and scenarios drawn from political science, history, as well as…

  8. A security mediator for health care information.

    PubMed Central

    Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

    1996-01-01

    The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

  9. Administrative Assistants' Informal Learning and Related Factors

    ERIC Educational Resources Information Center

    Cho, Hyun Jung; Kim, Jin-Mo

    2016-01-01

    Purpose: The purpose of this study is to identify the causal relationship among informal learning, leader-member exchange (LMX), empowerment, job characteristics and job self-efficacy and the impact on administrative assistants in corporations. The study aims at providing information for administrative assistants who have worked with their current…

  10. Energy Relations in Russia: Administration, Politics and Security

    ERIC Educational Resources Information Center

    Makarychev, Andrey

    2005-01-01

    This chapter analyses energy relations through a prism of three interlinked concepts: administration, politics and security. This triad describes the basic approaches to questions about technical, politicised and securitised energy. These three concepts are logically linked to one another and represent an elementary matrix; a prism through which…

  11. Information Security Status in Organisations 2008

    NASA Astrophysics Data System (ADS)

    Tawileh, Anas; Hilton, Jeremy; McIntosh, Stephen

    This paper presents the results of the latest survey on information security management and pracitces in organisations. The study is based on a holistic approach to information security that does not confine itself to technical measures and technology implementations, but encompasses other equally important aspects such as human, social, motiviational and trust. In order to achieve this purpose, a comprehensive intellectual framework of the concepts of information security using Soft Systems Methodology (SSM) was utilised. The survey questions were drived from this conceptual model to ensure their coherence, completeness and relevance to the topic being addressed. The paper concludes with a discussion of the survey results and draws significant insight into the existing status of informaiton assurance in organisations that could be useful for security practitioners, researchers and managers.

  12. RFID Based Context Information Security System Architecture for Securing Personal Information under Ubiquitous Environment

    NASA Astrophysics Data System (ADS)

    Song, Jae-Gu; Park, Gil-Cheol; Kim, Seoksoo

    2007-12-01

    In this study, framework for securing personal information among various contexts collected and utilized under ubiquitous environment is proposed. The proposed framework will analyze relativity among information used to determine the exposure of personal information according to circumstances where personal information is used. In addition, the study will define the definition of role-based structure and propose a structure applying password security system according to access level. Furthermore, the study will propose a method for building information security system using RFID tag information which generates context information.

  13. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  14. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  15. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  16. NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

    SciTech Connect

    Thomas D'Agostino

    2009-07-14

    Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

  17. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the related forms prescribed by the Social Security Administration for use by the public in applying...

  18. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the related forms prescribed by the Social Security Administration for use by the public in applying...

  19. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the related forms prescribed by the Social Security Administration for use by the public in applying...

  20. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the related forms prescribed by the Social Security Administration for use by the public in applying...

  1. 20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the related forms prescribed by the Social Security Administration for use by the public in applying...

  2. CORBA security services for health information systems.

    PubMed

    Blobel, B; Holena, M

    1998-01-01

    The structure of healthcare systems in developed countries is changing to 'shared care', enforced by economic constraints and caused by a change in the basic conditions of care. That development results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and, as far as their domains are concerned, heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems require a high level of data protection and data security, both with respect to patient information and with respect to users. This paper, relying on experience gained through our activities in CORBAmed, describes the possibilities the CORBA middleware provides to achieve application and communication security. On the background of the overall CORBA architecture, it outlines the different security services previewed in the adopted CORBA specifications which are discussed in the context of the security requirements of healthcare information systems. Security services required in the healthcare domain but not available at the moment are mentioned. A solution is proposed, which on the one hand allows to make use of the available CORBA security services and additional ones, on the other hand remains open to other middleware approaches, such as DHE or HL7.

  3. USAF Hospital Administrator Management Indicator Information Requirements.

    DTIC Science & Technology

    1987-12-01

    1 General Issue................................. 1 Specific Research Problem ...................... 3 Investigative Questions...included in a management reporting system for Air Force medical facility administrators. Also, recommendations are made as to further. research in this... Research Problem In the Judgment of administrators of USAF Hospitals. what are their management indicator information requirements for the four primary

  4. Distributed Administrative Management Information System (DAMIS).

    ERIC Educational Resources Information Center

    Juckiewicz, Robert; Kroculick, Joseph

    Columbia University's major program to distribute its central administrative data processing to its various schools and departments is described. The Distributed Administrative Management Information System (DAMIS) will link every department and school within the university via micrcomputers, terminals, and/or minicomputers to the central…

  5. Securities Analysts as Information-Seekers.

    ERIC Educational Resources Information Center

    Baldwin, Nancy Sadler; Rice, Ronald E.

    1996-01-01

    A survey of 100 securities analysts at investment banking firms in the United States and United Kingdom showed that individual characteristics have little influence on the information sources and communication channels used by analysts, but institutional resources significantly influence the information and communication channels used, and also…

  6. Establishing Information Security Systems via Optical Imaging

    DTIC Science & Technology

    2015-08-11

    for Fig. 13(b) is 6.83 dB. Figure 13(c) shows a recovered object , when only setup parameters are wrong (wavelength error of 10.0 nm and distance...The research goal is to establish information security systems via optical imaging, the primary objective is to develop optical imaging technologies...TERMS Optical Imaging, Optical Cryptosystems , Diffractive Imaging, Optical Encryption 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR 18

  7. Information security implementations for remote monitoring

    SciTech Connect

    Nilsen, C.A.

    1997-10-01

    In September 1993, President Clinton stated the United States would ensure that its fissile material meet the {open_quotes}highest standards of safety, security, and international accountability.{close_quotes} Frequent human inspection of the material could be used to ensure these standards. However, it may be more effective and less expensive to replace these manual inspections with virtual inspections via remote monitoring technologies. A successful implementation of a comprehensive remote monitoring system, however, requires significant attention to a variety of information security issues. In pursuing Project Straight-Line and the follow-on Storage Monitoring System, Sandia National Laboratories developed remote monitoring implementations that can satisfy a variety of information security requirements. Special emphasis was given to developing methods for using the Internet to disseminate the data securely. This paper describes the various information security implementations applied to the Project Straight-Line and the Storage Monitoring System. Also included is a discussion of the security provided by the Windows NT operating system.

  8. Operational Information Management Security Architecture

    DTIC Science & Technology

    2006-12-01

    12 4.1.4 World Wide Web Consortium ( W3C ...4.1.4 World Wide Web Consortium ( W3C ) The World Wide Web Consortium ( W3C ) is an international consortium that develops interoperable technologies...specifications, guidelines, software, and tools) to lead the Web to its 13 full potential. W3C is a forum for information, commerce, communication, and

  9. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    ERIC Educational Resources Information Center

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  10. A mapping of information security in health Information Systems in Latin America and Brazil.

    PubMed

    Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo

    2013-01-01

    In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.

  11. Installing an appropriate information security policy.

    PubMed

    Gaunt, N

    1998-03-01

    Security of personal health care is of concern to patients, health care staff and informaticians alike. Nevertheless, their awareness of the appropriate measures for protection of such data have been found wanting. The development and implementation of an information and security policy in the health care environment must therefore take into account the attitudes of staff and their educational needs. The approach adopted in one large District General Hospital was to combine risk analysis with surveys of users attitudes to proposed measures and a participational approach to development of security procedures using an adaptation of the ETHICS soft systems methodology. As a result of several years of effort, a 'security culture' has begun to emerge in the organization. However, this can only be sustained by continual promotion of the policy and a willingness to adapt procedures to suit the operating environment.

  12. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be...

  13. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 6 2014-07-01 2014-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be...

  14. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 6 2012-07-01 2012-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be...

  15. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 6 2013-07-01 2013-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be...

  16. Information Security due to Electromagnetic Environments

    NASA Astrophysics Data System (ADS)

    Sekiguchi, Hidenori; Seto, Shinji

    Generally, active electronic devices emit slightly unintentional electromagnetic noise. From long ago, electromagnetic emission levels have been regulated from the aspect of electromagnetic compatibility (EMC). Also, it has been known the electromagnetic emissions have been generated from the ON/OFF of signals in the device. Recently, it becomes a topic of conversation on the information security that the ON/OFF on a desired signal in the device can be reproduced or guessed by receiving the electromagnetic emission. For an example, a display image on a personal computer (PC) can be reconstructed by receiving and analyzing the electromagnetic emission. In sum, this fact makes known information leakage due to electromagnetic emission. “TEMPEST" that has been known as a code name originated in the U. S. Department of Defense is to prevent the information leakage caused by electromagnetic emissions. This paper reports the brief summary of the information security due to electromagnetic emissions from information technology equipments.

  17. The Shaping of Managers' Security Objectives through Information Security Awareness Training

    ERIC Educational Resources Information Center

    Harris, Mark A.

    2010-01-01

    Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

  18. Towards Changes in Information Security Education

    ERIC Educational Resources Information Center

    Hentea, Mariana; Dhillon, Harpal S.; Dhillon, Manpreet

    2006-01-01

    Despite a variety of Information Security Assurance (ISA) curricula and diverse educational models, universities often fail to provide their graduates with skills demanded by employers. There is a big discrepancy between the levels of skills expected by employers and those the graduates have after completing their studies. The authors compare the…

  19. Relationship between stakeholders' information value perception and information security behaviour

    NASA Astrophysics Data System (ADS)

    Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

    2015-02-01

    The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

  20. Attitudes towards information system security among physicians in Croatia.

    PubMed

    Markota, M; Kern, J; Svab, I

    2001-07-01

    To examine attitudes about information system security among Croatian physicians a cross-sectional study was performed on a representative sample of 800 Croatian physicians. An anonymous questionnaire comprising 21 questions was distributed and statistical analysis was performed using a chi-square test. A 76.2% response rate was obtained. The majority of respondents (85.8%) believe that information system security is a new area in their work. In general, physicians are not informed about European directives, conventions, recommendations, etc. Only a small number of physicians use personal computers at work (29%). Those physicians who have a personal computer use it mainly for administrative reasons. Most healthcare institutions (89%) do not have a security manual and the area of information system security is left to individual interest and initiative. Only 25% of physicians who have a personal computer use any type of password. A high percentage of physicians (22%) has never thought about the problem of personal data being used by organizations (e.g. police, banks) without legal background; a small, but still significant percentage of physicians (5.6%) has even agreed with such use. Results indicate that for the vast majority of physicians, information system security is a new area in their daily work, one which is left to individual interest and initiative. They are not familiar with the ethical, technical and legal backgrounds which have been defined for that area within the Council of Europe and the European Union. New aspects: This is the first study performed in Central and Eastern Europe dealing with information system security, performed on a representative nationwide sample of all the physicians.

  1. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  2. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  3. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  4. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  5. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  6. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  7. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  8. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  9. 20 CFR 423.3 - Other process directed to the Social Security Administration or the Commissioner.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Other process directed to the Social Security Administration or the Commissioner. 423.3 Section 423.3 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.3 Other process directed to the Social Security Administration or...

  10. 20 CFR 423.5 - Process against Social Security Administration officials in their individual capacities.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Process against Social Security Administration officials in their individual capacities. 423.5 Section 423.5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.5 Process against Social Security Administration officials in...

  11. 14 CFR § 1203.408 - Assistance by Information Security Specialist in the Center Protective Services Office.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Assistance by Information Security... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM Guides for Original Classification § 1203.408 Assistance by Information Security Specialist in the Center Protective Services...

  12. Directory of Energy Information Administration models 1996

    SciTech Connect

    1996-07-01

    This directory revises and updates the Directory of Energy Information Administration Models 1995, DOE/EIA-0293(95), Energy Information Administration (EIA), U.S. Department of Energy, July 1995. Four models have been deleted in this directory as they are no longer being used: (1) Market Penetration Model for Ground-Water Heat Pump Systems (MPGWHP); (2) Market Penetration Model for Residential Rooftop PV Systems (MPRESPV-PC); (3) Market Penetration Model for Active and Passive Solar Technologies (MPSOLARPC); and (4) Revenue Requirements Modeling System (RRMS).

  13. Secure information transfer based on computing reservoir

    NASA Astrophysics Data System (ADS)

    Szmoski, R. M.; Ferrari, F. A. S.; de S. Pinto, S. E.; Baptista, M. S.; Viana, R. L.

    2013-04-01

    There is a broad area of research to ensure that information is transmitted securely. Within this scope, chaos-based cryptography takes a prominent role due to its nonlinear properties. Using these properties, we propose a secure mechanism for transmitting data that relies on chaotic networks. We use a nonlinear on-off device to cipher the message, and the transfer entropy to retrieve it. We analyze the system capability for sending messages, and we obtain expressions for the operating time. We demonstrate the system efficiency for a wide range of parameters. We find similarities between our method and the reservoir computing.

  14. The straight-line information security architecture

    SciTech Connect

    Nilsen, C.

    1995-08-01

    Comprehensive monitoring can provide a wealth of sensor data useful in enhancing the safety, security, and international accountability of stored nuclear material. However, care must be taken to distribute this type of data on a need to know basis to the various types of users. The following paper describes an exploratory effort on behalf of Sandia National Labs to integrate commercially available systems to securely disseminate (on a need to know basis) both classified and unclassified sensor information to a variety of users on the interact.

  15. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 39 Postal Service 1 2012-07-01 2012-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow...

  16. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 39 Postal Service 1 2014-07-01 2014-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow...

  17. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 39 Postal Service 1 2013-07-01 2013-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow...

  18. Report: Information Security Series: Security Practices Safe Drinking Water Information System

    EPA Pesticide Factsheets

    Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

  19. Information Security – Guidance for Manually Completing the Information Security Awareness Training

    EPA Pesticide Factsheets

    The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

  20. 78 FR 54862 - Information Collection; General Program Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-06

    ... Farm Service Agency Information Collection; General Program Administration AGENCY: Farm Service Agency... Programs (FLP) General Program Administration. The information collected is used to ensure that applicants... INFORMATION: ] Title: Farm Loan Programs, General Program Administration. OMB Control Number:...

  1. 76 FR 27002 - Information Collection; National Recreation Program Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-10

    ... Forest Service Information Collection; National Recreation Program Administration AGENCY: Forest Service... new information collection, National Recreation Program Administration. DATES: Comments must be... INFORMATION: Title: National Recreation Program Administration. OMB Number: 0596-New. Expiration Date...

  2. Directory of Energy Information Administration Models 1994

    SciTech Connect

    Not Available

    1994-07-01

    This directory revises and updates the 1993 directory and includes 15 models of the National Energy Modeling System (NEMS). Three other new models in use by the Energy Information Administration (EIA) have also been included: the Motor Gasoline Market Model (MGMM), Distillate Market Model (DMM), and the Propane Market Model (PPMM). This directory contains descriptions about each model, including title, acronym, purpose, followed by more detailed information on characteristics, uses and requirements. Sources for additional information are identified. Included in this directory are 37 EIA models active as of February 1, 1994.

  3. The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

    PubMed

    Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

    2016-11-01

    The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

  4. 32 CFR 154.42 - Evaluation of personnel security information.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying...

  5. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 Transportation 1 2012-10-01 2012-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review...

  6. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 1 2014-10-01 2014-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review...

  7. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 Transportation 1 2013-10-01 2013-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review...

  8. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review...

  9. Disaster at a University: A Case Study in Information Security

    ERIC Educational Resources Information Center

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  10. A Secure Information Framework with APRQ Properties

    NASA Astrophysics Data System (ADS)

    Rupa, Ch.

    2016-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  11. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 2004.10 Section 2004.10 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION NATIONAL INDUSTRIAL SECURITY...

  12. 75 FR 31273 - Social Security Administration Implementation of OMB Guidance for Drug-Free Workplace Requirements

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-03

    ...-Free Workplace Requirements AGENCY: Social Security Administration. ACTION: Final rule with request for... recordkeeping requirements. Michael J. Astrue, Commissioner of Social Security. 0 Accordingly, for the reasons... / Thursday, June 3, 2010 / Rules and Regulations#0;#0; ] SOCIAL SECURITY ADMINISTRATION 2 CFR Part 2339...

  13. Examining Race and Ethnicity Information in Medicare Administrative Data.

    PubMed

    Filice, Clara E; Joynt, Karen E

    2016-07-29

    Racial and ethnic disparities are observed in the health status and health outcomes of Medicare beneficiaries. Reducing these disparities is a national priority, and having high-quality data on individuals' race and ethnicity is critical for researchers working to do so. However, using Medicare data to identify race and ethnicity is not straightforward. Currently, Medicare largely relies on Social Security Administration data for information about Medicare beneficiary race and ethnicity. Directly self-reported race and ethnicity information is collected for subsets of Medicare beneficiaries but is not explicitly collected for the purpose of populating race/ethnicity information in the Medicare administrative record. As a consequence of historical data collection practices, the quality of Medicare's administrative data on race and ethnicity varies substantially by racial/ethnic group; the data are generally much more accurate for whites and blacks than for other racial/ethnic groups. Identification of Hispanic and Asian/Pacific Islander beneficiaries has improved through use of an imputation algorithm recently applied to the Medicare administrative database. To improve the accuracy of race/ethnicity data for Medicare beneficiaries, researchers have developed techniques such as geocoding and surname analysis that indirectly assign Medicare beneficiary race and ethnicity. However, these techniques are relatively new and data may not be widely available. Understanding the strengths and limitations of different approaches to identifying race and ethnicity will help researchers choose the best method for their particular purpose, and help policymakers interpret studies using these measures.

  14. Secure medical information sharing in cloud computing.

    PubMed

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  15. Directory of Energy Information Administration models, 1990

    SciTech Connect

    Not Available

    1990-06-04

    This directory revises and updates the Directory of Energy Information Administration Models, DOE/EIA-0293(89), Energy Information Administration (EIA), US Department of Energy, May 1989. The major changes are the inclusion of the Building Energy End-Use Model (BEEM-PC), Residential Energy End-Use Model (REEM-PC), the Refinery Yield Model Spreadsheet System (RYMSS-PC), and the Capital Stock Model (CAPSTOCK-PC). Also, the following models have been inactivated: Energy Disaggregated Input-Output Model (EDIO), Household Model of Energy (HOME3-PC), Commercial Sector Energy Model (CSEM-PC), Outer Continental Shelf Oil and Gas Supply Model (OCSM), and the Stock Module of the Intermediate Future Forecasting System (STOCK). This directory contains descriptions about each basic and auxiliary model, including the title, acronym, purpose, and type, followed by more detailed information on characteristics, uses, and requirements. For developing models, limited information is provided. Sources for additional information are identified. Included in this directory are 38 EIA models active as of March 1, 1990, as well as the PC-AEO Forecasting Model Overview and the three Subsystems for the Short-Term Integrated Forecasting System (STIFS) Model. Models that run on personal computers are identified by PC'' as part of the acronym.

  16. Data Mining for Security Information: A Survey

    SciTech Connect

    Brugger, S T; Kelley, M; Sumikawa, K; Wakumoto, S

    2001-04-19

    This paper will present a survey of the current published work and products available to do off-line data mining for computer network security information. Hundreds of megabytes of data are collected every second that are of interest to computer security professionals. This data can answer questions ranging from the proactive, ''Which machines are the attackers going to try to compromise?'' to the reactive, ''When did the intruder break into my system and how?'' Unfortunately, there's so much data that computer security professionals don't have time to sort through it all. What we need are systems that perform data mining at various levels on this corpus of data in order to ease the burden of the human analyst. Such systems typically operate on log data produced by hosts, firewalls and intrusion detection systems as such data is typically in a standard, machine readable format and usually provides information that is most relevant to the security of the system. Systems that do this type of data mining for security information fall under the classification of intrusion detection systems. It is important to point out that we are not surveying real-time intrusion detection systems. Instead, we examined what is possible when the analysis is done off-line. Doing the analysis off-line allows for a larger amount of data correlation between distant sites who transfer relevant log files periodically and may be able to take greater advantage of an archive of past logs. Such a system is not a replacement for a real-time intrusion detection system but should be used in conjunction with one. In fact, as noted previously, the logs of the real-time IDS may be one of the inputs to the data mining system. We will concentrate on the application of data mining to network connection data, as opposed to system logs or the output of real-time intrusion detection systems. We do this primarily because this data is readily obtained from firewalls or real-time intrusion detectors and it

  17. Why information security belongs on the CFO's agenda.

    PubMed

    Quinnild, James; Fusile, Jeff; Smith, Cindy

    2006-02-01

    Healthcare financial executives need to understand the complex and growing role of information security in supporting the business of health care. The biggest security gaps in healthcare organizations occur in strategy and centralization, business executive preparation, and protected health information. CFOs should collaborate with the CIO in engaging a comprehensive framework to develop, implement, communicate, and maintain an enterprisewide information security strategy.

  18. 41 CFR 105-53.133 - Information Security Oversight Office.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed...

  19. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 Transportation 1 2012-10-01 2012-10-01 false Sensitive security information. 15.5 Section 15.5 Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.5 Sensitive security information. (a) In general. In accordance with 49 U.S.C. 40119(b)(1), SSI is...

  20. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 1 2014-10-01 2014-10-01 false Sensitive security information. 15.5 Section 15.5 Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.5 Sensitive security information. (a) In general. In accordance with 49 U.S.C. 40119(b)(1), SSI is...

  1. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45... 32 National Defense 6 2012-07-01 2012-07-01 false Information Security Program Review....

  2. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review....

  3. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45... 32 National Defense 6 2014-07-01 2014-07-01 false Information Security Program Review....

  4. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45... 32 National Defense 6 2013-07-01 2013-07-01 false Information Security Program Review....

  5. 32 CFR 2400.45 - Information Security Program Review.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Program Review....

  6. 32 CFR 2700.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700.51 Section 2700.51 National Defense Other Regulations Relating to National Defense OFFICE FOR MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The...

  7. Examining the Relationship between Organization Systems and Information Security Awareness

    ERIC Educational Resources Information Center

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  8. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 6 2013-07-01 2013-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National...

  9. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National...

  10. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 6 2012-07-01 2012-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National...

  11. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 6 2014-07-01 2014-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National...

  12. 39 CFR 267.5 - National Security Information.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 39 Postal Service 1 2014-07-01 2014-07-01 false National Security Information. 267.5 Section 267.5... § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive Order 12356 National Security Information (hereinafter referred to as...

  13. Exploring Factors that Influence Students' Behaviors in Information Security

    ERIC Educational Resources Information Center

    Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

    2012-01-01

    Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

  14. Academic Information Security Researchers: Hackers or Specialists?

    PubMed

    Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

    2017-04-10

    In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

  15. Sensitive Security Information (SSI) and Transportation Security: Background and Controversies

    DTIC Science & Technology

    2004-02-05

    with airport security procedures, employee accountability, passenger screening, and airport secrecy agreements. In January 2003, the Dallas/Fort... Airport Security Flaws Bring Criticism,” Los Angeles Times, July 2, 2002, p. A8. 16 Charles Piller and Ricardo Alonso-Zaldivar, “A Suspect Computer...Secrecy in Airport Security Contract Criticized,” Des Moines Register, Sept. 27, 2003, p. 1A; James Andrews, “Here in Tristate, Security’s Tighter

  16. Privacy in confidential administrative micro data: implementing statistical disclosure control in a secure computing environment.

    PubMed

    Hochfellner, Daniela; Müller, Dana; Schmucker, Alexandra

    2014-12-01

    The demand for comprehensive and innovative data is constantly growing in social science. In particular, micro data from various social security agencies become more and more attractive. In contrast to survey data, administrative data offer a census with highly reliable information but are restricted in their usage. To make them accessible for researchers, data or research output either have to be anonymized or released after disclosure review procedures have been used. This article discusses the trade-off between maintaining a high capability of research potential while protecting private information, by exploiting the data disclosure portfolio and the adopted disclosure strategies of the Research Data Center of the German Federal Employment Agency.

  17. Information technology orientation for young hospital administrators.

    PubMed

    Bakshi, Syed Murtuza Hussain

    2012-01-01

    Information technology has evolved over the years and taken its place in every sector, including health care. Every health care professional uses a computer almost every day. Information technology is expected to provide the staff with reliable information for decision making, reducing medical errors and processing time and improving communication. As the health care market grows increasingly competitive and complex, hospitals are relying more and more on information technology as a primary tool to help them compete. Every postgraduate should take a basic course on computers and IT applications. Many universities and colleges offer a masters program in health administration, and with enormous numbers of new post graduates, well grounded in IT, are offering their services to hospitals and allied health care divisions. Their experiences are reflected in the various job codes, which illustrate the need for planning, careful investment, and educational training to put information technology to work in today's sophisticated advanced health care setting. Information technology cannot reach its full potential without a properly trained staff working together as a team.

  18. The secure authorization model for healthcare information system.

    PubMed

    Hsu, Wen-Shin; Pan, Jiann-I

    2013-10-01

    Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

  19. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    ERIC Educational Resources Information Center

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  20. 75 FR 31744 - Information Collection; Contract Operations and Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-04

    ... Forest Service Information Collection; Contract Operations and Administration AGENCY: Forest Service... information collection, Contract Operations and Administration. DATES: Comments must be received in writing on... 8 p.m., Eastern Standard time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title:...

  1. Towards a Secure Federated Information System

    DTIC Science & Technology

    2012-08-01

    integrity in a federated system. Referential integrity ensures that named resources can be accessed when needed. This is an important property for re...liability and security. However, the attempt to provide referential integrity can itself lead to security vulnerabilities that are currently not well...understood. This dissertation identifies three such referential security vulnerabilities, and formal- izes security conditions corresponding to their

  2. Institutionalization of Information Security: Case of the Indonesian Banking Sector

    ERIC Educational Resources Information Center

    Nasution, Muhamad Faisal Fariduddin Attar

    2012-01-01

    This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

  3. Effect of Organizational Factors on Information Security Implementations

    ERIC Educational Resources Information Center

    Perez, Rafael G.

    2013-01-01

    The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

  4. 78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-04

    ... SECURITY Homeland Security Information Network Advisory Committee (HSINAC) AGENCY: OPS/OCIO, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet on February 27th-28th, 2013 in Washington, DC....

  5. Information security: from classical to quantum

    NASA Astrophysics Data System (ADS)

    Barnett, Stephen M.; Brougham, Thomas

    2012-09-01

    Quantum cryptography was designed to provide a new approach to the problem of distributing keys for private-key cryptography. The principal idea is that security can be ensured by exploiting the laws of quantum physics and, in particular, by the fact that any attempt to measure a quantum state will change it uncontrollably. This change can be detected by the legitimate users of the communication channel and so reveal to them the presence of an eavesdropper. In this paper I explain (briefly) how quantum key distribution works and some of the progress that has been made towards making this a viable technology. With the principles of quantum communication and quantum key distribution firmly established, it is perhaps time to consider how efficient it can be made. It is interesting to ask, in particular, how many bits of information might reasonably be encoded securely on each photon. The use of photons entangled in their time of arrival might make it possible to achieve data rates in excess of 10 bits per photon.

  6. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  7. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  8. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  9. An Information Security Control Assessment Methodology for Organizations

    ERIC Educational Resources Information Center

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  10. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  11. 49 CFR 8.9 - Information Security Review Committee.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section 8.9 Transportation Office of the Secretary of Transportation CLASSIFIED INFORMATION: CLASSIFICATION/DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established...

  12. 48 CFR 1339.107-70 - Information security.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information...

  13. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security... temporarily waived by the Secretary. (c) Security requirements—(1) Standard. An endorsed sponsor must...

  14. [How to establish the hospital information system security policies].

    PubMed

    Gong, Qing-Yue; Shi, Cheng

    2008-03-01

    It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

  15. AVIATION SECURITY: Transportation Security Administration Faces Immediate and Long-Term Challenges

    DTIC Science & Technology

    2007-11-02

    circumvent airport security , and provide whistleblower protection for air carrier and airport security workers. (See app. III for a summary of pending...GAO-01-1171T. Washington, D.C.: September 25, 2001. Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening...125. Washington, D.C.: March 16, 2000. Aviation Security: FAA’s Actions to Study Responsibilities and Funding for Airport Security and to Certify

  16. Transportation Security Administration in Defense of the National Aviation Infrastructure

    DTIC Science & Technology

    2009-02-12

    evidence suggests a hole exists within our airport security process. That hole may be caused by an over-reliance on technology and a blatant disregard of...environment enables BDOs to operate with increased effectiveness.11 Technology. Three major tools sit at the airport security technology forefront...Through Covert Testing of TSA’s Passenger Screening Process, GAO‐08‐48T, 15 Nov 07, 2. 16 Orlando News, “TSA Workers Skipping Orlando Airport Security Causes

  17. Crime and Security Risk: Background Information for Security Personnel

    DTIC Science & Technology

    1993-08-01

    Monterey, CA: Defense Personnel Security Research and Education Center. 69. Hare, R. D., Hart, S. D., & Harpur, T. J. (1991). Psychopathy and the DSM-IV...Predictors of psychopathy and release outcome in a criminal population. Psycho- logical Assessment: A Journal of Consulting and Clinical Psychology, 4, 419

  18. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  19. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  20. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  1. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor...

  2. Information security management system planning for CBRN facilities

    SciTech Connect

    Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  3. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  4. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  5. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  6. 48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology...

  7. Computer security: a necessary element of integrated information systems.

    PubMed Central

    Butzen, F; Furler, F

    1986-01-01

    The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data. PMID:3742113

  8. Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

    ERIC Educational Resources Information Center

    Okolo, Nkiru Benjamin

    2016-01-01

    Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

  9. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION... Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 1 Bracketed references pertain... 32 National Defense 6 2012-07-01 2012-07-01 false Responsibilities of the Director,...

  10. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION... Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 1 Bracketed references pertain... 32 National Defense 6 2011-07-01 2011-07-01 false Responsibilities of the Director,...

  11. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION... Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 1 Bracketed references pertain... 32 National Defense 6 2013-07-01 2013-07-01 false Responsibilities of the Director,...

  12. 32 CFR 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 1

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION... Responsibilities of the Director, Information Security Oversight Office (ISOO) . 1 1 Bracketed references pertain... 32 National Defense 6 2014-07-01 2014-07-01 false Responsibilities of the Director,...

  13. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients.

  14. Information security for compliance with select agent regulations.

    PubMed

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

  15. Information Security for Compliance with Select Agent Regulations

    PubMed Central

    Lewis, Nick; Campbell, Mark J.

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  16. Transportation Security Administration Efficiency and Flexibility Act of 2011

    THOMAS, 112th Congress

    Sen. Wicker, Roger F. [R-MS

    2011-07-13

    07/13/2011 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  17. 75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-29

    ... SECURITY Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday, August... meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet from... Homeland Security Information Network Advisory Committee is to identify issues and provide to...

  18. 78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-29

    ... SECURITY Committee Name: Homeland Security Information Network Advisory Committee (HSINAC) AGENCY... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Information Network... Homeland Security Information Network Advisory Committee (HSINAC) is an advisory body to the...

  19. Information security requirements in patient-centred healthcare support systems.

    PubMed

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  20. 75 FR 21012 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-22

    ... OMB Review: Highway Corporate Security Review (CSR) AGENCY: Transportation Security Administration... Requirement Title: Corporate Security Review (CSR). Type of Request: Reinstatement. OMB Control Number: 1652..., TSA personnel complete the CSR form, which asks security-related questions. This assessment...

  1. Information Security in Higher Education. Professional Paper Series, #5.

    ERIC Educational Resources Information Center

    Elliott, Raymond; And Others

    Intended to generate discussion and motivate proactive intervention in matters of information security, this paper defines and discusses some of the key issues relating to information security on college and university campuses based on in-depth interviews conducted at eight selected higher education institutions of varying size and composition in…

  2. 75 FR 45154 - National Security Division; Agency Information Collection Activities:

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-02

    ... National Security Division; Agency Information Collection Activities: Proposed Collection; Comments... (Foreign Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National...

  3. A Framework for the Governance of Information Security

    ERIC Educational Resources Information Center

    Edwards, Charles K.

    2013-01-01

    Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

  4. 42 CFR 600.350 - Privacy and security of information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information. 600.350 Section 600.350 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State...

  5. 45 CFR 303.30 - Securing medical support information.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 45 Public Welfare 2 2011-10-01 2011-10-01 false Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT... HUMAN SERVICES STANDARDS FOR PROGRAM OPERATIONS § 303.30 Securing medical support information. (a)...

  6. 45 CFR 303.30 - Securing medical support information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 2 2010-10-01 2010-10-01 false Securing medical support information. 303.30 Section 303.30 Public Welfare Regulations Relating to Public Welfare OFFICE OF CHILD SUPPORT ENFORCEMENT... HUMAN SERVICES STANDARDS FOR PROGRAM OPERATIONS § 303.30 Securing medical support information. (a)...

  7. How to Keep Your Health Information Private and Secure

    MedlinePlus

    ... Center’s Internet and American Life Project Keep Your Electronic Health Information Secure There are a number of ways you can help protect your electronic health information. Here are some tips to ensure ...

  8. A security system for personal genome information at DNA level.

    PubMed

    Kawazoe, Yumi; Shiba, Toshikazu; Yamamoto, Masahito; Ohuchi, Azuma

    2002-01-01

    The personal information encoded in genomic DNA should not be made available to the public. With the increasing discoveries of new genes, it has become necessary to establish a security system for personal genome information. Although many security systems that are applied for electrical information in computers have been developed and established, there is no security system for information at DNA level. In this paper, we describe a new security system for information encoded within DNA. The original genomic DNA was mixed with many kinds of dummy DNAs (mixtures of natural and/or artificial DNAs) resulting in the masking of the original information. Using these dummy molecules, we succeeded to completely 'lock'the original genome information. If this information must be 'unlocked', it can be extracted and analyzed by a removal of dummy DNAs using molecular tagging techniques or by selective amplification using key primers.

  9. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its... titles II, VIII, and/or XVI of the Social Security Act, summonses and complaints to be served by mail...

  10. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its... titles II, VIII, and/or XVI of the Social Security Act, summonses and complaints to be served by mail...

  11. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its... titles II, VIII, and/or XVI of the Social Security Act, summonses and complaints to be served by mail...

  12. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its... titles II, VIII, and/or XVI of the Social Security Act, summonses and complaints to be served by mail...

  13. 20 CFR 423.1 - Suits against the Social Security Administration and its employees in their official capacities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Suits against the Social Security... SECURITY ADMINISTRATION SERVICE OF PROCESS § 423.1 Suits against the Social Security Administration and its... titles II, VIII, and/or XVI of the Social Security Act, summonses and complaints to be served by mail...

  14. Secure Sensor Semantic Web and Information Fusion

    DTIC Science & Technology

    2014-06-25

    AIS) as a service in the cloud. The urgency of this need has been voiced as recently as April 2011 by NSA (National Security Agency) CIO (Chief...expressive enough to support many of the complex policies needed for AIS missions like those of the NSA and DoD. Second, to meet the scalability and...Kantarcioglu, Kevin W. Hamlen, Bhavani M. Thuraisingham: Measuring expertise and bias in cyber security using cognitive and neuroscience approaches. ISI 2013

  15. 75 FR 37253 - Classified National Security Information

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-28

    ... 2001.60 General. Subpart G--Security Education and Training 2001.70 General. 2001.71 Coverage. Subpart........... 5.4 2001.70 Security Education and Training, 5.4 General. 2001.71 Coverage 1.3(d), 2.1(d), 3.7(b), 4... the subject of a challenge or access demand pursuant to the Order or law. Sec. 2001.11...

  16. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Access to restricted data and national security... Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access to restricted data and national security...

  17. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Access to restricted data and national security... Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access to restricted data and national security...

  18. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    SciTech Connect

    Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo; Mili, Ali; Trien, Joseph P

    2006-01-01

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  19. Energy Information Administration new releases. Volume 1

    SciTech Connect

    1997-04-01

    This publication of the National Energy Information Center contains news items and information sources related primarily to electricity generation. News items reported on in this issue include utility compliance costs for the Clean Air Act, 1995 profits for major energy companies, and competition issues in the electric power and natural gas industries. A summary report on crude oil prices is also presented. Other information provided includes a listing of 1996 publications from the center, electronic information services, and energy data information contacts.

  20. 14 CFR 193.5 - How may I submit safety or security information and have it protected from disclosure?

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false How may I submit safety or security information and have it protected from disclosure? 193.5 Section 193.5 Aeronautics and Space FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF TRANSPORTATION (CONTINUED) ADMINISTRATIVE REGULATIONS PROTECTION OF VOLUNTARILY SUBMITTED INFORMATION § 193.5 How...

  1. On-Line Administrative Information Systems: A Case Study.

    ERIC Educational Resources Information Center

    Sire, Paul W.

    A case study approach is used to document the on-line information system developed by the Office of Management Information and Computing at the University of Vermont. Stanford University's Project INFO On-Line Administration Information System, OASIS, was chosen as a model. The administrative system is one of two on campus, the other designed for…

  2. 32 CFR 2001.42 - Standards for security equipment.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... security equipment designed to provide secure storage for classified information. Whenever new secure... Section 2001.42 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY...

  3. The Impact of Information Richness on Information Security Awareness Training Effectiveness

    ERIC Educational Resources Information Center

    Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

    2009-01-01

    In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

  4. 20 CFR 603.9 - What safeguards and security requirements apply to disclosed information?

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false What safeguards and security requirements apply to disclosed information? 603.9 Section 603.9 Employees' Benefits EMPLOYMENT AND TRAINING ADMINISTRATION, DEPARTMENT OF LABOR FEDERAL-STATE UNEMPLOYMENT COMPENSATION (UC) PROGRAM; CONFIDENTIALITY AND DISCLOSURE OF STATE UC...

  5. Securing Information in the Healthcare Industry: Network Security, Incident Management, and Insider Threat

    DTIC Science & Technology

    2016-06-07

    2010 Carnegie Mellon University Securing Information in the Healthcare Industry: Network Security, Incident Management , and Insider Threat http...1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and...Industry: Network Security, Incident Management , and Insider Threat 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d

  6. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... processing, (4) Information dissemination and disclosure, (5) Information storage and destruction, (b...) Information processing or storage system procurement, (5) Contractual relationships. ... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section...

  7. 39 CFR 267.4 - Information security standards.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... processing, (4) Information dissemination and disclosure, (5) Information storage and destruction, (b...) Information processing or storage system procurement, (5) Contractual relationships. ... 39 Postal Service 1 2011-07-01 2011-07-01 false Information security standards. 267.4 Section...

  8. Modeling behavioral considerations related to information security.

    SciTech Connect

    Martinez-Moyano, I. J.; Conrad, S. H.; Andersen, D. F.

    2011-01-01

    The authors present experimental and simulation results of an outcome-based learning model for the identification of threats to security systems. This model integrates judgment, decision-making, and learning theories to provide a unified framework for the behavioral study of upcoming threats.

  9. Federal Information Security Amendments Act of 2012

    THOMAS, 112th Congress

    Rep. Issa, Darrell E. [R-CA-49

    2012-03-26

    05/07/2012 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

  10. Federal Information Security Amendments Act of 2013

    THOMAS, 113th Congress

    Rep. Issa, Darrell E. [R-CA-49

    2013-03-14

    04/17/2013 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Notes: For further action, see S.2521, which became Public Law 113-283 on 12/18/2014. Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

  11. Protecting Office Information: Computer and Data Security.

    ERIC Educational Resources Information Center

    Davis-Newton, Hazel C.

    1986-01-01

    Discusses the nature of modern office automation, microcomputer access controls that can be activated to improve security (passwords, error lockout, palm geometry, automatic shutoff, time lock, call back), data communications controls (cryptographic transmission of data, scramblers, dial-back-devices), and management practices that may be…

  12. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    DTIC Science & Technology

    2001-06-01

    Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system. Ideally, the principles presented here would he used from the onset of a program-at the beginning of, or during the design phase- and then employed throughout the system’s life-cycle. However, these principles are also helpful in affirming and confirming the security posture of already deployed information systems. The principles are short and concise and can he used by organizations

  13. 75 FR 34093 - Information Collection; General Program Administration

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-16

    ... Farm Service Agency Information Collection; General Program Administration AGENCY: Farm Service Agency... General Program Administration. DATES: We will consider comments that we receive by August 16, 2010...: Farm Loan Programs--General Program Administration (7 CFR part 761). OMB Number: 0560-0238....

  14. Information Security Issues in Higher Education and Institutional Research

    ERIC Educational Resources Information Center

    Custer, William L.

    2010-01-01

    Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

  15. An Examination of Issues Surrounding Information Security in California Colleges

    ERIC Educational Resources Information Center

    Butler, Robert D.

    2013-01-01

    Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

  16. 32 CFR 2103.51 - Information Security Oversight Committee.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103.51 Section 2103.51 National Defense Other Regulations Relating to National Defense NATIONAL SECURITY COUNCIL REGULATIONS TO IMPLEMENT E.O. 12065-INCLUDING PROCEDURES FOR PUBLIC ACCESS TO DOCUMENTS THAT MAY BE DECLASSIFIED Implementation and Review...

  17. 39 CFR 267.5 - National Security Information.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Executive Order) which deals with the protection, handling and classification of national security.... (2) Derivative Classification means the carrying forward of a classification from one document to a... derivative classification of national security information in the custody of, and use by, the Postal...

  18. 36 CFR 1256.46 - National security-classified information.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 36 Parks, Forests, and Public Property 3 2011-07-01 2011-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National...

  19. 36 CFR 1256.46 - National security-classified information.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 36 Parks, Forests, and Public Property 3 2013-07-01 2012-07-01 true National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National...

  20. 36 CFR 1256.46 - National security-classified information.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 36 Parks, Forests, and Public Property 3 2012-07-01 2012-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National...

  1. An Innovative Community College Program and Partnership in Information Security.

    ERIC Educational Resources Information Center

    Howard, Barbara C; Morneau, Keith A.

    This report describes an innovative network security program initiated by Northern Virginia Community College and funded with a grant from the Northern Virginia Regional Partnership. The program educates and trains students in the instillation, configuration, and troubleshooting of the hardware and software infrastructure of information security.…

  2. Management Information Systems: Applications to Educational Administration.

    ERIC Educational Resources Information Center

    Witkin, Belle Ruth

    An orientation to management information systems (MIS) is offered which presents information about MIS in the context of public education and suggests some considerations that should be taken into account in designing and operating such systems. MIS is defined as a set of operating procedures that act as a control system to automatically provide…

  3. The electronic security partnership of safety/security and information systems departments.

    PubMed

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  4. Business Administration and Computer Science Degrees: Earnings, Job Security, and Job Satisfaction

    ERIC Educational Resources Information Center

    Mehta, Kamlesh; Uhlig, Ronald

    2017-01-01

    This paper examines the potential of business administration vs. computer science degrees in terms of earnings, job security, and job satisfaction. The paper focuses on earnings potential five years and ten years after the completion of business administration and computer science degrees. Moreover, the paper presents the income changes with…

  5. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-01

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching... denying a person's benefits or payments. B. SSA Computer Matches Subject to the Privacy Act We have...

  6. Agents Based e-Commerce and Securing Exchanged Information

    NASA Astrophysics Data System (ADS)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  7. Beyond the security paradox: Ten criteria for a socially informed security policy.

    PubMed

    Pavone, Vincenzo; Ball, Kirstie; Degli Esposti, Sara; Dibb, Sally; Santiago-Gómez, Elvira

    2017-04-01

    This article investigates the normative and procedural criteria adopted by European citizens to assess the acceptability of surveillance-oriented security technologies. It draws on qualitative data gathered at 12 citizen summits in nine European countries. The analysis identifies 10 criteria, generated by citizens themselves, for a socially informed security policy. These criteria not only reveal the conditions, purposes and operation rules that would make current European security policies and technologies more consistent with citizens' priorities. They also cast light on an interesting paradox: although people feel safe in their daily lives, they believe security could, and should, be improved.

  8. How Homeland Security Affects Spatial Information

    ERIC Educational Resources Information Center

    Zellmer, Linda

    2004-01-01

    A recent article in Security-Focus described the fact that several U.S. government buildings in Washington DC could no longer be clearly seen by people using MapQuest's aerial photo database. In addition, the photos of these buildings were altered at the Web sites wherein they are posted at the request of the U.S. Secret Service. This is an…

  9. Coordinating UAV information for executing national security-oriented collaboration

    NASA Astrophysics Data System (ADS)

    Isenor, Anthony W.; Allard, Yannick; Lapinski, Anna-Liesa S.; Demers, Hugues; Radulescu, Dan

    2014-10-01

    Unmanned Aerial Vehicles (UAVs) are being used by numerous nations for defence-related missions. In some cases, the UAV is considered a cost-effective means to acquire data such as imagery over a location or object. Considering Canada's geographic expanse, UAVs are also being suggested as a potential platform for use in surveillance of remote areas, such as northern Canada. However, such activities are typically associated with security as opposed to defence. The use of a defence platform for security activities introduces the issue of information exchange between the defence and security communities and their software applications. This paper explores the flow of information from the system used by the UAVs employed by the Royal Canadian Navy. Multiple computers are setup, each with the information system used by the UAVs, including appropriate communication between the systems. Simulated data that may be expected from a typical maritime UAV mission is then fed into the information system. The information structures common to the Canadian security community are then used to store and transfer the simulated data. The resulting data flow from the defence-oriented UAV system to the security-oriented information structure is then displayed using an open source geospatial application. Use of the information structures and applications relevant to the security community avoids the distribution restrictions often associated with defence-specific applications.

  10. Small accessible quantum information does not imply security.

    PubMed

    König, Robert; Renner, Renato; Bariska, Andor; Maurer, Ueli

    2007-04-06

    The security of quantum key distribution is typically defined in terms of the mutual information between the distributed key S and the outcome of an optimal measurement applied to the adversary's system. We show that even if this so-called accessible information is small, the key S might not be secure enough to be used in applications such as one-time pad encryption. This flaw is due to a locking property of the accessible information: one additional (physical) bit of information can increase the accessible information by more than one bit.

  11. Information Security Management - Part Of The Integrated Management System

    NASA Astrophysics Data System (ADS)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  12. Report: Improvements Needed in Key EPA Information System Security Practices

    EPA Pesticide Factsheets

    Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

  13. Report: Fiscal Year 2010 Federal Information Security Management Act Report

    EPA Pesticide Factsheets

    Report #11-P-0017, November 16, 2010. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2010 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

  14. PREDICT: Privacy and Security Enhancing Dynamic Information Monitoring

    DTIC Science & Technology

    2015-08-03

    aggregation, secure multiparty communication protocols were developed and evaluated [22]. These protocols permit the evaluation of certain functions...Li Xiong, Privacy Enhancing Dynamic Information Collection and Monitoring, Invited talk, Kyoto University, Kyoto , Japan, July 2015. [3] Li Xiong

  15. 10 CFR 10.33 - Action by the Deputy Executive Director for Information Services and Administration and Chief...

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Action by the Deputy Executive Director for Information Services and Administration and Chief Information Officer. 10.33 Section 10.33 Energy NUCLEAR REGULATORY... SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.33 Action by the Deputy Executive...

  16. 10 CFR 10.33 - Action by the Deputy Executive Director for Information Services and Administration and Chief...

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Action by the Deputy Executive Director for Information Services and Administration and Chief Information Officer. 10.33 Section 10.33 Energy NUCLEAR REGULATORY... SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.33 Action by the Deputy Executive...

  17. 10 CFR 10.33 - Action by the Deputy Executive Director for Information Services and Administration and Chief...

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Action by the Deputy Executive Director for Information Services and Administration and Chief Information Officer. 10.33 Section 10.33 Energy NUCLEAR REGULATORY... SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.33 Action by the Deputy Executive...

  18. High level security policies for Healthcare Information Systems.

    PubMed

    Katsikas, Sokratis; Kokolakis, Spyros

    2003-01-01

    Healthcare Establishments (HCE) have are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to this effort, but they could become the cause of portability and interoperability problems. Moreover, policies that fail to take into account all the aspects of HIS security, the legal and regulatory requirements, and the existence of several stakeholders may lead to ineffective or inefficient security measures. Policies of a special category, named Generic Security Policies (GSPs), should be developed to provide policy-level harmonisation and guidance to policy-makers within HCEs. Five such policies are comparatively reviewed herein.

  19. Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

    EPA Pesticide Factsheets

    Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

  20. Limitations on information-theoretically-secure quantum homomorphic encryption

    NASA Astrophysics Data System (ADS)

    Yu, Li; Pérez-Delgado, Carlos A.; Fitzsimons, Joseph F.

    2014-11-01

    Homomorphic encryption is a form of encryption which allows computation to be carried out on the encrypted data without the need for decryption. The success of quantum approaches to related tasks in a delegated computation setting has raised the question of whether quantum mechanics may be used to achieve information-theoretically-secure fully homomorphic encryption. Here we show, via an information localization argument, that deterministic fully homomorphic encryption necessarily incurs exponential overhead if perfect security is required.

  1. An integrative behavioral model of information security policy compliance.

    PubMed

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  2. An Integrative Behavioral Model of Information Security Policy Compliance

    PubMed Central

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  3. Directory of Energy Information Administration models 1989

    SciTech Connect

    Not Available

    1989-05-24

    This directory contains descriptions about each basic and auxiliary model, including the title, acronym, purpose, and type, followed by more detailed information on characteristics, uses, and requirements. For developing models, limited information is provided. Sources for additional information are identified. Included in this directory are 40 EIA models active as of March 1, 1989, as well as the PC-AEO Forecasting Model Overview and the three Subsystems for the Short-Term Integrated Forecasting System (STIFS) Model. Models that run on personal computers are identified by ''PC'' as part of the acronym. The main body of this directory is an alphabetical listing of all basic and auxiliary EIA models. Appendix A identifies major EIA modeling systems and the models within these systems, and Appendix B identifies EIA models by type (basic or auxiliary). Appendix C lists developing models and contact persons for those models.

  4. The European cooperative approach to securing critical information infrastructure.

    PubMed

    Purser, Steve

    2011-10-01

    This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

  5. Three Essays on Information Technology Security Management in Organizations

    ERIC Educational Resources Information Center

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  6. Information Security Management Practices of K-12 School Districts

    ERIC Educational Resources Information Center

    Nyachwaya, Samson

    2013-01-01

    The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

  7. How secure is your information system? An investigation into actual healthcare worker password practices.

    PubMed

    Cazier, Joseph A; Medlin, B Dawn

    2006-09-27

    For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

  8. How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

    PubMed Central

    Cazier, Joseph A; Medlin, B. Dawn

    2006-01-01

    For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

  9. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a)...

  10. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a)...

  11. Infoseconomics: A Utility Model for Information Security

    DTIC Science & Technology

    2010-09-01

    provide coarse- grained concepts (such as “Top Secret”, “Secret”, and “Confidential”, and in the United Kingdom “Impact Levels” [25]) that provide limited...worthless, and the funds spent will be of no further benefit. As highlighted in section 3, the value of a secret may decrease over time. In the case of...Technical Report MTR–3153, The MITRE Corporation, Bedford, MA. 5. Brewer , D. & Nash, M. (1989) The chinese wall security model, in IEEE Symposium on

  12. 78 FR 4393 - Applications for New Awards; Minorities and Retirement Security Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-22

    ... SOCIAL SECURITY ADMINISTRATION Applications for New Awards; Minorities and Retirement Security Program... Policy, Social Security Administration. ACTION: Notice. Overview Information: Minorities and Retirement... Education (ED or the Department) and the United States Social Security Administration (SSA). The MRS...

  13. Security in health-care information systems--current trends.

    PubMed

    Smith, E; Eloff, J H

    1999-04-01

    Ever since health-care information systems have been implemented, their security is being considered an important issue, especially in the light of the fact that their data are deemed to comprise extremely sensitive information. The prospect of storing health information in electronic form raises concerns about patient privacy and data security. Any attempt to introduce computerised health-care information systems should, therefore, guarantee adequate protection of the confidentiality and integrity of patient information. At the same time, the patient information also needs to be readily available to all authorised health-care providers, in order to ensure the proper treatment of the patient. The principal aim of the present paper is, however, not to make a new contribution to the subject of security per se, but rather to give an overview of current trends in the security aspects of health-care information systems. The final section of the paper will be devoted to a number of proposals for further research possibilities in the domain of health-care information systems security.

  14. 20 CFR 410.686b - Fee for services performed for an individual before the Social Security Administration.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... before the Social Security Administration. 410.686b Section 410.686b Employees' Benefits SOCIAL SECURITY... Representation of Parties § 410.686b Fee for services performed for an individual before the Social Security Administration. (a) General. A fee for services performed for an individual before the Social...

  15. 2 CFR 2339.500 - Who in the Social Security Administration determines that a recipient other than an individual...

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 2 Grants and Agreements 1 2013-01-01 2013-01-01 false Who in the Social Security Administration... 2339.500 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Consequences § 2339.500 Who in the Social Security Administration determines that a recipient other than...

  16. 2 CFR 2339.225 - Who in the Social Security Administration does a recipient other than an individual notify about...

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 2 Grants and Agreements 1 2011-01-01 2011-01-01 false Who in the Social Security Administration... 2339.225 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Individuals § 2339.225 Who in the Social Security Administration does a recipient other than an...

  17. 2 CFR 2339.225 - Who in the Social Security Administration does a recipient other than an individual notify about...

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 2 Grants and Agreements 1 2014-01-01 2014-01-01 false Who in the Social Security Administration... 2339.225 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Individuals § 2339.225 Who in the Social Security Administration does a recipient other than an...

  18. 2 CFR 2339.225 - Who in the Social Security Administration does a recipient other than an individual notify about...

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 2 Grants and Agreements 1 2013-01-01 2013-01-01 false Who in the Social Security Administration... 2339.225 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Individuals § 2339.225 Who in the Social Security Administration does a recipient other than an...

  19. 2 CFR 2339.500 - Who in the Social Security Administration determines that a recipient other than an individual...

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 2 Grants and Agreements 1 2011-01-01 2011-01-01 false Who in the Social Security Administration... 2339.500 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Consequences § 2339.500 Who in the Social Security Administration determines that a recipient other than...

  20. 2 CFR 2339.500 - Who in the Social Security Administration determines that a recipient other than an individual...

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 2 Grants and Agreements 1 2014-01-01 2014-01-01 false Who in the Social Security Administration... 2339.500 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Consequences § 2339.500 Who in the Social Security Administration determines that a recipient other than...

  1. 2 CFR 2339.500 - Who in the Social Security Administration determines that a recipient other than an individual...

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 2 Grants and Agreements 1 2012-01-01 2012-01-01 false Who in the Social Security Administration... 2339.500 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Consequences § 2339.500 Who in the Social Security Administration determines that a recipient other than...

  2. 2 CFR 2339.225 - Who in the Social Security Administration does a recipient other than an individual notify about...

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 2 Grants and Agreements 1 2012-01-01 2012-01-01 false Who in the Social Security Administration... 2339.225 Grants and Agreements Federal Agency Regulations for Grants and Agreements SOCIAL SECURITY... Individuals § 2339.225 Who in the Social Security Administration does a recipient other than an...

  3. Report: Fiscal Year 2015 Federal Information Security Modernization Act Report: Status of CSB’s Information Security Program

    EPA Pesticide Factsheets

    Report #16-P-0086, January 27, 2016. The effectiveness of the CSB’s information security program is challenged by its lack of personal identity verification cards for logical access, complete system inventory.

  4. State-of-the-art research on electromagnetic information security

    NASA Astrophysics Data System (ADS)

    Hayashi, Yu-ichi

    2016-07-01

    As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

  5. Directory of energy information administration models 1995

    SciTech Connect

    1995-07-13

    This updated directory has been published annually; after this issue, it will be published only biennially. The Disruption Impact Simulator Model in use by EIA is included. Model descriptions have been updated according to revised documentation approved during the past year. This directory contains descriptions about each model, including title, acronym, purpose, followed by more detailed information on characteristics, uses, and requirements. Sources for additional information are identified. Included are 37 EIA models active as of February 1, 1995. The first group is the National Energy Modeling System (NEMS) models. The second group is all other EIA models that are not part of NEMS. Appendix A identifies major EIA modeling systems and the models within these systems. Appendix B is a summary of the `Annual Energy Outlook` Forecasting System.

  6. Directory of Energy Information Administration Models 1993

    SciTech Connect

    Not Available

    1993-07-06

    This directory contains descriptions about each model, including the title, acronym, purpose, followed by more detailed information on characteristics, uses, and requirements. Sources for additional information are identified. Included in this directory are 35 EIA models active as of May 1, 1993. Models that run on personal computers are identified by ``PC`` as part of the acronym. EIA is developing new models, a National Energy Modeling System (NEMS), and is making changes to existing models to include new technologies, environmental issues, conservation, and renewables, as well as extend forecast horizon. Other parts of the Department are involved in this modeling effort. A fully operational model is planned which will integrate completed segments of NEMS for its first official application--preparation of EIA`s Annual Energy Outlook 1994. Abstracts for the new models will be included in next year`s version of this directory.

  7. Fuzzy assessment of health information system users' security awareness.

    PubMed

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  8. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    PubMed Central

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

  9. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    PubMed

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  10. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage... Security Benefits and Payments § 404.1362 Treatment of social security benefits or payments where...

  11. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage... Security Benefits and Payments § 404.1362 Treatment of social security benefits or payments where...

  12. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage... Security Benefits and Payments § 404.1362 Treatment of social security benefits or payments where...

  13. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage... Security Benefits and Payments § 404.1362 Treatment of social security benefits or payments where...

  14. 20 CFR 404.1362 - Treatment of social security benefits or payments where Veterans Administration pension or...

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Treatment of social security benefits or...' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Wage... Security Benefits and Payments § 404.1362 Treatment of social security benefits or payments where...

  15. Directory of Energy Information Administration Model Abstracts

    SciTech Connect

    Not Available

    1986-07-16

    This directory partially fulfills the requirements of Section 8c, of the documentation order, which states in part that: The Office of Statistical Standards will annually publish an EIA document based on the collected abstracts and the appendices. This report contains brief statements about each model's title, acronym, purpose, and status, followed by more detailed information on characteristics, uses, and requirements. Sources for additional information are identified. All models active through March 1985 are included. The main body of this directory is an alphabetical list of all active EIA models. Appendix A identifies major EIA modeling systems and the models within these systems, and Appendix B identifies active EIA models by type (basic, auxiliary, and developing). EIA also leases models developed by proprietary software vendors. Documentation for these proprietary models is the responsibility of the companies from which they are leased. EIA has recently leased models from Chase Econometrics, Inc., Data Resources, Inc. (DRI), the Oak Ridge National Laboratory (ORNL), and Wharton Econometric Forecasting Associates (WEFA). Leased models are not abstracted here. The directory is intended for the use of energy and energy-policy analysts in the public and private sectors.

  16. Strategic approach to information security and assurance in health research.

    PubMed

    Akazawa, Shunichi; Igarashi, Manabu; Sawa, Hirofumi; Tamashiro, Hiko

    2005-09-01

    Information security and assurance are an increasingly critical issue in health research. Whether health research be in genetics, new drugs, disease outbreaks, biochemistry, or effects of radiation, it deals with information that is highly sensitive and which could be targeted by rogue individuals or groups, corporations, national intelligence agencies, or terrorists, looking for financial, social, or political gains. The advents of the Internet and advances in recent information technologies have also dramatically increased opportunities for attackers to exploit sensitive and valuable information.Government agencies have deployed legislative measures to protect the privacy of health information and developed information security guidelines for epidemiological studies. However, risks are grossly underestimated and little effort has been made to strategically and comprehensively protect health research information by institutions, governments and international communities.There is a need to enforce a set of proactive measures to protect health research information locally and globally. Such measures should be deployed at all levels but will be successful only if research communities collaborate actively, governments enforce appropriate legislative measures at national level, and the international community develops quality standards, concluding treaties if necessary, at the global level.Proactive measures for the best information security and assurance would be achieved through rigorous management process with a cycle of "plan, do, check, and act". Each health research entity, such as hospitals, universities, institutions, or laboratories, should implement this cycle and establish an authoritative security and assurance organization, program and plan coordinated by a designatedChief Security Officer who will ensure implementation of the above process, putting appropriate security controls in place, with key focus areas such aspolicies and best practices, enforcement

  17. 78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... records containing the results from TSA's intelligence-driven risk- based analysis of Secure Flight... CFR Sec. 1560. \\1\\ 77 FR 69491 (Nov. 19, 2012). Under sec. 4012(a)(1)-(2) of the Intelligence Reform... Intelligence Agency, the Secretary of the Treasury, and the Secretary of Defense. The Attorney General,...

  18. Do You Ignore Information Security in Your Journal Website?

    PubMed

    Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

    2016-11-24

    Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

  19. National Aeronautics and Space Administration Scientific and Technical Information Programs.

    ERIC Educational Resources Information Center

    Pinelli, Thomas E., Ed.

    1990-01-01

    Eleven articles discuss informational and educational programs of the National Aeronautics and Space Administration (NASA). Some of the areas discussed include scientific and technical information management, the new Space and Earth Science Information Systems, transfer of technology to other industries, intellectual property issues, and the…

  20. Enhancing security and improving interoperability in healthcare information systems.

    PubMed

    Gritzalis, D A

    1998-01-01

    Security is a key issue in healthcare information systems, since most aspects of security become of considerable or even critical importance when handling healthcare information. In addition, the intense need for information exchange has revealed interoperability of systems and applications as another key issue. Standardization can play an important role towards both these issues. In this paper, relevant standardization activities are briefly presented, and existing and emerging healthcare information security standards are identified and critically analysed. The analysis is based on a framework which has been developed for this reason. Therefore, the identification of gaps and inconsistencies in current standardization, the description of the conflicts of standards with legislation, and the analysis of implications of these standards to user organizations, are the main results of this paper.

  1. Security of healthcare information systems based on the CORBA middleware.

    PubMed

    Blobel, B; Holena, M

    1997-01-01

    The development of healthcare systems in accordance to the "Shared Care" paradigm results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems demand a high level of data protection and data security, both with respect to patient information and with respect to users. The security concepts and measures available and additionally needed in health information systems based on CORBA architecture are described in this paper. The proposed security solution is also open to other middleware approaches, such as DHE or HL7.

  2. Information Networks Secured by the Laws of Physics

    NASA Astrophysics Data System (ADS)

    Kish, Laszlo B.; Peper, Ferdinand

    In this paper, we survey the state of the art of the secure key exchange method that is secured by the laws of classical statistical physics, and involves the Kirchhoff's law and the generalized Johnson noise equation, too. We discuss the major characteristics and advantages of these schemes especially in comparison with quantum encryption, and analyze some of the technical challenges of its implementation, too. Finally, we outline some ideas about how to use already existing and currently used wire lines, such as power lines, phone lines, internet lines to implement unconditionally secure information networks.

  3. ARTEMIS: towards a secure interoperability infrastructure for healthcare information systems.

    PubMed

    Boniface, Mike; Wilken, Paul

    2005-01-01

    The ARTEMIS project is developing a semantic web service based P2P interoperability infrastructure for healthcare information systems. The strict legislative framework in which these systems are deployed means that the interoperability of security and privacy mechanisms is an important requirement in supporting communication of electronic healthcare records across organisation boundaries. In ARTEMIS, healthcare providers define semantically annotated security and privacy policies for web services based on organisational requirements. The ARTEMIS mediator uses these semantic web service descriptions to broker between organisational policies by reasoning over security and clinical concept ontologies.

  4. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  5. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  6. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  7. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  8. National Security and Information Technology: The New Regulatory Option?

    ERIC Educational Resources Information Center

    Irwin, Manley R.

    1987-01-01

    Summarizes recent developments in information technology research and development, telecommunication services, telephone manufacturing, telecommunication networks, information processing, and U.S. import/export policy. It is concluded that government regulation as a policy strategy depends on how one defines national security. (Author/CLB)

  9. Secure and Privacy-Preserving Distributed Information Brokering

    ERIC Educational Resources Information Center

    Li, Fengjun

    2010-01-01

    As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

  10. 49 CFR 15.5 - Sensitive security information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... privacy (including, but not limited to, information contained in any personnel, medical, or similar file... specific locations or specific security procedures. Such information will be released after the relevant 12-month period, except that TSA will not release the specific gate or other location on an airport...

  11. How to implement security controls for an information security program at CBRN facilities

    SciTech Connect

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  12. Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

    ERIC Educational Resources Information Center

    Imam, Abbas H.

    2013-01-01

    Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

  13. Security threats categories in healthcare information systems.

    PubMed

    Samy, Ganthan Narayana; Ahmad, Rabiah; Ismail, Zuraini

    2010-09-01

    This article attempts to investigate the various types of threats that exist in healthcare information systems (HIS). A study has been carried out in one of the government-supported hospitals in Malaysia.The hospital has been equipped with a Total Hospital Information System (THIS). The data collected were from three different departments, namely the Information Technology Department (ITD), the Medical Record Department (MRD), and the X-Ray Department, using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The results show that the most critical threat for the THIS is power failure followed by acts of human error or failure and other technological factors. This research holds significant value in terms of providing a complete taxonomy of threat categories in HIS and also an important component in the risk analysis stage.

  14. Implementation of an advanced clinical and administrative hospital information system.

    PubMed

    Vegoda, P R; Dyro, J F

    1986-01-01

    Over the last six years since University Hospital opened, the University Hospital Information System (UHIS) has continued to evolve to what is today an advanced administrative and clinical information system. At University Hospital UHIS is the way of conducting business. A wide range of patient care applications are operational including Patient Registration, ADT for Inpatient/Outpatient/Emergency Room visits, Advanced Order Entry/Result Reporting, Medical Records, Lab Automated Data Acquisition/Quality Control, Pharmacy, Radiology, Dietary, Respiratory Therapy, ECG, EEG, Cardiology, Physical/Occupational Therapy and Nursing. These systems and numerous financial systems have been installed in a highly tuned, efficient computer system. All applications are real-time, on-line, and data base oriented. Each system is provided with multiple data security levels, forward file recovery, and dynamic transaction backout of in-flight tasks. Sensitive medical information is safeguarded by job function passwords, identification codes, need-to-know master screens and terminal keylocks. University Hospital has an IBM 3083 CPU with five 3380 disk drives, four dual density tape drives, and a 3705 network controller. The network of 300 terminals and 100 printers is connected to the computer center by an RF broadband cable. The software is configured around the IBM/MVS operating system using CICS as the telecommunication monitor, IMS as the data base management system and PCS/ADS as the application enabling tool. The most extensive clinical system added to UHIS is the Physiological Monitoring/Patient Data Management System with serves 92 critical care beds. In keeping with the Hospital's philosophy of integrated computing, the PMS/PDMS with its network of minicomputers was linked to the UHIS system. In a pilot program, remote access to UHIS through the IBM personal computer has been implemented in several physician offices in the local community, further extending the communications

  15. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  16. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  17. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  18. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  19. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security...

  20. A secure and robust information hiding technique for covert communication

    NASA Astrophysics Data System (ADS)

    Parah, S. A.; Sheikh, J. A.; Hafiz, A. M.; Bhat, G. M.

    2015-08-01

    The unprecedented advancement of multimedia and growth of the internet has made it possible to reproduce and distribute digital media easier and faster. This has given birth to information security issues, especially when the information pertains to national security, e-banking transactions, etc. The disguised form of encrypted data makes an adversary suspicious and increases the chance of attack. Information hiding overcomes this inherent problem of cryptographic systems and is emerging as an effective means of securing sensitive data being transmitted over insecure channels. In this paper, a secure and robust information hiding technique referred to as Intermediate Significant Bit Plane Embedding (ISBPE) is presented. The data to be embedded is scrambled and embedding is carried out using the concept of Pseudorandom Address Vector (PAV) and Complementary Address Vector (CAV) to enhance the security of the embedded data. The proposed ISBPE technique is fully immune to Least Significant Bit (LSB) removal/replacement attack. Experimental investigations reveal that the proposed technique is more robust to various image processing attacks like JPEG compression, Additive White Gaussian Noise (AWGN), low pass filtering, etc. compared to conventional LSB techniques. The various advantages offered by ISBPE technique make it a good candidate for covert communication.

  1. 77 FR 71431 - New Agency Information Collection Activity Under OMB Review: Highway Baseline Assessment for...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-30

    ... SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review... Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the Transportation Security..., Office of Information Technology (OIT), TSA-11, Transportation Security Administration, 601 South......

  2. 77 FR 65701 - Extension of Agency Information Collection Activity Under OMB Review: Office of Law Enforcement...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-30

    ... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under...: Transportation Security Administration, DHS. ACTION: 30-Day Notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office......

  3. The enhancement of security in healthcare information systems.

    PubMed

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  4. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    PubMed Central

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  5. 76 FR 75799 - General Administrative Regulations; Mutual Consent Cancellation; Food Security Act of 1985...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-05

    ... Consent Cancellation; Food Security Act of 1985, Implementation; Denial of Benefits; and Ineligibility for... remove Subpart C--General Administrative Regulations; Mutual Consent Cancellation and Subpart F--Food... quality of the human environment, health, or safety. Therefore, neither an Environmental Assessment nor...

  6. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 2 2014-10-01 2014-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL PROVISIONS SPECIAL PROGRAMS AND PROJECTS...

  7. 77 FR 18716 - Transportation Security Administration Postal Zip Code Change; Technical Amendment

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-28

    ... Postal Zip Code Change; Technical Amendment AGENCY: Transportation Security Administration, DHS. ACTION... zip code. This rule revises existing regulations to reflect organizational changes and it has no.... Background Beginning December 17, 2008, the postal zip codes for TSA headquarters facilities in Virginia...

  8. The Social Security Administration's Youth Transition Demonstration Projects: Interim Report on Transition WORKS

    ERIC Educational Resources Information Center

    Fraker, Thomas; Black, Alison; Mamun, Arif; Manno, Michelle; Martinez, John; O'Day, Bonnie; O'Toole, Meghan; Rangarajan, Anu; Reed, Debbie

    2011-01-01

    The Social Security Administration is funding a random assignment evaluation of six demonstration projects to improve employment and other outcomes for youth ages 14 to 25 who are either receiving disability benefits or are at high risk of receiving them in the future. This report reviews the Youth Transition Demonstration (YTD) projects, located…

  9. Three Quantum Leaps in the Development of Information Security

    NASA Astrophysics Data System (ADS)

    Kaijser, Per

    2007-12-01

    This paper gives a coarse overview of the historical development of algorithms used for information security. It is shown that the development of these encryption algorithms has been made in small incremental steps for almost 2000 years until the latter part of the last century when three revolutionary inventions were made. The main properties of these new technologies, the public key encryption method, quantum cryptography and quantum computing are explained and demonstrates why they can be seen as quantum leaps in the development of information security.

  10. Develop security architecture for both in-house healthcare information systems and electronic patient record

    NASA Astrophysics Data System (ADS)

    Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

    2003-05-01

    In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

  11. 75 FR 63192 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-14

    ... SECURITY Transportation Security Administration Intent To Request Renewal From OMB of One Current Public Collection of Information: Air Cargo Security Requirements AGENCY: Transportation Security Administration, DHS. ACTION: 60-day notice. SUMMARY: The Transportation Security Administration (TSA) invites...

  12. 77 FR 31632 - Intent To Request Approval From OMB of One New Public Collection of Information: Highway Baseline...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-29

    ... SECURITY Transportation Security Administration Intent To Request Approval From OMB of One New Public...: Transportation Security Administration, DHS. ACTION: 60-day notice. SUMMARY: The Transportation Security... Information Technology (OIT), TSA-11, Transportation Security Administration, 601 South 12th......

  13. Information Security Analysis Using Game Theory and Simulation

    SciTech Connect

    Schlicher, Bob G; Abercrombie, Robert K

    2012-01-01

    Information security analysis can be performed using game theory implemented in dynamic simulations of Agent Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability that allows us to also address previous limitations of current stochastic game models. Such models only consider perfect information assuming that the defender is always able to detect attacks; assuming that the state transition probabilities are fixed before the game assuming that the players actions are always synchronous; and that most models are not scalable with the size and complexity of systems under consideration. Our use of ABMs yields results of selected experiments that demonstrate our proposed approach and provides a quantitative measure for realistic information systems and their related security scenarios.

  14. Information security: where computer science, economics and psychology meet.

    PubMed

    Anderson, Ross; Moore, Tyler

    2009-07-13

    Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

  15. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 6 2014-07-01 2014-07-01 false Telecommunications automated information systems... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk...

  16. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Telecommunications automated information systems... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk...

  17. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 6 2013-07-01 2013-07-01 false Telecommunications automated information systems... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk...

  18. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 6 2012-07-01 2012-07-01 false Telecommunications automated information systems... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk...

  19. Energy Information Administration New Releases, July--August 1990

    SciTech Connect

    Jacobus, P.; Springer, I.

    1990-09-01

    New Releases'' is Energy Information Administration's news letter, which reports its activities, publications, and machine-readable data files and modeling programs. For each publication or report, an abstract, subscription price, availability, and other bibliographical information are included. It covers crude oil, natural gas, and natural gas liquids reserves, coal, electricity, nuclear fuel, renewable energy and conservation, and petroleum. Order forms are also provided.

  20. Capturing and classifying functional status information in administrative databases.

    PubMed

    Iezzoni, Lisa I; Greenberg, Marjorie S

    2003-01-01

    The health care delivery system aims to improve the functioning of Americans, but little information exists to judge progress toward meeting this goal. Administrative data generated through running and overseeing health care delivery offer considerable information about diagnoses and procedures in coded formats comparable across settings of care. This article explores the issues raised when considering adding coded information about functional status to administrative databases throughout the health care system. The National Committee on Vital and Health Statistics (NCVHS) identified the International Classification of Functioning, Disability and Health (ICF) as the only viable code set for consistently reporting functional status.

  1. Securing information using optically generated biometric keys

    NASA Astrophysics Data System (ADS)

    Verma, Gaurav; Sinha, Aloka

    2016-11-01

    In this paper, we present a new technique to obtain biometric keys by using the fingerprint of a person for an optical image encryption system. The key generation scheme uses the fingerprint biometric information in terms of the amplitude mask (AM) and the phase mask (PM) of the reconstructed fingerprint image that is implemented using the digital holographic technique. Statistical tests have been conducted to check the randomness of the fingerprint PM key that enables its usage as an image encryption key. To explore the utility of the generated biometric keys, an optical image encryption system has been further demonstrated based on the phase retrieval algorithm and the double random phase encoding scheme in which keys for the encryption are used as the AM and the PM key. The advantage associated with the proposed scheme is that the biometric keys’ retrieval requires the simultaneous presence of the fingerprint hologram and the correct knowledge of the reconstruction parameters at the decryption stage, which not only verifies the authenticity of the person but also protects the valuable fingerprint biometric features of the keys. Numerical results are carried out to prove the feasibility and the effectiveness of the proposed encryption system.

  2. Federal Agency and Federal Library Reports: Library of Congress; Center for the Book; Federal Library and Information Center Committee; National Agricultural Library; National Library of Medicine; United States Government Printing Office; National Technical Information Service; National Archives and Records Administration; National Center for Education Statistics Library Statistics Program; National Commission on Libraries and Information Science; National Library of Education; Educational Resources Information Center.

    ERIC Educational Resources Information Center

    Fischer, Audrey; Cole, John Y.; Tarr, Susan M.; Carey, Len; Mehnert, Robert; Sherman, Andrew M.; Davis, Linda; Leahy, Debra W.; Chute, Adrienne; Willard, Robert S.; Dunn, Christina

    2003-01-01

    Includes annual reports from 12 federal agencies and libraries that discuss security, budgets, legislation, digital projects, preservation, government role, information management, personnel changes, collections, databases, financial issues, services, administration, Web sites, access to information, customer service, statistics, international…

  3. 77 FR 72814 - Information Collection; Secure Rural Schools Act

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-06

    ... Forest Service Information Collection; Secure Rural Schools Act AGENCY: Forest Service, USDA. ACTION... announces the intention of the Forest Service to seek approval to renew and revise a currently approved... Forest Service is seeking comments from all interested individuals and organizations on renewal...

  4. A Doctoral Program With Specialization in Information Security

    DTIC Science & Technology

    2004-01-01

    non-native English speakers are required to score well on the TOEFL examination as a requirement for admission to the NPS Ph.D. program. A Master’s...selected (checked) courses intended to prepare them for dissertation research. Candidates in the Information Assurance and Security specialization

  5. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    SciTech Connect

    Chavez, Gregory M; Key, Brian P; Zerkle, David K; Shevitz, Daniel W

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  6. Information Security in the Age of Cloud Computing

    ERIC Educational Resources Information Center

    Sims, J. Eric

    2012-01-01

    Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

  7. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 15 Commerce and Foreign Trade 3 2011-01-01 2011-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  8. Security Self-Assessment Guide for Information Technology Systems

    DTIC Science & Technology

    2001-08-01

    Self-Assessment Guide for Information Technology Systems 5 . FUNDING NUMBERS 6. AUTHOR(S) Marianne Swanson 7. PERFORMING ORGANIZATION NAME(S) AND...SENSITIVITY ASSESSMENT ............................................................................................................... 5 3...defines general support system or “system” in similar terms. Security Self-Assessment Guide For IT Systems 5 All components of a system need not be

  9. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 15 Commerce and Foreign Trade 3 2014-01-01 2014-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  10. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 15 Commerce and Foreign Trade 3 2013-01-01 2013-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  11. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 15 Commerce and Foreign Trade 3 2012-01-01 2012-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  12. Privacy and Security in an Oncology Information System

    PubMed Central

    Blum, Bruce I.; Lenhard, Raymond E.

    1978-01-01

    The growing number of automated medical data bases has focused attention upon the problems associated with privacy and security of patient data. This paper briefly reviews some of the approaches to data base protection and then describes the solution to these problems which have been implemented in the Johns Hopkins Oncology Center Clinical Information System.

  13. An Undergraduate Information Security Program: More than a Curriculum

    ERIC Educational Resources Information Center

    Woodward, Belle; Imboden, Thomas; Martin, Nancy L.

    2013-01-01

    This paper describes the implementation of an information security program at a large Midwestern university. The initial work is briefly summarized and improvements that have occurred over time are described. Current activities and future plans are discussed. This paper offers insight and lessons learned for organizations that have or are…

  14. 15 CFR 2008.18 - Information Security Oversight Committee.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 15 Commerce and Foreign Trade 3 2010-01-01 2010-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE...

  15. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... unwarranted invasion of privacy (including, but not limited to, information contained in any personnel... identity of any aircraft operator in connection with specific locations or specific security procedures... the specific gate or other location on an airport where an event occurred, regardless of the amount...

  16. 49 CFR 1520.5 - Sensitive security information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... unwarranted invasion of privacy (including, but not limited to, information contained in any personnel... identity of any aircraft operator in connection with specific locations or specific security procedures... the specific gate or other location on an airport where an event occurred, regardless of the amount...

  17. 31 CFR 363.45 - What are the rules for judicial and administrative actions involving securities held in...

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... administrative actions involving securities held in TreasuryDirect ®? 363.45 Section 363.45 Money and Finance... BUREAU OF THE PUBLIC DEBT REGULATIONS GOVERNING SECURITIES HELD IN TREASURYDIRECT General Provisions Governing Securities Held in TreasuryDirect § 363.45 What are the rules for judicial and...

  18. Single-Photon Secure Quantum Dialogue Protocol Without Information Leakage

    NASA Astrophysics Data System (ADS)

    Zhou, Nan-Run; Hua, Tian-Xiang; Wu, Gui-Tong; He, Chao-Sheng; Zhang, Ye

    2014-11-01

    Combining the idea of ping-pong protocol with Controlled-NOT operation, we propose a secure quantum dialogue protocol based on single-photonss. Bob obtains the information of the encrypted quantum state by performing Controlled-NOT operation on the auxiliary particle and the encrypted single-photonss. Unlike the previous quantum dialogue protocols based on single-photonss, the proposed protocol not only overcomes information leakage but also possesses an acceptable efficiency.

  19. 20 CFR 404.455 - Request by Social Security Administration for reports of earnings and estimated earnings; effect...

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Request by Social Security Administration for....455 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Deductions; Reductions; and Nonpayments of Benefits § 404.455 Request by Social...

  20. 20 CFR 404.455 - Request by Social Security Administration for reports of earnings and estimated earnings; effect...

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Request by Social Security Administration for....455 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Deductions; Reductions; and Nonpayments of Benefits § 404.455 Request by Social...

  1. 20 CFR 404.455 - Request by Social Security Administration for reports of earnings and estimated earnings; effect...

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Request by Social Security Administration for....455 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Deductions; Reductions; and Nonpayments of Benefits § 404.455 Request by Social...

  2. 20 CFR 404.455 - Request by Social Security Administration for reports of earnings and estimated earnings; effect...

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Request by Social Security Administration for....455 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Deductions; Reductions; and Nonpayments of Benefits § 404.455 Request by Social...

  3. 20 CFR 404.455 - Request by Social Security Administration for reports of earnings and estimated earnings; effect...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Request by Social Security Administration for....455 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Deductions; Reductions; and Nonpayments of Benefits § 404.455 Request by Social...

  4. Guidelines for contingency planning NASA (National Aeronautics and Space Administration) ADP security risk reduction decision studies

    NASA Technical Reports Server (NTRS)

    Tompkins, F. G.

    1984-01-01

    Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.

  5. Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

    NASA Technical Reports Server (NTRS)

    Takamura, Eduardo; Mangum, Kevin

    2016-01-01

    The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

  6. Applicants' preference for impression management tactic in employment interviews by Transportation Security Administration.

    PubMed

    Scudder, Joseph N; Lamude, Kevin G

    2009-04-01

    Following past findings on employment interviews, this study hypothesized applicants would have a preference for using self-promoting tactics of impression management over other focuses. Self-reports of impression management tactics were collected from 124 applicants who had interviews for screener positions with the Transportation Security Administration. Contrary to the hypothesis, analysis indicated participants reported they used more ingratiation tactics attempting to praise the interviewer than self-promotion tactics which focused on their own accomplishments. Special qualifications for security jobs which required well-developed perceptual abilities and the controlling structure of the interview context were perhaps responsible for present results differing from prior findings.

  7. 75 FR 57102 - Occupational Information Development Advisory Panel Meeting; Correction

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-17

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Occupational Information Development Advisory Panel Meeting; Correction AGENCY: Social Security...: Occupational Information Development Advisory Panel, Social Security Administration, 6401 Security...

  8. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the...

  9. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the...

  10. 44 CFR 8.3 - Senior FEMA official responsible for the information security program.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the...

  11. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Access to matter classified as National Security... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data....

  12. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Access to matter classified as National Security... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data....

  13. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Protection of National Security Information and Restricted... CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.25 Protection of National Security Information and Restricted Data in storage. (a) Secret matter,...

  14. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Access to matter classified as National Security... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data....

  15. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Protection of National Security Information and Restricted... CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.25 Protection of National Security Information and Restricted Data in storage. (a) Secret matter,...

  16. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Protection of National Security Information and Restricted... CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.25 Protection of National Security Information and Restricted Data in storage. (a) Secret matter,...

  17. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Access to matter classified as National Security... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data....

  18. 78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-10

    ... SECURITY Homeland Security Information Network Advisory Committee (HSINAC); Meeting AGENCY: OPS/OCIO, DHS... Security Information Network Advisory Committee (HSINAC) will meet on Tuesday, June 25th, 2013 from 1 p.m...: http://www.dhs.gov/homeland-security-information-network-advisory-committee . There is a meeting...

  19. Assessing and Comparing Information Security in Swiss Hospitals

    PubMed Central

    Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

    2012-01-01

    Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008

  20. Does the PCEHR mean a new paradigm for information security? Implications for health information management.

    PubMed

    Williams, Patricia A H

    2013-01-01

    Australia is stepping up to the new e-health environment. With this comes new legislation and new demands on information security. The expanded functionality of e-health and the increased legislative requirements, coupled with new uses of technology, means that enhancement of existing security practice will be necessary. This paperanalyses the new operating environment for Australian healthcare and the legislation governing it, and highlights the changes that are required to meet this new context. Individuals are now more responsible for security and organisations should be prompted to review their security measures in light of the new demands of legislative compliance.

  1. A security architecture for interconnecting health information systems.

    PubMed

    Gritzalis, Dimitris; Lambrinoudakis, Costas

    2004-03-31

    Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

  2. Combination of context-role and perimeter protection paradigms for modelling the security of information systems

    NASA Astrophysics Data System (ADS)

    Tun, Hein; Lupin, Sergey; Gureev, Aleksandr

    2016-10-01

    A possibility of using the Hybrid Modelling for the estimation of information systems ability for preventing the unauthorized access has been analyzed. Proposed approach combines two paradigms of information security - context-role and perimeter protection. AnyLogic was used as a platform for development and simulation the experimental model. AnyLogic allows us to use agent based and discrete event methods for formalization the processes in information systems security. According to the context-role model the permissions of agents are determined by their position in administrative hierarchy. In our approach the access rights of agents depend also from their position in protected environment. Article shows the structure of Anylogic model and set of data which provide the various behaviors of agents and the functionality of perimeter's protection. Simulation experiments confirmed the usability of hybrid models for estimation the level of information security. The set of agents' parameters allows determining the wide range of their activities and investigating the reaction of security system to their behavior.

  3. 78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-20

    ... National Institute of Standards and Technology Request for Information on Computer Security Incident... submitting comments relating to Computer Security Incident Coordination. NIST experienced technical... Technology (NIST) announced that it was soliciting comments relating to Computer Security...

  4. 75 FR 45152 - National Security Division: Agency Information Collection Activities: Proposed Collection...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-02

    ... National Security Division: Agency Information Collection Activities: Proposed Collection; Comments... (Foreign Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... & Constitution Avenue, NW., National Security Division, Counterespionage Section/ Registration Unit,...

  5. 78 FR 46594 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-01

    ... OMB Review: Aviation Security Customer Satisfaction Performance Measurement Passenger Survey AGENCY.... Information Collection Requirement Title: Aviation Security Customer Satisfaction Performance Measurement...; Aviation Security Customer Satisfaction Performance Measurement Passenger Survey. TSA, with OMB's...

  6. 76 FR 78673 - New Agency Information Collection Activity Under OMB Review: Exercise Information System (EXIS)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-19

    ... SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Exercise Information System (EXIS) AGENCY: Transportation Security Administration, DHS. ACTION: 30-day... burden for the TSA Exercise Information System (EXIS). EXIS is a web portal designed to...

  7. 76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-13

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

  8. 75 FR 10545 - Occupational Information Development Advisory Panel Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-08

    ... ADMINISTRATION Occupational Information Development Advisory Panel Meeting AGENCY: Social Security Administration... System Development Project activities and the proposed integration with Panel activities; subcommittee...: Occupational Information Development Advisory Panel, Social Security Administration, 6401 Security Boulevard,...

  9. A mobile agent approach for secure integrated medical information systems.

    PubMed

    Liu, Chia-Hui; Chung, Yu-Fang; Chiang, Te-Wei; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-10-01

    Different patient-related information in medical organizations is the primary reference for medical personnel diagnosing, treating, and caring patients. With the rapid development of information technology, paper-based medical records have gradually been changed to electronic forms. However, different medical organizations present individual system specifications and data-saving formats so that the medical information of the same patient cannot be exchanged, shared, and securely accessed. In order not to largely change the present medical information systems as well as not to increase abundant costs, Virtual Integrated Medical-information Systems (VIMS) is proposed to assist various hospitals in information exchange. Furthermore, with Mobile Agent, the dispersed medical information can be securely integrated. It presents confidentiality, non-repudiation, source authentication, and integrity in network transmission. Virtual Integrated Medical-information Systems (VIMS) is a virtual electronic integration system combined with Mobile Agent technology. With the features of independence, adaptability, mobility, objectives, and autonomy, Mobile Agent is applied to overcome the problems from heterogeneous systems. With the features, the over-dispersed medical records can be integrated. Moreover, Mobile Agent can ensure the instantaneity and usability of medical records from which doctors can make the most appropriate evaluation and diagnoses. It will avoid the waste of medical resources, such as repetition medication, as well as become the reference of further consultation or health check. Not only can it improve the medical care quality, but it can be provided for medical research.

  10. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

  11. Administrator Highlights U.S.-Georgian Nuclear Security Cooperation in Tbilisi

    ScienceCinema

    Thomas D'Agostino

    2016-07-12

    NNSA Administrator Thomas D'Agostino highlighted the strong U.S.-Georgian cooperation on nuclear security issues during a day-long visit to the Republic of Georgia in mid-June. He briefed the media at availability at the Tbilisi airport. In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." In order to meet that challenge, the President's FY2011 Budget Request includes close to $2.7 billion for the National Nuclear Security Administration's Defense Nuclear Nonproliferation program -- an increase of 25.7 percent over FY2010. Included in that request is NNSA's Second Line of Defense (SLD) program, which works around the world to strengthen the capability of foreign governments to deter, detect, and interdict illicit trafficking in nuclear and other radioactive materials across international borders and through the global maritime shipping system.

  12. Administrator Highlights U.S.-Georgian Nuclear Security Cooperation in Tbilisi

    SciTech Connect

    Thomas D'Agostino

    2010-07-16

    NNSA Administrator Thomas D'Agostino highlighted the strong U.S.-Georgian cooperation on nuclear security issues during a day-long visit to the Republic of Georgia in mid-June. He briefed the media at availability at the Tbilisi airport. In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." In order to meet that challenge, the President's FY2011 Budget Request includes close to $2.7 billion for the National Nuclear Security Administration's Defense Nuclear Nonproliferation program -- an increase of 25.7 percent over FY2010. Included in that request is NNSA's Second Line of Defense (SLD) program, which works around the world to strengthen the capability of foreign governments to deter, detect, and interdict illicit trafficking in nuclear and other radioactive materials across international borders and through the global maritime shipping system.

  13. Future of security and privacy in medical information.

    PubMed

    Wiederhold, Gio

    2002-01-01

    Today, issues of privacy and confidentiality in healthcare are dealt largely informally. Little legislation exists, and the awkwardness of accessing paper records makes violations of patients' privacy sporadic. As healthcare institutions move towards a future where all information is kept in an Electronic Medical Record (EMR), the casual attitudes that are prevalent will be in conflict with the desires and expectations of the patients. Legislation has been passed to make the holders of medical data responsible for securely protecting the patients privacy. Specific implementation guidelines are still lacking. There is much institutional resistance to the adoption of rigorous rules, but we expect that in the near future reliable procedures will have to be implemented to comply both with legal guidelines and patient's expectations. After introducing the issue more precisely we provide an overview over the concepts needed to understand the roles of technology of privacy and security and the people that must manage the technology. We then discuss the components of secure EMR systems and will point out where adequate technology exists and where future improvements are essential. We conclude with some advice to healthcare management facing the demands for security and privacy that the future will bring.

  14. Web Security for Access of Private Information via the Internet

    PubMed Central

    Anderson, Lynn; Rauscher, Richard; Lee, H.

    2001-01-01

    Authentication, authorization, accounting, and encryption are goals of security strategies for web information being accessed that is private. The definition of these terms is as follows: • Authentication - validation that the individual (or system) is who they say they are • Authorization - validation that the individual (or system) accessing information is authorized to do so • Accounting - records are kept of what is accessed • Encryption - use of a ‘scrambling’ algorithm such that the information can pass securely across the public Internet without being intelligible; information is specifically ‘unscrambled’ or deencrypted at the receiving end Many tools can be used to meet these goals. The degree to which the goals are met is determined by how we use these tools. Methodologies similar to TSEC[1] and ITSEC[2] can be used to determine the appropriate level of protection for a particular web application. This poster describes a set of effective strategies for web application security and the level of protection each strategy provides.

  15. Informal Workers in Thailand: Occupational Health and Social Security Disparities.

    PubMed

    Kongtip, Pornpimol; Nankongnab, Noppanun; Chaikittiporn, Chalermchai; Laohaudomchok, Wisanti; Woskie, Susan; Slatin, Craig

    2015-08-01

    Informal workers in Thailand lack employee status as defined under the Labor Protection Act (LPA). Typically, they do not work at an employer's premise; they work at home and may be self-employed or temporary workers. They account for 62.6 percent of the Thai workforce and have a workplace accident rate ten times higher than formal workers. Most Thai Labor laws apply only to formal workers, but some protect informal workers in the domestic, home work, and agricultural sectors. Laws that protect informal workers lack practical enforcement mechanisms and are generally ineffective because informal workers lack employment contracts and awareness of their legal rights. Thai social security laws fail to provide informal workers with treatment of work-related accidents, diseases, and injuries; unemployment and retirement insurance; and workers' compensation. The article summarizes the differences in protections available for formal and informal sector workers and measures needed to decrease these disparities in coverage.

  16. 17 CFR 240.14a-3 - Information to be furnished to security holders.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Information to be furnished to security holders. 240.14a-3 Section 240.14a-3 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and...

  17. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Disclosure of tender offer information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules...

  18. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 6 Domestic Security 1 2012-01-01 2012-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200...

  19. 78 FR 68037 - Membership of the National Telecommunications and Information Administration's Performance Review...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-13

    ... National Telecommunications and Information Administration Membership of the National Telecommunications and Information Administration's Performance Review Board AGENCY: National Telecommunications and... Telecommunications and Information Administration's Performance Review Board Membership. SUMMARY: In accordance...

  20. 76 FR 64075 - Membership of the National Telecommunications and Information Administration's Performance Review...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-17

    ... National Telecommunications and Information Administration Membership of the National Telecommunications and Information Administration's Performance Review Board AGENCY: National Telecommunications and... Telecommunications and Information Administration's Performance Review Board Membership. SUMMARY: In accordance...

  1. 76 FR 66043 - Membership of the National Telecommunications and Information Administration's Performance Review...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-25

    ... National Telecommunications and Information Administration Membership of the National Telecommunications and Information Administration's Performance Review Board AGENCY: National Telecommunications and... Telecommunications and Information Administration's Performance Review Board Membership. SUMMARY: In accordance...

  2. Exploring security and privacy issues in hospital information system: an Information Boundary Theory perspective.

    PubMed

    Zakaria, Nasriah; Stanton, Jeffrey; Stam, Kathryn

    2003-01-01

    A small community hospital (67 beds) in Central New York was undergoing a major technological change within the organization, as they move from the use of several legacy information systems to a hospital-wide information system. The focus of the present research is to explore the privacy and security information issues using a framework called Information Boundary Theory [Stanton, 2002]. IBT explains the motivational factors that lead to the revelation or disclosing of information.

  3. 75 FR 23834 - Occupational Information System

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-04

    ... ADMINISTRATION Occupational Information System AGENCY: Social Security Administration (SSA). ACTION: Request for... Recommendations for the Social Security Administration Occupational Information System, September 2009.'' The... to provide independent advice and recommendations on creating an occupational information...

  4. Development of a model of information security requirements for enterprise-wide medical information systems.

    PubMed Central

    Orr, G. A.; Brantley, B. A.

    1992-01-01

    Information security methods developed within the narrow frameworks of operating system design, specific database models, and military security methods all concentrate on representation of the objects of access control, rather than on the information needs of the subjects. This approach does not adequately support the needs of the varied users of medical information systems, who must have access to information in support of multiple organizational roles. A new conceptual approach to access control in medical settings based on user requirements is discussed. PMID:1482882

  5. Executive Guide: Information Security Management. Learning From Leading Organizations

    DTIC Science & Technology

    1998-05-01

    associated with evolving practices, such as Internet use , identifying best practices regarding information security programs so that they can be adopted by...mitigating the risks associated with new applications involving Internet use and broadened access to the organization’s computerized data. As a result...the company’s (1) main network, (2) decentralized computer operations, and (3) Internet use . In addition, the group participates in the company’s

  6. An Information Security Education Initiative for Engineering and Computer Science

    DTIC Science & Technology

    2007-11-02

    Provost This report was prepared as part of the Naval Postgraduate School Center For Information Systems Security (INFOSEC) Studies and Research (NPS...Released by: DAN BOGER DAVID NETZER¾ý- Acting Dean of Division of Computer and Dean of Research Operations .- ’-rt7 rz Form approved REPORT...and Computer Science Shiu-Kai Chin Cynthia Irvine Department of Electrical and Center for INFOSEC Computer Engineering Studies and Research Syracuse

  7. Communications and Information: Communications Security (COMSEC) User Requirements

    DTIC Science & Technology

    2007-11-02

    CRO ) and COMSEC users to properly secure COMSEC material the local COMSEC manager issued to them. Refer technical comments to Headquarters Air Force...Introduction. This AFI sets procedures for CROs and COMSEC users. It describes their COMSEC duties and the minimum requirements for safeguarding...Secret COMSEC key and Top Secret key-generating equipment. It contains general COMSEC information of interest to all CROs and COMSEC users who receive

  8. Electronic Resources for Security Related Information, CIAC-2307 R.1

    DTIC Science & Technology

    1994-12-01

    other, possibly more ambiguous terms are hacker, intruder, cyberpunk , phreak, and so on. 5 The masculine pronoun with neutral intent is used for...Discuss) slopoke.mlb.semi.harris.com:/pub/IRC IRC client/server software ftp site soda.berkeley.edu:/pub/ cyberpunks remailer usage soda.berkeley.edu:/pub... cyberpunks /pgp pgp software.watson.ibm.com IBM fixes solbourne.solbourne.com Solbourne information (including security fixes) src.doc.ic.ac.uk

  9. Secure authentication system that generates seed from biometric information

    NASA Astrophysics Data System (ADS)

    Kim, Yeojin; Ahn, Jung-Ho; Byun, Hyeran

    2005-02-01

    As biometric recognition techniques are gradually improved, the stability of biometric authentication systems are enhanced. Although bioinformation has properties that make it resistant to fraud, biometric authentication systems are not immune to hacking. We show a secure biometric authentication system (1) to guarantee the integrity of biometric information by mixing data by use of a biometric key and (2) to raise recognition rates by use of bimodal biometrics.

  10. Secure authentication system that generates seed from biometric information.

    PubMed

    Kim, Yeojin; Ahn, Jung-Ho; Byun, Hyeran

    2005-02-10

    As biometric recognition techniques are gradually improved, the stability of biometric authentication systems are enhanced. Although bioinformation has properties that make it resistant to fraud, biometric authentication systems are not immune to hacking. We show a secure biometric authentication system (1) to guarantee the integrity of biometric information by mixing data by use of a biometric key and (2) to raise recognition rates by use of bimodal biometrics.

  11. Information Security Awareness On-Line Materials Design with Knowledge Maps

    ERIC Educational Resources Information Center

    Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

    2011-01-01

    Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

  12. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Security requirements for unclassified... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security... for Information Technology security for all systems connected to a NASA network or operated by...

  13. 20 CFR 655.665 - Notice to the Department of Homeland Security and the Employment and Training Administration.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... this part. (2) ETA, upon receipt of the Administrator's notice shall, in the case of an attesting... Activities in U.S. Ports § 655.665 Notice to the Department of Homeland Security and the Employment and Training Administration. (a) The Administrator shall promptly notify the DHS and ETA of the entry of...

  14. Employee Retirement Income Security Act of 1974: rules and regulations for administration and enforcement; claims procedure. Pension and Welfare Benefits Administration, Labor. Final regulation.

    PubMed

    2000-11-21

    This document contains a final regulation revising the minimum requirements for benefit claims procedures of employee benefit plans covered by Title I of the Employee Retirement Income Security Act of 1974 (ERISA or the Act). The regulation establishes new standards for the processing of claims under group health plans and plans providing disability benefits and further clarifies existing standards for all other employee benefit plans. The new standards are intended to ensure more timely benefit determinations, to improve access to information on which a benefit determination is made, and to assure that participants and beneficiaries will be afforded a full and fair review of denied claims. When effective, the regulation will affect participants and beneficiaries of employee benefit plans, employers who sponsor employee benefit plans, plan fiduciaries, and others who assist in the provision of plan benefits, such as third-party benefits administrators and health service providers or health maintenance organizations that provide benefits to participants and beneficiaries of employee benefit plans.

  15. Developing a Cross-institutional Information Security Program

    PubMed Central

    Marshall, Andrea; Adrian, Pam; Marcee, Alice K.; Kirksey, Kirk; Peshock, Ronald M.

    2001-01-01

    Healthcare organizations across the country are searching for methods to address escalating healthcare costs. One strategy is to leverage resources across affiliated but independent organizations. This approach is common in other industries; yet, protecting confidential patient information is unique to the healthcare industry. Guaranteed protection of patient confidentiality is a critical step in any inter-organizational strategy. Because of the need to leverage resources, the University of Texas Southwestern Medical Center (UT Southwestern) and its affiliates initiated a cross-institutional effort to address information security and confidentiality issues.

  16. Virtualization in education: Information Security lab in your hands

    NASA Astrophysics Data System (ADS)

    Karlov, A. A.

    2016-09-01

    The growing demand for qualified specialists in advanced information technologies poses serious challenges to the education and training of young personnel for science, industry and social problems. Virtualization as a way to isolate the user from the physical characteristics of computing resources (processors, servers, operating systems, networks, applications, etc.), has, in particular, an enormous influence in the field of education, increasing its efficiency, reducing the cost, making it more widely and readily available. The study of Information Security of computer systems is considered as an example of use of virtualization in education.

  17. Thresholds of information leakage for speech security outside meeting rooms.

    PubMed

    Robinson, Matthew; Hopkins, Carl; Worrall, Ken; Jackson, Tim

    2014-09-01

    This paper describes an approach to provide speech security outside meeting rooms where a covert listener might attempt to extract confidential information. Decision-based experiments are used to establish a relationship between an objective measurement of the Speech Transmission Index (STI) and a subjective assessment relating to the threshold of information leakage. This threshold is defined for a specific percentage of English words that are identifiable with a maximum safe vocal effort (e.g., "normal" speech) used by the meeting participants. The results demonstrate that it is possible to quantify an offset that links STI with a specific threshold of information leakage which describes the percentage of words identified. The offsets for male talkers are shown to be approximately 10 dB larger than for female talkers. Hence for speech security it is possible to determine offsets for the threshold of information leakage using male talkers as the "worst case scenario." To define a suitable threshold of information leakage, the results show that a robust definition can be based upon 1%, 2%, or 5% of words identified. For these percentages, results are presented for offset values corresponding to different STI values in a range from 0.1 to 0.3.

  18. Breaching the Security of the Kaiser Permanente Internet Patient Portal: the Organizational Foundations of Information Security

    PubMed Central

    Collmann, Jeff; Cooper, Ted

    2007-01-01

    This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients’ questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as “security violations.” This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996. PMID:17213500

  19. Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

    PubMed

    Collmann, Jeff; Cooper, Ted

    2007-01-01

    This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

  20. Secure Information Exchange Gateway for Electric Grid Operations

    SciTech Connect

    Robertson, F. Russell; Carroll, J. Ritchie; Sanders, William; Yardley, Timothy; Heine, Erich; Hadley, Mark; McKinnon, David; Motteler, Barbara; Giri, Jay; Walker, William; McCartha, Esrick

    2014-09-30

    The major objectives of the SIEGate project were to improve the security posture and minimize the cyber-attack surface of electric utility control centers and to reduce the cost of maintaining control-room-to-control-room information exchange. Major project goals included the design, development, testing, and commercialization of a single security-hardened appliance that could meet industry needs for resisting cyber-attacks while protecting the confidentiality and integrity of a growing volume of real-time information needed to ensure the reliability of the bulk electric system and interoperating with existing data formats and networking technologies. The SIEGate project has achieved its goals and objectives. The SIEGate Design Document, issued in March 2012, presented SIEGate use cases, provided SIEGate requirements, established SIEGate design principles, and prescribed design functionality of SIEGate as well as the components that make up SIEGate. SIEGate Release Version 1.0 was posted in January 2014. Release Version 1.0.83, which was posted on March 28, 2014, fixed many issues discovered by early adopters and added several new features. Release Candidate 1.1, which added additional improvements and bug fixes, was posted in June 2014. SIEGate executables have been downloaded more than 300 times. SIEGate has been tested at PJM, Entergy, TVA, and Southern. Security testing and analysis of SIEGate has been conducted at PNNL and PJM. Alstom has provided a summary of recommended steps for commercialization of the SIEGate Appliance and identified two deployment models with immediate commercial application.

  1. Development of Information Security-Focused Incident Prevention Measures for Critical Information Infrastructure in Japan

    NASA Astrophysics Data System (ADS)

    Kobayashi, Hideaki; Watanabe, Kenji; Watanabe, Takahito; Nagayasu, Yukinobu

    In recent years, the dilemma of cyber attacks by malicious third parties targeting security vulnerabilities in information and communication systems has emerged, resulting in security incidents. This situation suggests that the establishment of proactive efforts and recurrence prevention measures are becoming imperative, especially in critical infrastructure sectors.This paper provides an analysis of 58 security incident cases, which occurred in critical infrastructures worldwide and were published in media. The purpose of the analysis is to conclude to a valid list of recurrence prevention measures that constitute good practices.

  2. [Research on the security of medical image information and its related processing technologies].

    PubMed

    Zhang, Jian-Guo

    2006-03-01

    This paper introduces the regulations and standards of medical information security in the applications, the challenges and the processing technologies in regard to the security of medical image information.

  3. 77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-25

    ... Accountability Office (GAO), --Presentation on healthcare information technology security, --Cybersecurity Updates from Director of Cybersecurity, White House, --Presentation on Security, Privacy and Information... agencies with the National Cybersecurity and Communications Integration Center (NCCIC, DHS)...

  4. 75 FR 45150 - National Security Division: Agency Information Collection Activities: Proposed Collection...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-02

    ... National Security Division: Agency Information Collection Activities: Proposed Collection; Comments... Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of ] Justice, 10th & Constitution Avenue, NW., National...

  5. 75 FR 45153 - National Security Division; Agency Information Collection Activities: Proposed Collection...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-02

    ... National Security Division; Agency Information Collection Activities: Proposed Collection; Comments... Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National...

  6. Energy Information Administration (EIA) new releases, January--February 1994

    SciTech Connect

    1994-03-01

    This report is the Jan-Feb 1994 issue of the Energy Information Administration (EIA) New Releases publication. Highlighted articles include: efficiency gains slow growth in U.S. energy demand, dependency on oil imports continues to climb; new EIA report details status of U.S. coal industry; EIA assesses residential vehicle fuel consumption in the U.S.; EIA plans new survey on alternative-fuel vehicles.

  7. Resistance and Security Index of Networks: Structural Information Perspective of Network Security

    PubMed Central

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-01-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks. PMID:27255783

  8. Resistance and Security Index of Networks: Structural Information Perspective of Network Security.

    PubMed

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-03

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  9. Facial Recognition in Uncontrolled Conditions for Information Security

    NASA Astrophysics Data System (ADS)

    Xiao, Qinghan; Yang, Xue-Dong

    2010-12-01

    With the increasing use of computers nowadays, information security is becoming an important issue for private companies and government organizations. Various security technologies have been developed, such as authentication, authorization, and auditing. However, once a user logs on, it is assumed that the system would be controlled by the same person. To address this flaw, we developed a demonstration system that uses facial recognition technology to periodically verify the identity of the user. If the authenticated user's face disappears, the system automatically performs a log-off or screen-lock operation. This paper presents our further efforts in developing image preprocessing algorithms and dealing with angled facial images. The objective is to improve the accuracy of facial recognition under uncontrolled conditions. To compare the results with others, the frontal pose subset of the Face Recognition Technology (FERET) database was used for the test. The experiments showed that the proposed algorithms provided promising results.

  10. Energy Information Administration annual report to Congress, 1991

    SciTech Connect

    Not Available

    1992-03-04

    Created by Congress in 1977 as an independent entity within the Department of Energy, the Energy Information Administration (EIA) is the principal and authoritative source of comprehensive energy data for the Congress, the Federal Government, the States, and the public. During 1991, EIA was called upon for information and analysis required by policymakers dealing with many energy-related issues, including the Persian Gulf War, the adequacy of propane supplies during the winter heating season, issues arising from the Clean Air Act, and implementation of the Department`s National Energy Strategy.

  11. Secure quantum private information retrieval using phase-encoded queries

    NASA Astrophysics Data System (ADS)

    Olejnik, Lukasz

    2011-08-01

    We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.100.230502 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

  12. Secure quantum private information retrieval using phase-encoded queries

    SciTech Connect

    Olejnik, Lukasz

    2011-08-15

    We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

  13. Secure Retrieval of FFTF Testing, Design, and Operating Information

    SciTech Connect

    Butner, R. Scott; Wootan, David W.; Omberg, Ronald P.; Makenas, Bruce J.; Nielsen, Deborah

    2009-10-01

    One of the goals of the Advanced Fuel Cycle Initiative (AFCI) is to preserve the knowledge that has been gained in the United States on Liquid Metal Reactors (LMR). In addition, preserving LMR information and knowledge is part of a larger international collaborative activity conducted under the auspices of the International Atomic Energy Agency (IAEA). A similar program is being conducted for EBR-II at the Idaho Nuclear Laboratory (INL) and international programs are also in progress. Knowledge preservation at the FFTF is focused on the areas of design, construction, startup, and operation of the reactor. As the primary function of the FFTF was testing, the focus is also on preserving information obtained from irradiation testing of fuels and materials. This information will be invaluable when, at a later date, international decisions are made to pursue new LMRs. In the interim, this information may be of potential use for international exchanges with other LMR programs around the world. At least as important in the United States, which is emphasizing large-scale computer simulation and modeling, this information provides the basis for creating benchmarks for validating and testing these large scale computer programs. Although the preservation activity with respect to FFTF information as discussed below is still underway, the team of authors above is currently retrieving and providing experimental and design information to the LMR modeling and simulation efforts for use in validating their computer models. On the Hanford Site, the FFTF reactor plant is one of the facilities intended for decontamination and decommissioning consistent with the cleanup mission on this site. The reactor facility has been deactivated and is being maintained in a cold and dark minimal surveillance and maintenance mode until final decommissioning is pursued. In order to ensure protection of information at risk, the program to date has focused on sequestering and secure retrieval

  14. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Access to matter classified as National Security Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter...

  15. 47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... or national security, such agency may direct the TRS provider not to so disclose or notify for...

  16. 47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... criminal investigation or national security, such agency may direct the carrier not to so disclose...

  17. 47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... criminal investigation or national security, such agency may direct the carrier not to so disclose...

  18. 47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... or national security, such agency may direct the TRS provider not to so disclose or notify for...

  19. 36 CFR 1256.70 - What controls access to national security-classified information?

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public...

  20. 10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice... Restricted Data or National Security Information into the proceeding, it will file a notice of intent...