A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

NASA Astrophysics Data System (ADS)

Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

Parental Problem Drinking, Marital Aggression, and Child Emotional Insecurity: A Longitudinal Investigation*

PubMed Central

Keller, Peggy S.; Gilbert, Lauren R.; Koss, Kalsea J.; Cummings, E. Mark; Davies, Patrick T.

2011-01-01

Objective: Marital aggression plays an important role in relations between parental problem drinking and child maladjustment. The purpose of the current study was to apply emotional security theory as a framework for understanding the role of marital aggression. Method: A community sample of 235 children in kindergarten participated once a year for 3 years. Parents completed measures of parental problem drinking and marital aggression, and children were interviewed about their emotional security reactions to marital conflict vignettes. Results: Greater parental problem drinking was directly associated with children's more negative emotional reactions to conflict. Maternal problem drinking predicted increased sad reactions and negative expectations for the future. Paternal problem drinking predicted increases in child anger reactions and negative expectations for the future. Parental problem drinking was also indirectly associated with child reactions via marital aggression. Conclusions: Results confirmed hypotheses that parental problem drinking would be related to child emotional insecurity and that associations would be indirect via greater marital conflict. Findings are interpreted in terms of emotional security theory as a framework for understanding the effects of parental problem drinking on marital aggression and child development. PMID:21906498

Parental problem drinking, marital aggression, and child emotional insecurity: a longitudinal investigation.

PubMed

Keller, Peggy S; Gilbert, Lauren R; Koss, Kalsea J; Cummings, E Mark; Davies, Patrick T

2011-09-01

Marital aggression plays an important role in relations between parental problem drinking and child maladjustment. The purpose of the current study was to apply emotional security theory as a framework for understanding the role of marital aggression. A community sample of 235 children in kindergarten participated once a year for 3 years. Parents completed measures of parental problem drinking and marital aggression, and children were interviewed about their emotional security reactions to marital conflict vignettes. Greater parental problem drinking was directly associated with children's more negative emotional reactions to conflict. Maternal problem drinking predicted increased sad reactions and negative expectations for the future. Paternal problem drinking predicted increases in child anger reactions and negative expectations for the future. Parental problem drinking was also indirectly associated with child reactions via marital aggression. Results confirmed hypotheses that parental problem drinking would be related to child emotional insecurity and that associations would be indirect via greater marital conflict. Findings are interpreted in terms of emotional security theory as a framework for understanding the effects of parental problem drinking on marital aggression and child development.

Lemnos interoperable security project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.

2010-03-01

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance inmore » a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.« less

Building Assured Systems Framework

DTIC Science & Technology

2010-09-01

of standards such as ISO 27001 as frameworks [NASCIO 2009]. In this context, a framework is a standard intended to assist in auditing and compliance...Information Security ISO /IEC 27004 Information technology – Security techniques - Information security management measurement ISO /IEC 15939, System and

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

ITIL{sup ®} and information security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-03-10

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

Conceptual Privacy Framework for Health Information on Wearable Device

PubMed Central

Safavi, Seyedmostafa; Shukur, Zarina

2014-01-01

Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup. PMID:25478915

Conceptual privacy framework for health information on wearable device.

PubMed

Safavi, Seyedmostafa; Shukur, Zarina

2014-01-01

Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup.

42 CFR 3.106 - Security requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., maintenance, storage, removal, disclosure, transmission and destruction. (b) Security framework. A PSO must... subsection. In addressing the framework that follows, the PSO may develop appropriate and scalable security...) Security management. A PSO must address: (i) Maintenance and effective implementation of written policies...

42 CFR 3.106 - Security requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., maintenance, storage, removal, disclosure, transmission and destruction. (b) Security framework. A PSO must... subsection. In addressing the framework that follows, the PSO may develop appropriate and scalable security...) Security management. A PSO must address: (i) Maintenance and effective implementation of written policies...

42 CFR 3.106 - Security requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., maintenance, storage, removal, disclosure, transmission and destruction. (b) Security framework. A PSO must... subsection. In addressing the framework that follows, the PSO may develop appropriate and scalable security...) Security management. A PSO must address: (i) Maintenance and effective implementation of written policies...

A threat intelligence framework for access control security in the oil industry

NASA Astrophysics Data System (ADS)

Alaskandrani, Faisal T.

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

The Rorschach texture response: a construct validation study using attachment theory.

PubMed

Cassella, Michael J; Viglione, Donald J

2009-11-01

Using attachment theory, in this research, we explored the construct validity of the Rorschach (Exner, 1974) Texture (T) response as a measure of interpersonal closeness and contact. A total of 40 men and 39 women completed the Rorschach and 2 attachment inventories. Their romantic partners also completed an informant version of the attachment measures. Attachment styles were measured by factor scores involving both self-report and partner report. Results indicate that attachment theory, as a broad conceptual framework, is associated with T. Specifically, T = 1 is most closely associated with a secure attachment style, T > 1 with aspects of the preoccupied style, and T = 0 with aspects of the avoidant style and an absence of secure attachment. Needs for closeness and contact associated with T can be couched within an adult attachment theory, but in this study, we did not test for problematic aspects of insecure attachment. Gender is a complicating factor and deserves more study.

Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment

PubMed Central

Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun

2015-01-01

Objectives Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. Methods This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. Results The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. Conclusions The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff. PMID:26618034

Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment.

PubMed

Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun; Cha, Hyo Soung

2015-10-01

Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff.

Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mihaljevic, Miodrag J.

2007-05-15

It is shown that the security, against known-plaintext attacks, of the Yuen 2000 (Y00) quantum-encryption protocol can be considered via the wire-tap channel model assuming that the heterodyne measurement yields the sample for security evaluation. Employing the results reported on the wire-tap channel, a generic framework is proposed for developing secure Y00 instantiations. The proposed framework employs a dedicated encoding which together with inherent quantum noise at the attacker's side provides Y00 security.

Security Frameworks for Machine-to-Machine Devices and Networks

NASA Astrophysics Data System (ADS)

Demblewski, Michael

Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the "functions and capabilities" of M2M devices and improves the systems development life cycle for the overall IoT ecosystem.

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

NASA Astrophysics Data System (ADS)

Hassan, Ahmed A.; Bahgat, Waleed M.

2010-01-01

Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Policy Framework for Addressing Personal Security Issues Concerning Women and Girls. National Strategy on Community Safety and Crime Prevention.

ERIC Educational Resources Information Center

National Crime Prevention Centre, Ottawa (Ontario).

This document presents a policy framework for improving the personal security of women and girls. The document includes: (1) "Introduction"; (2) "Policy Background" (the concept of personal security, the societal context of women's personal security, consequences of violence for women and girls, long-term policy concern, and…

An Extended Proof-Carrying Code Framework for Security Enforcement

NASA Astrophysics Data System (ADS)

Pirzadeh, Heidar; Dubé, Danny; Hamou-Lhadj, Abdelwahab

The rapid growth of the Internet has resulted in increased attention to security to protect users from being victims of security threats. In this paper, we focus on security mechanisms that are based on Proof-Carrying Code (PCC) techniques. In a PCC system, a code producer sends a code along with its safety proof to the consumer. The consumer executes the code only if the proof is valid. Although PCC has been shown to be a useful security framework, it suffers from the sheer size of typical proofs -proofs of even small programs can be considerably large. In this paper, we propose an extended PCC framework (EPCC) in which, instead of the proof, a proof generator for the program in question is transmitted. This framework enables the execution of the proof generator and the recovery of the proof on the consumer's side in a secure manner using a newly created virtual machine called the VEP (Virtual Machine for Extended PCC).

A Framework for Policies and Practices to Improve Test Security Programs: Prevention, Detection, Investigation, and Resolution (PDIR)

ERIC Educational Resources Information Center

Ferrara, Steve

2017-01-01

Test security is not an end in itself; it is important because we want to be able to make valid interpretations from test scores. In this article, I propose a framework for comprehensive test security systems: prevention, detection, investigation, and resolution. The article discusses threats to test security, roles and responsibilities, rigorous…

Framework for Flexible Security in Group Communications

NASA Technical Reports Server (NTRS)

McDaniel, Patrick; Prakash, Atul

2006-01-01

The Antigone software system defines a framework for the flexible definition and implementation of security policies in group communication systems. Antigone does not dictate the available security policies, but provides high-level mechanisms for implementing them. A central element of the Antigone architecture is a suite of such mechanisms comprising micro-protocols that provide the basic services needed by secure groups.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

A framework to enhance security of physically unclonable functions using chaotic circuits

NASA Astrophysics Data System (ADS)

Chen, Lanxiang

2018-05-01

As a new technique for authentication and key generation, physically unclonable function (PUF) has attracted considerable attentions, with extensive research results achieved already. To resist the popular machine learning modeling attacks, a framework to enhance the security of PUFs is proposed. The basic idea is to combine PUFs with a chaotic system of which the response is highly sensitive to initial conditions. For this framework, a specific construction which combines the common arbiter PUF circuit, a converter, and the Chua's circuit is given to implement a more secure PUF. Simulation experiments are presented to further validate the framework. Finally, some practical suggestions for the framework and specific construction are also discussed.

Sensor Based Framework for Secure Multimedia Communication in VANET

PubMed Central

Rahim, Aneel; Khan, Zeeshan Shafi; Bin Muhaya, Fahad T.; Sher, Muhammad; Kim, Tai-Hoon

2010-01-01

Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs). Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool. PMID:22163462

A compressive sensing based secure watermark detection and privacy preserving storage framework.

PubMed

Qia Wang; Wenjun Zeng; Jun Tian

2014-03-01

Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

Assessing Quality of Data Standards: Framework and Illustration Using XBRL GAAP Taxonomy

NASA Astrophysics Data System (ADS)

Zhu, Hongwei; Wu, Harris

The primary purpose of data standards or metadata schemas is to improve the interoperability of data created by multiple standard users. Given the high cost of developing data standards, it is desirable to assess the quality of data standards. We develop a set of metrics and a framework for assessing data standard quality. The metrics include completeness and relevancy. Standard quality can also be indirectly measured by assessing interoperability of data instances. We evaluate the framework using data from the financial sector: the XBRL (eXtensible Business Reporting Language) GAAP (Generally Accepted Accounting Principles) taxonomy and US Securities and Exchange Commission (SEC) filings produced using the taxonomy by approximately 500 companies. The results show that the framework is useful and effective. Our analysis also reveals quality issues of the GAAP taxonomy and provides useful feedback to taxonomy users. The SEC has mandated that all publicly listed companies must submit their filings using XBRL. Our findings are timely and have practical implications that will ultimately help improve the quality of financial data.

Cyber Security Research Frameworks For Coevolutionary Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rush, George D.; Tauritz, Daniel Remy

Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger,more » more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.« less

NINJA: a noninvasive framework for internal computer security hardening

NASA Astrophysics Data System (ADS)

Allen, Thomas G.; Thomson, Steve

2004-07-01

Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive scans with an adequate framework performed on a daily basis reduce the amount of security work load as well as the timeliness in performing remediation, as verified by the NINJA framework. A vulnerability assessment/auditing architecture based on mobile agent technology is proposed and examined at the end of the article as an enhancement to the current NINJA architecture.

77 FR 47767 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-10

... Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records AGENCY: Privacy Office... Homeland Security/U.S. Customs and Border Protection, DHS/CBP--017 Analytical Framework for Intelligence... Analytical Framework for Intelligence (AFI) System of Records'' from one or more provisions of the Privacy...

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation

PubMed Central

Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-01-01

Background Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Objective Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Methods Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Results Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. Conclusions To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. PMID:29506966

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation.

PubMed

Sadat, Md Nazmus; Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-03-05

Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. ©Md Nazmus Sadat, Xiaoqian Jiang, Md Momin Al Aziz, Shuang Wang, Noman Mohammed. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 05.03.2018.

Generic framework for vessel detection and tracking based on distributed marine radar image data

NASA Astrophysics Data System (ADS)

Siegert, Gregor; Hoth, Julian; Banyś, Paweł; Heymann, Frank

2018-04-01

Situation awareness is understood as a key requirement for safe and secure shipping at sea. The primary sensor for maritime situation assessment is still the radar, with the AIS being introduced as supplemental service only. In this article, we present a framework to assess the current situation picture based on marine radar image processing. Essentially, the framework comprises a centralized IMM-JPDA multi-target tracker in combination with a fully automated scheme for track management, i.e., target acquisition and track depletion. This tracker is conditioned on measurements extracted from radar images. To gain a more robust and complete situation picture, we are exploiting the aspect angle diversity of multiple marine radars, by fusing them a priori to the tracking process. Due to the generic structure of the proposed framework, different techniques for radar image processing can be implemented and compared, namely the BLOB detector and SExtractor. The overall framework performance in terms of multi-target state estimation will be compared for both methods based on a dedicated measurement campaign in the Baltic Sea with multiple static and mobile targets given.

Incorporating Risk and Indicators into a Water Security Framework

NASA Astrophysics Data System (ADS)

Allen, D. M.; Bakker, K.; Simpson, M. W.; Norman, E.; Dunn, G.

2010-12-01

The concept of water security has received growing attention over the past five years in academic debates and policy circles, particularly with respect to cumulative impacts assessment and watershed management. We propose an integrative definition for water security; one that considers both stressors and impacts (or effects) on hydrological systems. We present a water security assessment framework that considers status and risk indicators for both water quality and quantity as measures of impacts. This assessment framework also integrates the social sciences with natural science, engineering, and public health, providing opportunities to address environmental challenges, including the relationship between water and land use dynamics, the integration of aquatic ecosystem and human health concerns, and the alignment of governance with water management imperatives. We argue that this framework has the potential to advance water science, the contributing disciplines, and water policy and management.

A Complex Systems Approach to More Resilient Multi-Layered Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brown, Nathanael J. K.; Jones, Katherine A.; Bandlow, Alisa

In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for amore » performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (P I) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.« less

Joint External Evaluation—Development and Scale-Up of Global Multisectoral Health Capacity Evaluation Process

PubMed Central

Bell, Elizabeth; Ijaz, Kashef; Bartee, Maureen; Fernandez, Jose; Burris, Hannah; Sliter, Karen; Nikkari, Simo; Chungong, Stella; Rodier, Guenael; Jafari, Hamid

2017-01-01

The Joint External Evaluation (JEE), a consolidation of the World Health Organization (WHO) International Health Regulations 2005 (IHR 2005) Monitoring and Evaluation Framework and the Global Health Security Agenda country assessment tool, is an objective, voluntary, independent peer-to-peer multisectoral assessment of a country’s health security preparedness and response capacity across 19 IHR technical areas. WHO approved the standardized JEE tool in February 2016. The JEE process is wholly transparent; countries request a JEE and are encouraged to make its findings public. Donors (e.g., member states, public and private partners, and other public health institutions) can support countries in addressing identified JEE gaps, and implementing country-led national action plans for health security. Through July 2017, 52 JEEs were completed, and 25 more countries were scheduled across WHO’s 6 regions. JEEs facilitate progress toward IHR 2005 implementation, thereby building trust and mutual accountability among countries to detect and respond to public health threats. PMID:29155678

An Open Framework for Low-Latency Communications across the Smart Grid Network

ERIC Educational Resources Information Center

Sturm, John Andrew

2011-01-01

The recent White House (2011) policy paper for the Smart Grid that was released on June 13, 2011, "A Policy Framework for the 21st Century Grid: Enabling Our Secure Energy Future," defines four major problems to be solved and the one that is addressed in this dissertation is Securing the Grid. Securing the Grid is referred to as one of…

Draft secure medical database standard.

PubMed

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

Education and human survival: The relevance of the global security framework to international education

NASA Astrophysics Data System (ADS)

Williams, Christopher

2000-07-01

The nature of international education as a field of studies has been affected by global changes over the past decade. At the same time, the concept of global security has emerged, bringing together studies related to development, the environment and the understanding of violence. Although much of the education literature reflects the global security approach, it is not a field that has been subjected to much analysis as a whole. This paper provides an assessment of international education as a discipline, and outlines the global security framework. It examines how this framework is reflected in the forms of analysis used by international educationists. Finally it suggests how the central purpose of global security, namely ensuring human survival, could be adopted within international education to provide a clear sense of direction. This has specific implications for such areas as curriculum, assessment, educational provision and planning.

Towards a Bio-inspired Security Framework for Mission-Critical Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Ren, Wei; Song, Jun; Ma, Zhao; Huang, Shiyong

Mission-critical wireless sensor networks (WSNs) have been found in numerous promising applications in civil and military fields. However, the functionality of WSNs extensively relies on its security capability for detecting and defending sophisticated adversaries, such as Sybil, worm hole and mobile adversaries. In this paper, we propose a bio-inspired security framework to provide intelligence-enabled security mechanisms. This scheme is composed of a middleware, multiple agents and mobile agents. The agents monitor the network packets, host activities, make decisions and launch corresponding responses. Middleware performs an infrastructure for the communication between various agents and corresponding mobility. Certain cognitive models and intelligent algorithms such as Layered Reference Model of Brain and Self-Organizing Neural Network with Competitive Learning are explored in the context of sensor networks that have resource constraints. The security framework and implementation are also described in details.

PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension.

PubMed

Chen, Feng; Wang, Chenghong; Dai, Wenrui; Jiang, Xiaoqian; Mohammed, Noman; Al Aziz, Md Momin; Sadat, Md Nazmus; Sahinalp, Cenk; Lauter, Kristin; Wang, Shuang

2017-07-26

Advances in DNA sequencing technologies have prompted a wide range of genomic applications to improve healthcare and facilitate biomedical research. However, privacy and security concerns have emerged as a challenge for utilizing cloud computing to handle sensitive genomic data. We present one of the first implementations of Software Guard Extension (SGX) based securely outsourced genetic testing framework, which leverages multiple cryptographic protocols and minimal perfect hash scheme to enable efficient and secure data storage and computation outsourcing. We compared the performance of the proposed PRESAGE framework with the state-of-the-art homomorphic encryption scheme, as well as the plaintext implementation. The experimental results demonstrated significant performance over the homomorphic encryption methods and a small computational overhead in comparison to plaintext implementation. The proposed PRESAGE provides an alternative solution for secure and efficient genomic data outsourcing in an untrusted cloud by using a hybrid framework that combines secure hardware and multiple crypto protocols.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Partnerships - Working Together to Build The National Map

USGS Publications Warehouse

,

2004-01-01

Through The National Map, the U.S. Geological Survey (USGS) is working with partners to ensure that current, accurate, and complete base geographic information is available for the Nation. Designed as a network of online digital databases, it provides a consistent geographic data framework for the country and serves as a foundation for integrating, sharing, and using data easily and reliably. It provides public access to high quality geospatial data and information from multiple partners to help inform decisionmaking by resource managers and the public, and to support intergovernmental homeland security and emergency management requirements.

A Framework for Resilient Remote Monitoring

DTIC Science & Technology

2014-08-01

of low-level observables are availa- ble, audited , and recorded. This establishes the need for a re- mote monitoring framework that can integrate with...Security, WS-Policy, SAML, XML Signature, and XML Encryption. Pearson Higher Education, 2004. [3] OMG, “Common Secure Interoperability Protocol...www.darpa.mil/Our_Work/I2O/Programs/Integrated_Cyb er_Analysis_System_%28ICAS%29.aspx. [8] D. Miller and B. Pearson , Security information and event man

DIRAC3 - the new generation of the LHCb grid software

NASA Astrophysics Data System (ADS)

Tsaregorodtsev, A.; Brook, N.; Casajus Ramo, A.; Charpentier, Ph; Closier, J.; Cowan, G.; Graciani Diaz, R.; Lanciotti, E.; Mathe, Z.; Nandakumar, R.; Paterson, S.; Romanovsky, V.; Santinelli, R.; Sapunov, M.; Smith, A. C.; Seco Miguelez, M.; Zhelezov, A.

2010-04-01

DIRAC, the LHCb community Grid solution, was considerably reengineered in order to meet all the requirements for processing the data coming from the LHCb experiment. It is covering all the tasks starting with raw data transportation from the experiment area to the grid storage, data processing up to the final user analysis. The reengineered DIRAC3 version of the system includes a fully grid security compliant framework for building service oriented distributed systems; complete Pilot Job framework for creating efficient workload management systems; several subsystems to manage high level operations like data production and distribution management. The user interfaces of the DIRAC3 system providing rich command line and scripting tools are complemented by a full-featured Web portal providing users with a secure access to all the details of the system status and ongoing activities. We will present an overview of the DIRAC3 architecture, new innovative features and the achieved performance. Extending DIRAC3 to manage computing resources beyond the WLCG grid will be discussed. Experience with using DIRAC3 by other user communities than LHCb and in other application domains than High Energy Physics will be shown to demonstrate the general-purpose nature of the system.

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Combining Cryptography with EEG Biometrics

PubMed Central

Kazanavičius, Egidijus; Woźniak, Marcin

2018-01-01

Cryptographic frameworks depend on key sharing for ensuring security of data. While the keys in cryptographic frameworks must be correctly reproducible and not unequivocally connected to the identity of a user, in biometric frameworks this is different. Joining cryptography techniques with biometrics can solve these issues. We present a biometric authentication method based on the discrete logarithm problem and Bose-Chaudhuri-Hocquenghem (BCH) codes, perform its security analysis, and demonstrate its security characteristics. We evaluate a biometric cryptosystem using our own dataset of electroencephalography (EEG) data collected from 42 subjects. The experimental results show that the described biometric user authentication system is effective, achieving an Equal Error Rate (ERR) of 0.024.

Combining Cryptography with EEG Biometrics.

PubMed

Damaševičius, Robertas; Maskeliūnas, Rytis; Kazanavičius, Egidijus; Woźniak, Marcin

2018-01-01

Cryptographic frameworks depend on key sharing for ensuring security of data. While the keys in cryptographic frameworks must be correctly reproducible and not unequivocally connected to the identity of a user, in biometric frameworks this is different. Joining cryptography techniques with biometrics can solve these issues. We present a biometric authentication method based on the discrete logarithm problem and Bose-Chaudhuri-Hocquenghem (BCH) codes, perform its security analysis, and demonstrate its security characteristics. We evaluate a biometric cryptosystem using our own dataset of electroencephalography (EEG) data collected from 42 subjects. The experimental results show that the described biometric user authentication system is effective, achieving an Equal Error Rate (ERR) of 0.024.

Developing an Assessment, Monitoring, and Evaluation Framework for U.S. Department of Defense Security Cooperation

DTIC Science & Technology

2016-09-01

be conducted midstream, at the end of an activity program or LOE, or ex post facto . Not all security cooperation endeavors require evaluation...noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only...iv Developing an AME Framework for DoD Security Cooperation approach, the study team analyzed documents, interviewed subject- matter experts

An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study

ERIC Educational Resources Information Center

Reis, David W.

2012-01-01

Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information…

Defense.gov Special Report: Travels With Hagel

Science.gov Websites

Halifax International Security Forum. Story U.S., Canada Sign Asia-Pacific Cooperation Framework Defense Cooperation Framework as both leaders take part in the Halifax International Security Forum. Story Travel Visits First Zumwalt-class Destroyer Photo Essays Photo Essay: Hagel Attends Halifax International

Enhancing Surveillance and Diagnostics in Anthrax-Endemic Countries

PubMed Central

Salzer, Johanna S.; Traxler, Rita M.; Hendricks, Katherine A.; Kadzik, Melissa E.; Marston, Chung K.; Kolton, Cari B.; Stoddard, Robyn A.; Hoffmaster, Alex R.; Bower, William A.; Walke, Henry T.

2017-01-01

Naturally occurring anthrax disproportionately affects the health and economic welfare of poor, rural communities in anthrax-endemic countries. However, many of these countries have limited anthrax prevention and control programs. Effective prevention of anthrax outbreaks among humans is accomplished through routine livestock vaccination programs and prompt response to animal outbreaks. The Centers for Disease Control and Prevention uses a 2-phase framework when providing technical assistance to partners in anthrax-endemic countries. The first phase assesses and identifies areas for improvement in existing human and animal surveillance, laboratory diagnostics, and outbreak response. The second phase provides steps to implement improvements to these areas. We describe examples of implementing this framework in anthrax-endemic countries. These activities are at varying stages of completion; however, the public health impact of these initiatives has been encouraging. The anthrax framework can be extended to other zoonotic diseases to build on these efforts, improve human and animal health, and enhance global health security. PMID:29155651

Framework for Deploying a Virtualized Computing Environment for Collaborative and Secure Data Analytics

PubMed Central

Meyer, Adrian; Green, Laura; Faulk, Ciearro; Galla, Stephen; Meyer, Anne-Marie

2016-01-01

Introduction: Large amounts of health data generated by a wide range of health care applications across a variety of systems have the potential to offer valuable insight into populations and health care systems, but robust and secure computing and analytic systems are required to leverage this information. Framework: We discuss our experiences deploying a Secure Data Analysis Platform (SeDAP), and provide a framework to plan, build and deploy a virtual desktop infrastructure (VDI) to enable innovation, collaboration and operate within academic funding structures. It outlines 6 core components: Security, Ease of Access, Performance, Cost, Tools, and Training. Conclusion: A platform like SeDAP is not simply successful through technical excellence and performance. It’s adoption is dependent on a collaborative environment where researchers and users plan and evaluate the requirements of all aspects. PMID:27683665

Design of real-time encryption module for secure data protection of wearable healthcare devices.

PubMed

Kim, Jungchae; Lee, Byuck Jin; Yoo, Sun K

2013-01-01

Wearable devices for biomedical instrumentation could generate the medical data and transmit to a repository on cloud service through wireless networks. In this process, the private medical data will be disclosed by man in the middle attack. Thus, the archived data for healthcare services would be protected by non-standardized security policy by healthcare service provider (HSP) because HIPAA only defines the security rules. In this paper, we adopted the Advanced Encryption Standard (AES) for security framework on wearable devices, so healthcare applications using this framework could support the confidentiality easily. The framework developed as dynamic loadable module targeted for lightweight microcontroller such as msp430 within embedded operating system. The performance was shown that the module can support the real-time encryption using electrocardiogram and photoplethysmogram. In this regard, the processing load for enabling security is distributed to wearable devices, and the customized data protection method could be composed by HSP for a trusted healthcare service.

Securing Healthcare’s Quantified-Self Data: A Comparative Analysis Versus Personal Financial Account Aggregators Based on Porter’s Five Forces Framework for Competitive Force

DTIC Science & Technology

2016-09-01

HEALTHCARE’S QUANTIFIED-SELF DATA: A COMPARATIVE ANALYSIS VERSUS PERSONAL FINANCIAL ACCOUNT AGGREGATORS BASED ON PORTER’S FIVE FORCES FRAMEWORK FOR...TITLE AND SUBTITLE SECURING HEALTHCARE’S QUANTIFIED-SELF DATA: A COMPARATIVE ANALYSIS VERSUS PERSONAL FINANCIAL ACCOUNT AGGREGATORS BASED ON...Distribution is unlimited. SECURING HEALTHCARE’S QUANTIFIED-SELF DATA: A COMPARATIVE ANALYSIS VERSUS PERSONAL FINANCIAL ACCOUNT AGGREGATORS BASED ON

School Security and Crisis Preparedness: Make It Your Business.

ERIC Educational Resources Information Center

Trump, Kenneth S.

1999-01-01

The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…

17 CFR 300.307 - Completion with cash or securities of customer.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Completion with cash or securities of customer. 300.307 Section 300.307 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION...

17 CFR 300.302 - Mechanics of closeout or completion.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Mechanics of closeout or completion. 300.302 Section 300.302 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Completion of Open Contractual Commitments § 300.302 Mechanics of closeout or completion. (a) The closeout or...

17 CFR 300.302 - Mechanics of closeout or completion.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Mechanics of closeout or completion. 300.302 Section 300.302 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Completion of Open Contractual Commitments § 300.302 Mechanics of closeout or completion. (a) The closeout or...

17 CFR 300.302 - Mechanics of closeout or completion.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Mechanics of closeout or completion. 300.302 Section 300.302 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Completion of Open Contractual Commitments § 300.302 Mechanics of closeout or completion. (a) The closeout or...

17 CFR 300.302 - Mechanics of closeout or completion.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Mechanics of closeout or completion. 300.302 Section 300.302 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Completion of Open Contractual Commitments § 300.302 Mechanics of closeout or completion. (a) The closeout or...

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

ERIC Educational Resources Information Center

Edwards, Gregory

2011-01-01

Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

Security Certification Challenges in a Cloud Computing Delivery Model

DTIC Science & Technology

2010-04-27

Relevant Security Standards, Certifications, and Guidance  NIST SP 800 series  ISO /IEC 27001 framework  Cloud Security Alliance  Statement of...CSA Domains / Cloud Features ISO 27001 Cloud Service Provider Responsibility Government Agency Responsibility Analyze Security gaps Compensating

One Health in food safety and security education: Subject matter outline for a curricular framework.

PubMed

Angelos, John A; Arens, Amanda L; Johnson, Heather A; Cadriel, Jessica L; Osburn, Bennie I

2017-06-01

Educating students in the range of subjects encompassing food safety and security as approached from a One Health perspective requires consideration of a variety of different disciplines and the interrelationships among disciplines. The Western Institute for Food Safety and Security developed a subject matter outline to accompany a previously published One Health in food safety and security curricular framework. The subject matter covered in this outline encompasses a variety of topics and disciplines related to food safety and security including effects of food production on the environment. This subject matter outline should help guide curriculum development and education in One Health in food safety and security and provides useful information for educators, researchers, students, and public policy-makers facing the inherent challenges of maintaining and/or developing safe and secure food supplies without destroying Earth's natural resources.

Applying the SERENITY Methodology to the Domain of Trusted Electronic Archiving

NASA Astrophysics Data System (ADS)

Porekar, Jan; Klobučar, Tomaž; Šaljič, Svetlana; Gabrijelčič, Dušan

We present the application of the SERENITY methodology to the domain of long-term trusted electronic archiving, sometimes also referred to as trusted digital notary services. We address the SERENITY approach from thepoint of view of a company providing security solutions in the mentioned domain and adopt the role of a solution developer. In this chapter we show a complete vertical slice through the trusted archiving domain providing: (i) the relevant S&D properties, (ii) the S&D classes and S&D patterns on both organizational and technical level, (iii) describe how S&D patterns are integrated into a trusted longterm archiving service using the SERENITY Run-Time Framework (SRF). At the end of the chapter we put in perspective what a solution developer can learn from the process of capturing security knowledge according to SERENITY methodology and we discuss how existing implementations of archiving services can benefit from SERENITY approach in the future.

Measurement-device-independent quantum communication with an untrusted source

NASA Astrophysics Data System (ADS)

Xu, Feihu

2015-07-01

Measurement-device-independent quantum key distribution (MDI-QKD) can provide enhanced security compared to traditional QKD, and it constitutes an important framework for a quantum network with an untrusted network server. Still, a key assumption in MDI-QKD is that the sources are trusted. We propose here a MDI quantum network with a single untrusted source. We have derived a complete proof of the unconditional security of MDI-QKD with an untrusted source. Using simulations, we have considered various real-life imperfections in its implementation, and the simulation results show that MDI-QKD with an untrusted source provides a key generation rate that is close to the rate of initial MDI-QKD in the asymptotic setting. Our work proves the feasibility of the realization of a quantum network. The network users need only low-cost modulation devices, and they can share both an expensive detector and a complicated laser provided by an untrusted network server.

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

Distortion of CAD-CAM-fabricated implant-fixed titanium and zirconia complete dental prosthesis frameworks.

PubMed

Al-Meraikhi, Hadi; Yilmaz, Burak; McGlumphy, Edwin; Brantley, William A; Johnston, William M

2018-01-01

Computer-aided design and computer-aided manufacturing (CAD-CAM)-fabricated titanium and zirconia implant-supported fixed dental prostheses have become increasingly popular for restoring patients with complete edentulism. However, the distortion level of these frameworks is not well known. The purpose of this in vitro study was to compare the 3-dimensional (3D) distortion of CAD-CAM zirconia and titanium implant-fixed screw-retained complete dental prostheses. A master edentulous model with 4 implants at the positions of the maxillary first molars and canines was used. Multiunit abutments (Nobel Biocare) secured to the model were digitally scanned using scan bodies and a laboratory scanner (S600 ARTI; Zirkonzahn). Titanium (n=5) and zirconia (n=5) frameworks were milled using a CAD-CAM system (Zirkonzahn M1; Zirkonzahn). All frameworks were scanned using an industrial computed tomography (CT) scanner (Nikon/X-Tek XT H 225kV MCT Micro-Focus). The direct CT scans were reconstructed to generate standard tessellation language (STL) files. To calculate the 3D distortion of the frameworks, STL files of the CT scans were aligned to the CAD model using a sum of the least squares best-fit algorithm. Surface comparison points were placed on the CAD model on the midfacial aspect of all teeth. The 3D distortion of each direct scan to the CAD model was calculated. In addition, color maps of the scan-to-CAD comparison were constructed using a ±0.500 mm color scale range. Both materials exhibited distortion; however, no significant difference was found in the amount of distortion from the CAD model between the materials (P=.747). Absolute values of deviations from the CAD model were evident in the x and y plane and less so in the z direction. Zirconia and titanium frameworks showed similar 3D distortion compared with the CAD model for the tested CAD-CAM and implant systems. The distortion was more pronounced in the horizontal and sagittal plane than in the vertical plane. Copyright © 2017 Editorial Council for the Journal of Prosthetic Dentistry. Published by Elsevier Inc. All rights reserved.

Validity and reliability of food security measures.

PubMed

Cafiero, Carlo; Melgar-Quiñonez, Hugo R; Ballard, Terri J; Kepple, Anne W

2014-12-01

This paper reviews some of the existing food security indicators, discussing the validity of the underlying concept and the expected reliability of measures under reasonably feasible conditions. The main objective of the paper is to raise awareness on existing trade-offs between different qualities of possible food security measurement tools that must be taken into account when such tools are proposed for practical application, especially for use within an international monitoring framework. The hope is to provide a timely, useful contribution to the process leading to the definition of a food security goal and the associated monitoring framework within the post-2015 Development Agenda. © 2014 New York Academy of Sciences.

Water security for productive economies: Applying an assessment framework in southern Africa

NASA Astrophysics Data System (ADS)

Holmatov, Bunyod; Lautze, Jonathan; Manthrithilake, Herath; Makin, Ian

2017-08-01

Achieving water security has emerged as a major objective in Africa, yet an analytical or diagnostic framework for assessing water security in African countries is not known to exist. This paper applies one key dimension of the 2016 Asian Development Bank's (ADB) Asian Water Development Outlook (AWDO) to assess levels of water security for productive economies in countries of the Southern African Development Community (SADC). Economic aspects of water security cover four areas: economic activities in the broad sense, agriculture, electricity, and industry. Water security in each area is measured through application of a set of indicators; results of indicator application are then aggregated to determine economic water security at a country-level. Results show that economic water security in SADC is greatest in the Seychelles and South Africa, and lowest in Madagascar and Malawi. Opportunities for strengthening economic water security in the majority of SADC countries exist through improving agricultural water productivity, strengthening resilience, and expanding sustainable electricity generation. More profoundly, this paper suggests that there is clear potential and utility in applying approaches used elsewhere to assess economic water security in southern Africa.

Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Powell, J. D.

2002-01-01

This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

49 CFR 1549.7 - Approval, amendment, renewal of the security program and certification of a certified cargo...

Code of Federal Regulations, 2010 CFR

2010-10-01

... information requested by TSA concerning Security Threat Assessments. (viii) A statement acknowledging and ensuring that each individual will successfully complete a Security Threat Assessment under § 1549.111... Security Coordinator for an applicant successfully completes a security threat assessment, TSA will provide...

MACCIS 2.0 - An Architecture Description Framework for Technical Infostructures and Their Enterprise Environment

DTIC Science & Technology

2004-06-01

Viewpoint Component Viewpoint View Architecture Description of Enterprise or Infostructure View Security Concern Business Security Model Business...security concern, when applied to the different viewpoints, addresses both stakeholders, and is described as a business security model or component...Viewpoint View Architecture Description of Enterprise or Infostructure View Security Concern Business Security Model Business Stakeholder IT Architect

The Perceptions of U.S.-Based IT Security Professionals about the Effectiveness of IT Security Frameworks: A Quantitative Study

ERIC Educational Resources Information Center

Warfield, Douglas L.

2011-01-01

The evolution of information technology has included new methodologies that use information technology to control and manage various industries and government activities. Information Technology has also evolved as its own industry with global networks of interconnectivity, such as the Internet, and frameworks, models, and methodologies to control…

DOE Office of Scientific and Technical Information (OSTI.GOV)

Solis, John Hector

In this paper, we present a modular framework for constructing a secure and efficient program obfuscation scheme. Our approach, inspired by the obfuscation with respect to oracle machines model of [4], retains an interactive online protocol with an oracle, but relaxes the original computational and storage restrictions. We argue this is reasonable given the computational resources of modern personal devices. Furthermore, we relax the information-theoretic security requirement for computational security to utilize established cryptographic primitives. With this additional flexibility we are free to explore different cryptographic buildingblocks. Our approach combines authenticated encryption with private information retrieval to construct a securemore » program obfuscation framework. We give a formal specification of our framework, based on desired functionality and security properties, and provide an example instantiation. In particular, we implement AES in Galois/Counter Mode for authenticated encryption and the Gentry-Ramzan [13]constant communication-rate private information retrieval scheme. We present our implementation results and show that non-trivial sized programs can be realized, but scalability is quickly limited by computational overhead. Finally, we include a discussion on security considerations when instantiating specific modules.« less

6 CFR 27.340 - Completion of adjudication proceedings.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Completion of adjudication proceedings. 27.340 Section 27.340 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Orders and Adjudications § 27.340 Completion of adjudication proceedings...

6 CFR 27.340 - Completion of adjudication proceedings.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Completion of adjudication proceedings. 27.340 Section 27.340 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Orders and Adjudications § 27.340 Completion of adjudication proceedings...

6 CFR 27.340 - Completion of adjudication proceedings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Completion of adjudication proceedings. 27.340 Section 27.340 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Orders and Adjudications § 27.340 Completion of adjudication proceedings...

6 CFR 27.340 - Completion of adjudication proceedings.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Completion of adjudication proceedings. 27.340 Section 27.340 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Orders and Adjudications § 27.340 Completion of adjudication proceedings...

6 CFR 27.340 - Completion of adjudication proceedings.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Completion of adjudication proceedings. 27.340 Section 27.340 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Orders and Adjudications § 27.340 Completion of adjudication proceedings...

49 CFR 1548.16 - Security threat assessments for each proprietor, general partner, officer, director, and certain...

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security threat assessments for each proprietor..., or owner of the entity must successfully complete a security threat assessment or comparable security... owner of the entity has successfully completed a Security Threat Assessment under part 1540, subpart C...

PREMIX: PRivacy-preserving EstiMation of Individual admiXture.

PubMed

Chen, Feng; Dow, Michelle; Ding, Sijie; Lu, Yao; Jiang, Xiaoqian; Tang, Hua; Wang, Shuang

2016-01-01

In this paper we proposed a framework: PRivacy-preserving EstiMation of Individual admiXture (PREMIX) using Intel software guard extensions (SGX). SGX is a suite of software and hardware architectures to enable efficient and secure computation over confidential data. PREMIX enables multiple sites to securely collaborate on estimating individual admixture within a secure enclave inside Intel SGX. We implemented a feature selection module to identify most discriminative Single Nucleotide Polymorphism (SNP) based on informativeness and an Expectation Maximization (EM)-based Maximum Likelihood estimator to identify the individual admixture. Experimental results based on both simulation and 1000 genome data demonstrated the efficiency and accuracy of the proposed framework. PREMIX ensures a high level of security as all operations on sensitive genomic data are conducted within a secure enclave using SGX.

IceProd 2: A Next Generation Data Analysis Framework for the IceCube Neutrino Observatory

NASA Astrophysics Data System (ADS)

Schultz, D.

2015-12-01

We describe the overall structure and new features of the second generation of IceProd, a data processing and management framework. IceProd was developed by the IceCube Neutrino Observatory for processing of Monte Carlo simulations, detector data, and analysis levels. It runs as a separate layer on top of grid and batch systems. This is accomplished by a set of daemons which process job workflow, maintaining configuration and status information on the job before, during, and after processing. IceProd can also manage complex workflow DAGs across distributed computing grids in order to optimize usage of resources. IceProd is designed to be very light-weight; it runs as a python application fully in user space and can be set up easily. For the initial completion of this second version of IceProd, improvements have been made to increase security, reliability, scalability, and ease of use.

The SERENITY Runtime Framework

NASA Astrophysics Data System (ADS)

Crespo, Beatriz Gallego-Nicasio; Piñuela, Ana; Soria-Rodriguez, Pedro; Serrano, Daniel; Maña, Antonio

The SERENITY Runtime Framework (SRF) provides support for applications at runtime, by managing S&D Solutions and monitoring the systems’ context. The main functionality of the SRF, amongst others, is to provide S&D Solutions, by means of Executable Components, in response to applications security requirements. Runtime environment is defined in SRF through the S&D Library and Context Manager components. S&D Library is a local S&D Artefact repository, and stores S&D Classes, S&D Patterns and S&D Implementations. The Context Manager component is in charge of storing and management of the information used by the SRF to select the most appropriate S&D Pattern for a given scenario. The management of the execution of the Executable Component, as running realizations of the S&D Patterns, including instantiation, de-activation and control, as well as providing communication and monitoring mechanisms, besides the recovery and reconfiguration aspects, complete the list of tasks performed by the SRF.

A Study on the Security Levels of Spread-Spectrum Embedding Schemes in the WOA Framework.

PubMed

Wang, Yuan-Gen; Zhu, Guopu; Kwong, Sam; Shi, Yun-Qing

2017-08-23

Security analysis is a very important issue for digital watermarking. Several years ago, according to Kerckhoffs' principle, the famous four security levels, namely insecurity, key security, subspace security, and stego-security, were defined for spread-spectrum (SS) embedding schemes in the framework of watermarked-only attack. However, up to now there has been little application of the definition of these security levels to the theoretical analysis of the security of SS embedding schemes, due to the difficulty of the theoretical analysis. In this paper, based on the security definition, we present a theoretical analysis to evaluate the security levels of five typical SS embedding schemes, which are the classical SS, the improved SS (ISS), the circular extension of ISS, the nonrobust and robust natural watermarking, respectively. The theoretical analysis of these typical SS schemes are successfully performed by taking advantage of the convolution of probability distributions to derive the probabilistic models of watermarked signals. Moreover, simulations are conducted to illustrate and validate our theoretical analysis. We believe that the theoretical and practical analysis presented in this paper can bridge the gap between the definition of the four security levels and its application to the theoretical analysis of SS embedding schemes.

Wireless physical layer security

NASA Astrophysics Data System (ADS)

Poor, H. Vincent; Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security.

PubMed

Poor, H Vincent; Schaefer, Rafael F

2017-01-03

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security

PubMed Central

Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments. PMID:28028211

49 CFR 1522.107 - Application.

Code of Federal Regulations, 2010 CFR

2010-10-01

... security threat assessments. (8) A statement acknowledging that all personnel of the applicant who must successfully complete a security threat assessment under the requirements of this part must do so before the... the Security Coordinator successfully completes a security threat assessment, TSA will provide to the...

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

PubMed Central

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

PubMed

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

Secure and Authenticated Data Communication in Wireless Sensor Networks.

PubMed

Alfandi, Omar; Bochem, Arne; Kellner, Ansgar; Göge, Christian; Hogrefe, Dieter

2015-08-10

Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes.

Secure and Authenticated Data Communication in Wireless Sensor Networks

PubMed Central

Alfandi, Omar; Bochem, Arne; Kellner, Ansgar; Göge, Christian; Hogrefe, Dieter

2015-01-01

Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes. PMID:26266413

A decision framework for managing risk to airports from terrorist attack.

PubMed

Shafieezadeh, Abdollah; Cha, Eun J; Ellingwood, Bruce R

2015-02-01

This article presents an asset-level security risk management framework to assist stakeholders of critical assets with allocating limited budgets for enhancing their safety and security against terrorist attack. The proposed framework models the security system of an asset, considers various threat scenarios, and models the sequential decision framework of attackers during the attack. Its novel contributions are the introduction of the notion of partial neutralization of attackers by defenders, estimation of total loss from successful, partially successful, and unsuccessful actions of attackers at various stages of an attack, and inclusion of the effects of these losses on the choices made by terrorists at various stages of the attack. The application of the proposed method is demonstrated in an example dealing with security risk management of a U.S. commercial airport, in which a set of plausible threat scenarios and risk mitigation options are considered. It is found that a combination of providing blast-resistant cargo containers and a video surveillance system on the airport perimeter fence is the best option based on minimum expected life-cycle cost considering a 10-year service period. © 2014 Society for Risk Analysis.

Analytical connection between thresholds and immunization strategies of SIS model in random networks

NASA Astrophysics Data System (ADS)

Zhou, Ming-Yang; Xiong, Wen-Man; Liao, Hao; Wang, Tong; Wei, Zong-Wen; Fu, Zhong-Qian

2018-05-01

Devising effective strategies for hindering the propagation of viruses and protecting the population against epidemics is critical for public security and health. Despite a number of studies based on the susceptible-infected-susceptible (SIS) model devoted to this topic, we still lack a general framework to compare different immunization strategies in completely random networks. Here, we address this problem by suggesting a novel method based on heterogeneous mean-field theory for the SIS model. Our method builds the relationship between the thresholds and different immunization strategies in completely random networks. Besides, we provide an analytical argument that the targeted large-degree strategy achieves the best performance in random networks with arbitrary degree distribution. Moreover, the experimental results demonstrate the effectiveness of the proposed method in both artificial and real-world networks.

Security and Cloud Outsourcing Framework for Economic Dispatch

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sarker, Mushfiqur R.; Wang, Jianhui; Li, Zuyi

The computational complexity and problem sizes of power grid applications have increased significantly with the advent of renewable resources and smart grid technologies. The current paradigm of solving these issues consist of inhouse high performance computing infrastructures, which have drawbacks of high capital expenditures, maintenance, and limited scalability. Cloud computing is an ideal alternative due to its powerful computational capacity, rapid scalability, and high cost-effectiveness. A major challenge, however, remains in that the highly confidential grid data is susceptible for potential cyberattacks when outsourced to the cloud. In this work, a security and cloud outsourcing framework is developed for themore » Economic Dispatch (ED) linear programming application. As a result, the security framework transforms the ED linear program into a confidentiality-preserving linear program, that masks both the data and problem structure, thus enabling secure outsourcing to the cloud. Results show that for large grid test cases the performance gain and costs outperforms the in-house infrastructure.« less

European security framework for healthcare.

PubMed

Ruotsalainen, Pekka; Pohjonen, Hanna

2003-01-01

eHealth and telemedicine services are promising business areas in Europe. It is clear that eHealth products and services will be sold and ordered from a distance and over national borderlines in the future. However, there are many barriers to overcome. For both national and pan-European eHealth and telemedicine applications a common security framework is needed. These frameworks set security requirements needed for cross-border eHealth services. The next step is to build a security infrastructure which is independent of technical platforms. Most of the European eHealth platforms are regional or territorial. Some countries are looking for a Public Key Infrastructure, but no large scale solutions do exist in healthcare. There is no clear candidate solution for European-wide interoperable eHealth platform. Gross-platform integration seems to be the most practical integration method at a European level in the short run. The use of Internet as a European integration platform is a promising solution in the long run.

Security and Cloud Outsourcing Framework for Economic Dispatch

DOE PAGES

Sarker, Mushfiqur R.; Wang, Jianhui; Li, Zuyi; ...

2017-04-24

The computational complexity and problem sizes of power grid applications have increased significantly with the advent of renewable resources and smart grid technologies. The current paradigm of solving these issues consist of inhouse high performance computing infrastructures, which have drawbacks of high capital expenditures, maintenance, and limited scalability. Cloud computing is an ideal alternative due to its powerful computational capacity, rapid scalability, and high cost-effectiveness. A major challenge, however, remains in that the highly confidential grid data is susceptible for potential cyberattacks when outsourced to the cloud. In this work, a security and cloud outsourcing framework is developed for themore » Economic Dispatch (ED) linear programming application. As a result, the security framework transforms the ED linear program into a confidentiality-preserving linear program, that masks both the data and problem structure, thus enabling secure outsourcing to the cloud. Results show that for large grid test cases the performance gain and costs outperforms the in-house infrastructure.« less

Attachment based treatments for adolescents: the secure cycle as a framework for assessment, treatment and evaluation.

PubMed

Kobak, Roger; Zajac, Kristyn; Herres, Joanna; Krauthamer Ewing, E Stephanie

2015-01-01

The emergence of attachment-based treatments (ABTs) for adolescents highlights the need to more clearly define and evaluate these treatments in the context of other attachment based treatments for young children and adults. We propose a general framework for defining and evaluating ABTs that describes the cyclical processes that are required to maintain a secure attachment bond. This secure cycle incorporates three components: (1) the child or adult's IWM of the caregiver; (2) emotionally attuned communication; and (3) the caregiver's IWM of the child or adult. We briefly review Bowlby, Ainsworth, and Main's contributions to defining the components of the secure cycle and discuss how this framework can be adapted for understanding the process of change in ABTs. For clinicians working with adolescents, our model can be used to identify how deviations from the secure cycle (attachment injuries, empathic failures and mistuned communication) contribute to family distress and psychopathology. The secure cycle also provides a way of describing the ABT elements that have been used to revise IWMs or improve emotionally attuned communication. For researchers, our model provides a guide for conceptualizing and measuring change in attachment constructs and how change in one component of the interpersonal cycle should generalize to other components.

Attachment Based Treatments for Adolescents: The Secure Cycle as a Framework for Assessment, Treatment and Evaluation

PubMed Central

Kobak, Roger; Zajac, Kristyn; Herres, Joanna; KrauthamerEwing, E. Stephanie

2016-01-01

The emergence of ABTs for adolescents highlights the need to more clearly define and evaluate these treatments in the context of other attachment based treatments for young children and adults. We propose a general framework for defining and evaluating ABTs that describes the cyclical processes that are required to maintain a secure attachment bond. This secure cycle incorporates three components: 1) the child or adult’s IWM of the caregiver; 2) emotionally attuned communication; and 3) the caregiver’s IWM of the child or adult. We briefly review Bowlby, Ainsworth, and Main’s contributions to defining the components of the secure cycle and discuss how this framework can be adapted for understanding the process of change in ABTs. For clinicians working with adolescents, our model can be used to identify how deviations from the secure cycle (attachment injuries, empathic failures and mistuned communication) contribute to family distress and psychopathology. The secure cycle also provides a way of describing the ABT elements that have been used to revise IWMs or improve emotionally attuned communication. For researchers, our model provides a guide for conceptualizing and measuring change in attachment constructs and how change in one component of the interpersonal cycle should generalize to other components. PMID:25744572

17 CFR 300.302 - Mechanics of closeout or completion.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Mechanics of closeout or completion. 300.302 Section 300.302 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Closeout Or...

The Chain-Link Fence Model: A Framework for Creating Security Procedures

ERIC Educational Resources Information Center

Houghton, Robert F.

2013-01-01

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

Determination of ISRA Framework Using Delphi Methodology for Small and Midsized Enterprises

ERIC Educational Resources Information Center

Shah, Ashish

2017-01-01

Unfathomable a few decades ago, the velocity of revolution in information technology (IT) security is accelerating. Small and midsized enterprises (SMEs) continue to make IT security a highest priority and foster security controls to safeguard their environments from adverse effects. Information technology security professionals must rely on one…

A Network Access Control Framework for 6LoWPAN Networks

PubMed Central

Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

2013-01-01

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

17 CFR 300.306 - Completion or closeout pursuant to SIPC direction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Completion or closeout pursuant to SIPC direction. 300.306 Section 300.306 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION...

Introducing the CERT (Trademark) Resiliency Engineering Framework: Improving the Security and Sustainability Processes

DTIC Science & Technology

2007-05-01

business processes and services. 4. Security operations management addresses the day-to-day activities that the organization performs to protect the...Management TM – Technology Management Security Operations Management SOM – Security Operations Management 5.7.2 Important Operations Competency...deals with the provision of access rights to informa- tion and technical assets SOM – Security Operations Management , which addresses the fundamental

Measuring Security Effectiveness and Efficiency at U.S. Commercial Airports

DTIC Science & Technology

2013-03-01

formative program evaluation and policy analysis to investigate current airport security programs. It identifies innovative public administration and...policy-analysis tools that could provide potential benefits to airport security . These tools will complement the System Based Risk Management framework if

The African Peace and Security Architecture: Myth or Reality

DTIC Science & Technology

2013-03-01

resolving the conflicts. Efforts by African leaders to create continental peace and security mechanisms failed miserably . Consequently, Africans depended...Framework Document, October 2001), 14. 6 Andre Le Sage, “Africa’s Irregular Security Threats: Challenges for U.S. Engagement,” (Strategic Forum

A study of IEEE 802.15.4 security framework for wireless body area networks.

PubMed

Saleem, Shahnaz; Ullah, Sana; Kwak, Kyung Sup

2011-01-01

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN.

A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Networks

PubMed Central

Saleem, Shahnaz; Ullah, Sana; Kwak, Kyung Sup

2011-01-01

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN. PMID:22319358

Development and application of a new grey dynamic hierarchy analysis system (GDHAS) for evaluating urban ecological security.

PubMed

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-05-21

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management.

Development and Application of a New Grey Dynamic Hierarchy Analysis System (GDHAS) for Evaluating Urban Ecological Security

PubMed Central

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-01-01

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management. PMID:23698700

Secure annotation for medical images based on reversible watermarking in the Integer Fibonacci-Haar transform domain

NASA Astrophysics Data System (ADS)

Battisti, F.; Carli, M.; Neri, A.

2011-03-01

The increasing use of digital image-based applications is resulting in huge databases that are often difficult to use and prone to misuse and privacy concerns. These issues are especially crucial in medical applications. The most commonly adopted solution is the encryption of both the image and the patient data in separate files that are then linked. This practice results to be inefficient since, in order to retrieve patient data or analysis details, it is necessary to decrypt both files. In this contribution, an alternative solution for secure medical image annotation is presented. The proposed framework is based on the joint use of a key-dependent wavelet transform, the Integer Fibonacci-Haar transform, of a secure cryptographic scheme, and of a reversible watermarking scheme. The system allows: i) the insertion of the patient data into the encrypted image without requiring the knowledge of the original image, ii) the encryption of annotated images without causing loss in the embedded information, and iii) due to the complete reversibility of the process, it allows recovering the original image after the mark removal. Experimental results show the effectiveness of the proposed scheme.

DOE Office of Scientific and Technical Information (OSTI.GOV)

McKinnon, Archibald D.; Thompson, Seth R.; Doroshchuk, Ruslan A.

mart grid technologies are transforming the electric power grid into a grid with bi-directional flows of both power and information. Operating millions of new smart meters and smart appliances will significantly impact electric distribution systems resulting in greater efficiency. However, the scale of the grid and the new types of information transmitted will potentially introduce several security risks that cannot be addressed by traditional, centralized security techniques. We propose a new bio-inspired cyber security approach. Social insects, such as ants and bees, have developed complex-adaptive systems that emerge from the collective application of simple, light-weight behaviors. The Digital Ants frameworkmore » is a bio-inspired framework that uses mobile light-weight agents. Sensors within the framework use digital pheromones to communicate with each other and to alert each other of possible cyber security issues. All communication and coordination is both localized and decentralized thereby allowing the framework to scale across the large numbers of devices that will exist in the smart grid. Furthermore, the sensors are light-weight and therefore suitable for implementation on devices with limited computational resources. This paper will provide a brief overview of the Digital Ants framework and then present results from test bed-based demonstrations that show that Digital Ants can identify a cyber attack scenario against smart meter deployments.« less

GEMSS: privacy and security for a medical Grid.

PubMed

Middleton, S E; Herveg, J A M; Crazzolara, F; Marvin, D; Poullet, Y

2005-01-01

The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health care sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

Insider Threat and Information Security Management

NASA Astrophysics Data System (ADS)

Coles-Kemp, Lizzie; Theoharidou, Marianthi

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing.

PubMed

Kumar, Vinod; Jangirala, Srinivas; Ahmad, Musheer

2018-06-28

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.'s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

76 FR 69755 - National Disaster Recovery Framework (NDRF)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-09

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2010-0004] National Disaster Recovery Framework (NDRF) AGENCY: Federal Emergency Management Agency, DHS. ACTION... Framework (NRF) to provide organizing constructs and principles solely focused on disaster recovery...

Food security in a perfect storm: using the ecosystem services framework to increase understanding

PubMed Central

Poppy, G. M.; Chiotha, S.; Eigenbrod, F.; Harvey, C. A.; Honzák, M.; Hudson, M. D.; Jarvis, A.; Madise, N. J.; Schreckenberg, K.; Shackleton, C. M.; Villa, F.; Dawson, T. P.

2014-01-01

Achieving food security in a ‘perfect storm’ scenario is a grand challenge for society. Climate change and an expanding global population act in concert to make global food security even more complex and demanding. As achieving food security and the millennium development goal (MDG) to eradicate hunger influences the attainment of other MDGs, it is imperative that we offer solutions which are complementary and do not oppose one another. Sustainable intensification of agriculture has been proposed as a way to address hunger while also minimizing further environmental impact. However, the desire to raise productivity and yields has historically led to a degraded environment, reduced biodiversity and a reduction in ecosystem services (ES), with the greatest impacts affecting the poor. This paper proposes that the ES framework coupled with a policy response framework, for example Driver-Pressure-State-Impact-Response (DPSIR), can allow food security to be delivered alongside healthy ecosystems, which provide many other valuable services to humankind. Too often, agro-ecosystems have been considered as separate from other natural ecosystems and insufficient attention has been paid to the way in which services can flow to and from the agro-ecosystem to surrounding ecosystems. Highlighting recent research in a large multi-disciplinary project (ASSETS), we illustrate the ES approach to food security using a case study from the Zomba district of Malawi. PMID:24535394

Food security in a perfect storm: using the ecosystem services framework to increase understanding.

PubMed

Poppy, G M; Chiotha, S; Eigenbrod, F; Harvey, C A; Honzák, M; Hudson, M D; Jarvis, A; Madise, N J; Schreckenberg, K; Shackleton, C M; Villa, F; Dawson, T P

2014-04-05

Achieving food security in a 'perfect storm' scenario is a grand challenge for society. Climate change and an expanding global population act in concert to make global food security even more complex and demanding. As achieving food security and the millennium development goal (MDG) to eradicate hunger influences the attainment of other MDGs, it is imperative that we offer solutions which are complementary and do not oppose one another. Sustainable intensification of agriculture has been proposed as a way to address hunger while also minimizing further environmental impact. However, the desire to raise productivity and yields has historically led to a degraded environment, reduced biodiversity and a reduction in ecosystem services (ES), with the greatest impacts affecting the poor. This paper proposes that the ES framework coupled with a policy response framework, for example Driver-Pressure-State-Impact-Response (DPSIR), can allow food security to be delivered alongside healthy ecosystems, which provide many other valuable services to humankind. Too often, agro-ecosystems have been considered as separate from other natural ecosystems and insufficient attention has been paid to the way in which services can flow to and from the agro-ecosystem to surrounding ecosystems. Highlighting recent research in a large multi-disciplinary project (ASSETS), we illustrate the ES approach to food security using a case study from the Zomba district of Malawi.

Information Security – Guidance for Manually Completing the Information Security Awareness Training

EPA Pesticide Factsheets

The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

DTIC Science & Technology

2010-09-01

secure ad-hoc networks of mobile sensors deployed in a hostile environment . These sensors are normally small 86 and resource...Communications Magazine, 51, 2008. 45. Kumar, S.A. “Classification and Review of Security Schemes in Mobile Comput- ing”. Wireless Sensor Network , 2010... Networks ”. Wireless /Mobile Network Security , 2008. 85. Xiao, Y. “Accountability for Wireless LANs, Ad Hoc Networks , and Wireless

Oven wall panel construction

DOEpatents

Ellison, Kenneth; Whike, Alan S.

1980-04-22

An oven roof or wall is formed from modular panels, each of which comprises an inner fabric and an outer fabric. Each such fabric is formed with an angle iron framework and somewhat resilient tie-bars or welded at their ends to flanges of the angle irons to maintain the inner and outer frameworks in spaced disposition while minimizing heat transfer by conduction and permitting some degree of relative movement on expansion and contraction of the module components. Suitable thermal insulation is provided within the module. Panels or skins are secured to the fabric frameworks and each such skin is secured to a framework and projects laterally so as slidingly to overlie the adjacent frame member of an adjacent panel in turn to permit relative movement during expansion and contraction.

A framework for the analysis of the security of supply of utilising carbon dioxide as a chemical feedstock.

PubMed

Fraga, Eric S; Ng, Melvin

2015-01-01

Recent developments in catalysts have enhanced the potential for the utilisation of carbon dioxide as a chemical feedstock. Using the appropriate energy efficient catalyst enables a range of chemical pathways leading to desirable products. In doing so, CO2 provides an economically and environmentally beneficial source of C1 feedstock, while improving the issues relating to security of supply that are associated with fossil-based feedstocks. However, the dependence on catalysts brings other supply chains into consideration, supply chains that may also have security of supply issues. The choice of chemical pathways for specific products will therefore entail an assessment not only of economic factors but also the security of supply issues for the catalysts. This is a multi-criteria decision making problem. In this paper, we present a modified 4A framework based on the framework suggested by the Asian Pacific Energy Research centre for macro-economic applications. The 4A methodology is named after the criteria used to compare alternatives: availability, acceptability, applicability and affordability. We have adapted this framework for the consideration of alternative chemical reaction processes using a micro-economic outlook. Data from a number of sources were collected and used to quantify each of the 4A criteria. A graphical representation of the assessments is used to support the decision maker in comparing alternatives. The framework not only allows for the comparison of processes but also highlights current limitations in the CCU processes. The framework presented can be used by a variety of stakeholders, including regulators, investors, and process industries, with the aim of identifying promising routes within a broader multi-criteria decision making process.

Why information security belongs on the CFO's agenda.

PubMed

Quinnild, James; Fusile, Jeff; Smith, Cindy

2006-02-01

Healthcare financial executives need to understand the complex and growing role of information security in supporting the business of health care. The biggest security gaps in healthcare organizations occur in strategy and centralization, business executive preparation, and protected health information. CFOs should collaborate with the CIO in engaging a comprehensive framework to develop, implement, communicate, and maintain an enterprisewide information security strategy.

Worldwide Emerging Environmental Issues Affecting the U.S. Military. Summarizing Environmental Security Monthly Scanning May 2005 - May 2006

DTIC Science & Technology

2006-05-01

breed of ‘refugee’ within international frameworks,” while Dr. Bogardi, Director of UNU’s Institute for Environment and Human Security in Bonn...Modified Organisms (GMOs) Continues FAO calls for an international framework for GM trees GM Crops Created Superweed Europe to Redouble Efforts to...avoid eventual damages to their crops , to protection of endangered species that need special habitat conditions. Enviromatics could impact

One Health in food safety and security education: A curricular framework.

PubMed

Angelos, J; Arens, A; Johnson, H; Cadriel, J; Osburn, B

2016-02-01

The challenges of producing and distributing the food necessary to feed an anticipated 9 billion people in developed and developing societies by 2050 without destroying Earth's finite soil and water resources present extremely complex problems that lack simple solutions. The ability of modern societies to adequately address these and other food-related problems will require an educated workforce trained not only in traditional food safety, security, and public health, but also in other areas including food production, sustainable practices, and ecosystem health. To help address the need for such an educated workforce, a curricular framework was developed to assist those tasked with designing education and training for future food systems workers. One sentence summary: A curricular framework for education and training in food safety and security was developed that incorporates One Health concepts. Copyright © 2015 The Authors. Published by Elsevier Ltd.. All rights reserved.

The European Qualification Framework: Skills, Competences or Knowledge?

ERIC Educational Resources Information Center

Mehaut, Philippe; Winch, Christopher

2012-01-01

The European Qualification Framework (EQF) is intended to transform European national qualification frameworks (NQFs) by moulding them into a learning outcomes framework. Currently adopted as an enabling law by the European Union, the EQF has now operated for several years. In order to secure widespread adoption, however, it will be necessary for…

Building a Practical Framework for Enterprise-Wide Security Management

DTIC Science & Technology

2004-04-28

management. They have found that current efforts to manage security vulnerabilities and security risks only take an enterprise so far, with results...analyzed reports to determine the cause of the increase. Slide 5 © 2004 by Carnegie Mellon University Version 1.0 Secure IT 2004 - page 5 Attack...Nearly 1 in 5 of those surveyed reported that none of their IT staff have any formal security training. [A survey of 896 Computing Technology

The Importance of Trust in Electronic Commerce.

ERIC Educational Resources Information Center

Ratnasingham, Pauline

1998-01-01

Introduces the new concept of trust and how it influences the process of managing the security of an organization operating in an electronic commerce environment. Theoretically, the study aims to develop a framework of trust and security to provide a set of guidelines for secure electronic commerce. (Author/LRW)

Racing to the Future: Security in the Gigabit Race?

ERIC Educational Resources Information Center

Gregory, Mark A; Cradduck, Lucy

2016-01-01

This research seeks to identify the differing national perspectives towards security and the "gigabit race" as those nations transition to their next generation broadband networks. Its aim is to critically appraise the rationales for their existing digital security frameworks in order to determine whether (and what) Australia can learn…

An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment

PubMed Central

Dorairaj, Sudha Devi; Kaliannan, Thilagavathy

2015-01-01

Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions. PMID:26258165

A Dynamic Framework for Water Security

NASA Astrophysics Data System (ADS)

Srinivasan, Veena; Konar, Megan; Sivapalan, Murugesu

2017-04-01

Water security is a multi-faceted problem, going beyond mere balancing of supply and demand. Conventional attempts to quantify water security starting rely on static indices at a particular place and point in time. While these are simple and scalable, they lack predictive or explanatory power. 1) Most static indices focus on specific spatial scales and largely ignore cross-scale feedbacks between human and water systems. 2) They fail to account for the increasing spatial specialization in the modern world - some regions are cities others are agricultural breadbaskets; so water security means different things in different places. Human adaptation to environmental change necessitates a dynamic view of water security. We present a framework that defines water security as an emergent outcome of a coupled socio-hydrologic system. Over the medium term (5-25 years), water security models might hold governance, culture and infrastructure constant, but allow humans to respond to changes and thus predict how water security would evolve. But over very long time-frames (25-100 years), a society's values, norms and beliefs themselves may themselves evolve; these in turn may prompt changes in policy, governance and infrastructure. Predictions of water security in the long term involve accounting for such regime shifts in the cultural and political context of a watershed by allowing the governing equations of the models to change.

An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment.

PubMed

Dorairaj, Sudha Devi; Kaliannan, Thilagavathy

2015-01-01

Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions.

The SERENITY Runtime Monitoring Framework

NASA Astrophysics Data System (ADS)

Spanoudakis, George; Kloukinas, Christos; Mahbub, Khaled

This chapter describes SERENITY’s approach to runtime monitoring and the framework that has been developed to support it. Runtime monitoring is required in SERENITY in order to check for violations of security and dependability properties which are necessary for the correct operation of the security and dependability solutions that are available from the SERENITY framework. This chapter discusses how such properties are specified and monitored. The chapter focuses on the activation and execution of monitoring activities using S&D Patterns and the actions that may be undertaken following the detection of property violations. The approach is demonstrated in reference to one of the industrial case studies of the SERENITY project.

Shared Information Framework and Technology (SHIFT) Handbook

DTIC Science & Technology

2009-02-01

field. Such a patchwork of separate systems neither improves information sharing nor guarantees the safety and security of communities and personnel in...analysis. In many organizations, security may not necessarily be the expertise of people working in the field, or security and safety issues may be...the safety and security of all crisis management personnel in crisis areas. Functioning information sharing between organisations improves situational

Elements of ESA's policy on space and security

NASA Astrophysics Data System (ADS)

Giannopapa, Christina; Adriaensen, Maarten; Antoni, Ntorina; Schrogl, Kai-Uwe

2018-06-01

In the past decade Europe has been facing rising security threats, ranging from climate change, migrations, nearby conflicts and crises, to terrorism. The demand to tackle these critical challenges is increasing in Member States. Space is already contributing, and could further contribute with already existing systems and future ones. The increasing need for security in Europe and for safety and security of Europe's space activities has led to a growing number of activities in ESA in various domains. It has also driven new and strengthened partnerships with security stakeholders in Europe. At the European level, ESA is collaborating closely with the main European institutions dealing with space security. In addition, as an organisation ESA has evolved to conduct security-related projects and programmes and to address the threats to its own activities, thereby securing the investments of the Member States. Over the past years the Agency has set up a comprehensive regulatory framework in order to be able to cope with security related requirements. Over the past years, ESA has increased its exchanges with its Member States. The paper presents main elements of the ESA's policy on space and security. It introduces the current European context for space and security, the European goals in this domain and the specific objectives to which the Agency intends to contribute. Space and security in the ESA context is set out under two components: a) security from space and b) security in space, including the security of ESA's own activities (corporate security and the security of ESA's space missions). Subsequently, ESA's activities are elaborated around these two pillars, composed of different activities conducted in the most appropriate frameworks and in coordination with the relevant stakeholders and shareholders.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gibbs, P. W.

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

Diagnosing water security in the rural North with an environmental security framework.

PubMed

Penn, Henry J F; Loring, Philip A; Schnabel, William E

2017-09-01

This study explores the nature of water security challenges in rural Alaska, using a framework for environmental security that entails four interrelated concepts: availability, access, utility, and stability of water resources. Many researchers and professionals agree that water insecurity is a problem in rural Alaska, although the scale and nature of the problem is contested. Some academics have argued that the problem is systemic, and rooted in an approach to water security by the state that prioritizes economic concerns over public health concerns. Health practitioners and state agencies, on the other hand, contend that much progress has been made, and that nearly all rural households have access to safe drinking water, though many are still lacking 'modern' in-home water service. Here, we draw on a synthesis of ethnographic research alongside data from state agencies to show that the persistent water insecurity problems in rural Alaska are not a problem of access to or availability of clean water, or a lack of 'modern' infrastructure, but instead are rooted in complex human dimensions of water resources management, including the political legacies of state and federal community development schemes that did not fully account for local needs and challenges. The diagnostic approach we implement here helps to identify solutions to these challenges, which accordingly focus on place-based needs and empowering local actors. The framework likewise proves to be broadly applicable to exploring water security concerns elsewhere in the world. Copyright © 2017 Elsevier Ltd. All rights reserved.

A Semantic Based Policy Management Framework for Cloud Computing Environments

ERIC Educational Resources Information Center

Takabi, Hassan

2013-01-01

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access…

The Globalization of Higher Education as a Societal and Cultural Security Problem

ERIC Educational Resources Information Center

Samier, Eugenie A.

2015-01-01

In this article, I propose a theory of the globalization of higher education as societal and cultural security problems for many regions of the world. The first section examines the field of security studies for theoretical frameworks appropriate to critiquing globalized higher education, including critical human, societal and cultural security…

The Impact of Regional Higher Education Spaces on the Security of International Students

ERIC Educational Resources Information Center

Forbes-Mewett, Helen

2016-01-01

The security of international students in regional higher education spaces in Australia has been overlooked. Contingency theory provides the framework for this case study to explore the organisational structure and support services relevant to a regional higher education space and how this impacts the security of international students. In-depth…

A Framework for the Governance of Information Security

ERIC Educational Resources Information Center

Edwards, Charles K.

2013-01-01

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

An Autonomic Framework for Integrating Security and Quality of Service Support in Databases

ERIC Educational Resources Information Center

Alomari, Firas

2013-01-01

The back-end databases of multi-tiered applications are a major data security concern for enterprises. The abundance of these systems and the emergence of new and different threats require multiple and overlapping security mechanisms. Therefore, providing multiple and diverse database intrusion detection and prevention systems (IDPS) is a critical…

Practical School Security: Basic Guidelines for Safe and Secure Schools.

ERIC Educational Resources Information Center

Trump, Kenneth S.

This book is written primarily for elementary and secondary school administrators and teachers, but college faculty involved in providing teacher or administrator education would also benefit from the practical approach to issues of school security. Chapters 1 through 3 establish a framework for dealing with the myths and realities of school…

Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

ERIC Educational Resources Information Center

Kiriakou, Charles M.

2012-01-01

Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

Securing While Sampling in Wireless Body Area Networks With Application to Electrocardiography.

PubMed

Dautov, Ruslan; Tsouri, Gill R

2016-01-01

Stringent resource constraints and broadcast transmission in wireless body area network raise serious security concerns when employed in biomedical applications. Protecting data transmission where any minor alteration is potentially harmful is of significant importance in healthcare. Traditional security methods based on public or private key infrastructure require considerable memory and computational resources, and present an implementation obstacle in compact sensor nodes. This paper proposes a lightweight encryption framework augmenting compressed sensing with wireless physical layer security. Augmenting compressed sensing to secure information is based on the use of the measurement matrix as an encryption key, and allows for incorporating security in addition to compression at the time of sampling an analog signal. The proposed approach eliminates the need for a separate encryption algorithm, as well as the predeployment of a key thereby conserving sensor node's limited resources. The proposed framework is evaluated using analysis, simulation, and experimentation applied to a wireless electrocardiogram setup consisting of a sensor node, an access point, and an eavesdropper performing a proximity attack. Results show that legitimate communication is reliable and secure given that the eavesdropper is located at a reasonable distance from the sensor node and the access point.

6 CFR 27.215 - Security vulnerability assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security vulnerability assessments. 27.215... FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.215 Security vulnerability...-risk, the facility must complete a Security Vulnerability Assessment. A Security Vulnerability...

Orthogonal-state-based cryptography in quantum mechanics and local post-quantum theories

NASA Astrophysics Data System (ADS)

Aravinda, S.; Banerjee, Anindita; Pathak, Anirban; Srikanth, R.

2014-02-01

We introduce the concept of cryptographic reduction, in analogy with a similar concept in computational complexity theory. In this framework, class A of crypto-protocols reduces to protocol class B in a scenario X, if for every instance a of A, there is an instance b of B and a secure transformation X that reproduces a given b, such that the security of b guarantees the security of a. Here we employ this reductive framework to study the relationship between security in quantum key distribution (QKD) and quantum secure direct communication (QSDC). We show that replacing the streaming of independent qubits in a QKD scheme by block encoding and transmission (permuting the order of particles block by block) of qubits, we can construct a QSDC scheme. This forms the basis for the block reduction from a QSDC class of protocols to a QKD class of protocols, whereby if the latter is secure, then so is the former. Conversely, given a secure QSDC protocol, we can of course construct a secure QKD scheme by transmitting a random key as the direct message. Then the QKD class of protocols is secure, assuming the security of the QSDC class which it is built from. We refer to this method of deduction of security for this class of QKD protocols, as key reduction. Finally, we propose an orthogonal-state-based deterministic key distribution (KD) protocol which is secure in some local post-quantum theories. Its security arises neither from geographic splitting of a code state nor from Heisenberg uncertainty, but from post-measurement disturbance.

Supporting Research and Development of Security Technologies through Network and Security Data Collection

DTIC Science & Technology

Research and development targeted at identifying and mitigating Internet security threats require current network data. To fulfill this need... researchers working for the Center for Applied Internet Data Analysis (CAIDA), a program at the San Diego Supercomputer Center (SDSC) which is based at the...vetted network and security researchers using the PREDICT/IMPACT portal and legal framework. We have also contributed to community building efforts that

Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

ERIC Educational Resources Information Center

Zahadat, Nima

2016-01-01

With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

Retaining Ring Fastener for Solar Panels

NASA Technical Reports Server (NTRS)

Wilson, A. H.

1983-01-01

Simple articulating linkage secures solar panels into supporting framework. Five element linkage collapses into W-shape for easy placement into framework, then expands to form rectangle of same dimensions as those of panel.

Quantum Bit Commitment and the Reality of the Quantum State

NASA Astrophysics Data System (ADS)

Srikanth, R.

2018-01-01

Quantum bit commitment is insecure in the standard non-relativistic quantum cryptographic framework, essentially because Alice can exploit quantum steering to defer making her commitment. Two assumptions in this framework are that: (a) Alice knows the ensembles of evidence E corresponding to either commitment; and (b) system E is quantum rather than classical. Here, we show how relaxing assumption (a) or (b) can render her malicious steering operation indeterminable or inexistent, respectively. Finally, we present a secure protocol that relaxes both assumptions in a quantum teleportation setting. Without appeal to an ontological framework, we argue that the protocol's security entails the reality of the quantum state, provided retrocausality is excluded.

76 FR 42395 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-18

... received. Table of Contents I. Introduction A. Statutory Framework B. Consultations C. Approach to Drafting.... Generally B. Consistency With CFTC Approach IV. Paperwork Reduction Act A. Summary of Collections of... that may rely on security-based swaps to manage risk and reduce volatility. C. Approach to Drafting the...

Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

ERIC Educational Resources Information Center

Schultz, Christopher

2012-01-01

Empirical research on information security trends and practices in e-learning is scarce. Many articles that have been published apply basic information security concepts to e-learning and list potential threats or propose frameworks for classifying threats. The purpose of this research is to identify, categorize and understand trends and issues in…

Aligning the Effective Use of Student Data with Student Privacy and Security Laws

ERIC Educational Resources Information Center

Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

2011-01-01

This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

Quantum photonic network and physical layer security

NASA Astrophysics Data System (ADS)

Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

2017-06-01

Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel. This article is part of the themed issue 'Quantum technology for the 21st century'.

Quantum photonic network and physical layer security.

PubMed

Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

2017-08-06

Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel.This article is part of the themed issue 'Quantum technology for the 21st century'. © 2017 The Author(s).

DETERMINANTS OF SPECIALTY CHOICE OF RESIDENT DOCTORS; CASE STUDY--AMONG RESIDENT DOCTORS IN NIGERIA.

PubMed

Osuoji, Roland I; Adebanji, Atinuke; Abdulsalam, Moruf A; Oludara, Mobolaji A; Abolarinwa, Abimbola A

2015-01-01

This study examined medical specialty selection by Nigerian resident doctors using a marketing research approach to determine the selection criteria and the role of perceptions, expected remuneration, and job placement prospects of various specialties in the selection process. Data were from the Community of residents from April 2014 to July 2014. The cohort included 200 residents, but only 171 had complete information. Data were obtained from a cross section of resident doctors in the Lagos State University Teaching Hospital and at the 2014 Ordinary General Meeting of the National Association of Resident Doctors(NARD) where representatives from over 50 Teaching hospitals in Nigeria attended. Using a client behaviour model as a framework, a tripartite questionnaire was designed and administered to residents to deduce information on their knowledge about and interests in various specialties, their opinions of sixteen specialties, and the criteria they used in specialty selection. A total of 171 (85.5%) questionnaires were returned. ln many instances, consistency between selection criteria and perceptions of a specialty were accompanied by interest in pursuing the specialty. Job security, job availability on completion of programme, duration of training and qualifying examinations were highly correlated with p value < 0.05. Results of the Principal Component Analysis show two components (with Eigen values greater than one) explaining 65.3% of the total variance. The first component had placement and training and practice related variables loaded on it while the second component was loaded with job security and financial remuneration related variables. Using marketing research concepts for medical specialty selection (Weissmanet al 2012) stipulates that choice of speciality is influenced by criteria and perception. This study shows that job security expected financial remuneration, and examination requirements for qualification are major determinants of the choice of speciality for residents.

A Security Architecture for Grid-enabling OGC Web Services

NASA Astrophysics Data System (ADS)

Angelini, Valerio; Petronzio, Luca

2010-05-01

In the proposed presentation we describe an architectural solution for enabling a secure access to Grids and possibly other large scale on-demand processing infrastructures through OGC (Open Geospatial Consortium) Web Services (OWS). This work has been carried out in the context of the security thread of the G-OWS Working Group. G-OWS (gLite enablement of OGC Web Services) is an international open initiative started in 2008 by the European CYCLOPS , GENESI-DR, and DORII Project Consortia in order to collect/coordinate experiences in the enablement of OWS's on top of the gLite Grid middleware. G-OWS investigates the problem of the development of Spatial Data and Information Infrastructures (SDI and SII) based on the Grid/Cloud capacity in order to enable Earth Science applications and tools. Concerning security issues, the integration of OWS compliant infrastructures and gLite Grids needs to address relevant challenges, due to their respective design principles. In fact OWS's are part of a Web based architecture that demands security aspects to other specifications, whereas the gLite middleware implements the Grid paradigm with a strong security model (the gLite Grid Security Infrastructure: GSI). In our work we propose a Security Architectural Framework allowing the seamless use of Grid-enabled OGC Web Services through the federation of existing security systems (mostly web based) with the gLite GSI. This is made possible mediating between different security realms, whose mutual trust is established in advance during the deployment of the system itself. Our architecture is composed of three different security tiers: the user's security system, a specific G-OWS security system, and the gLite Grid Security Infrastructure. Applying the separation-of-concerns principle, each of these tiers is responsible for controlling the access to a well-defined resource set, respectively: the user's organization resources, the geospatial resources and services, and the Grid resources. While the gLite middleware is tied to a consolidated security approach based on X.509 certificates, our system is able to support different kinds of user's security infrastructures. Our central component, the G-OWS Security Framework, is based on the OASIS WS-Trust specifications and on the OGC GeoRM architectural framework. This allows to satisfy advanced requirements such as the enforcement of specific geospatial policies and complex secure web service chained requests. The typical use case is represented by a scientist belonging to a given organization who issues a request to a G-OWS Grid-enabled Web Service. The system initially asks the user to authenticate to his/her organization's security system and, after verification of the user's security credentials, it translates the user's digital identity into a G-OWS identity. This identity is linked to a set of attributes describing the user's access rights to the G-OWS services and resources. Inside the G-OWS Security system, access restrictions are applied making use of the enhanced Geospatial capabilities specified by the OGC GeoXACML. If the required action needs to make use of the Grid environment the system checks if the user is entitled to access a Grid infrastructure. In that case his/her identity is translated to a temporary Grid security token using the Short Lived Credential Services (IGTF Standard). In our case, for the specific gLite Grid infrastructure, some information (VOMS Attributes) is plugged into the Grid Security Token to grant the access to the user's Virtual Organization Grid resources. The resulting token is used to submit the request to the Grid and also by the various gLite middleware elements to verify the user's grants. Basing on the presented framework, the G-OWS Security Working Group developed a prototype, enabling the execution of OGC Web Services on the EGEE Production Grid through the federation with a Shibboleth based security infrastructure. Future plans aim to integrate other Web authentication services such as OpenID, Kerberos and WS-Federation.

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

Flow Restoration in the Columbia River Basin: An Evaluation of a Flow Restoration Accounting Framework

NASA Astrophysics Data System (ADS)

McCoy, Amy L.; Holmes, S. Rankin; Boisjolie, Brett A.

2018-03-01

Securing environmental flows in support of freshwater biodiversity is an evolving field of practice. An example of a large-scale program dedicated to restoring environmental flows is the Columbia Basin Water Transactions Program in the Pacific Northwest region of North America, which has been restoring flows in dewatered tributary habitats for imperiled salmon species over the past decade. This paper discusses a four-tiered flow restoration accounting framework for tracking the implementation and impacts of water transactions as an effective tool for adaptive management. The flow restoration accounting framework provides compliance and flow accounting information to monitor transaction efficacy. We review the implementation of the flow restoration accounting framework monitoring framework to demonstrate (a) the extent of water transactions that have been implemented over the past decade, (b) the volumes of restored flow in meeting flow targets for restoring habitat for anadromous fish species, and (c) an example of aquatic habitat enhancement that resulted from Columbia Basin Water Transactions Program investments. Project results show that from 2002 to 2015, the Columbia Basin Water Transactions Program has completed more than 450 water rights transactions, restoring approximately 1.59 million megaliters to date, with an additional 10.98 million megaliters of flow protected for use over the next 100 years. This has resulted in the watering of over 2414 stream kilometers within the Columbia Basin. We conclude with a discussion of the insights gained through the implementation of the flow restoration accounting framework. Understanding the approach and efficacy of a monitoring framework applied across a large river basin can be informative to emerging flow-restoration and adaptive management efforts in areas of conservation concern.

Flow Restoration in the Columbia River Basin: An Evaluation of a Flow Restoration Accounting Framework.

PubMed

McCoy, Amy L; Holmes, S Rankin; Boisjolie, Brett A

2018-03-01

Securing environmental flows in support of freshwater biodiversity is an evolving field of practice. An example of a large-scale program dedicated to restoring environmental flows is the Columbia Basin Water Transactions Program in the Pacific Northwest region of North America, which has been restoring flows in dewatered tributary habitats for imperiled salmon species over the past decade. This paper discusses a four-tiered flow restoration accounting framework for tracking the implementation and impacts of water transactions as an effective tool for adaptive management. The flow restoration accounting framework provides compliance and flow accounting information to monitor transaction efficacy. We review the implementation of the flow restoration accounting framework monitoring framework to demonstrate (a) the extent of water transactions that have been implemented over the past decade, (b) the volumes of restored flow in meeting flow targets for restoring habitat for anadromous fish species, and (c) an example of aquatic habitat enhancement that resulted from Columbia Basin Water Transactions Program investments. Project results show that from 2002 to 2015, the Columbia Basin Water Transactions Program has completed more than 450 water rights transactions, restoring approximately 1.59 million megaliters to date, with an additional 10.98 million megaliters of flow protected for use over the next 100 years. This has resulted in the watering of over 2414 stream kilometers within the Columbia Basin. We conclude with a discussion of the insights gained through the implementation of the flow restoration accounting framework. Understanding the approach and efficacy of a monitoring framework applied across a large river basin can be informative to emerging flow-restoration and adaptive management efforts in areas of conservation concern.

33 CFR 103.400 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.400 General. (a) The Area Maritime Security (AMS) Committee will ensure that a risk based AMS Assessment, is completed and meets the...

Aviation security : TSA has completed key activities associated with implementing secure flight, but additional actions are needed to mitigate risks.

DOT National Transportation Integrated Search

2009-05-01

To enhance aviation security, the Department of Homeland Securitys (DHS) Transportation Security Administration (TSA) developed a programknown as Secure Flightto assume from air carriers the function of matching passenger information against...

49 CFR 1548.15 - Access to cargo: Security threat assessments for individuals having unescorted access to cargo.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for... SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.15 Access to cargo: Security threat... must successfully complete a security threat assessment or comparable security threat assessment...

77 FR 33683 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security, U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-07

... Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records AGENCY... Framework for Intelligence (AFI) System of Records'' and this proposed rulemaking. In this proposed... Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records.'' AFI enhances DHS's...

Secure public cloud platform for medical images sharing.

PubMed

Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

2015-01-01

Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

A framework for modelling the complexities of food and water security under globalisation

NASA Astrophysics Data System (ADS)

Dermody, Brian J.; Sivapalan, Murugesu; Stehfest, Elke; van Vuuren, Detlef P.; Wassen, Martin J.; Bierkens, Marc F. P.; Dekker, Stefan C.

2018-01-01

We present a new framework for modelling the complexities of food and water security under globalisation. The framework sets out a method to capture regional and sectoral interdependencies and cross-scale feedbacks within the global food system that contribute to emergent water use patterns. The framework integrates aspects of existing models and approaches in the fields of hydrology and integrated assessment modelling. The core of the framework is a multi-agent network of city agents connected by infrastructural trade networks. Agents receive socio-economic and environmental constraint information from integrated assessment models and hydrological models respectively and simulate complex, socio-environmental dynamics that operate within those constraints. The emergent changes in food and water resources are aggregated and fed back to the original models with minimal modification of the structure of those models. It is our conviction that the framework presented can form the basis for a new wave of decision tools that capture complex socio-environmental change within our globalised world. In doing so they will contribute to illuminating pathways towards a sustainable future for humans, ecosystems and the water they share.

Securing electronic health records with novel mobile encryption schemes.

PubMed

Weerasinghe, Dasun; Elmufti, Kalid; Rajarajan, Muttukrishnan; Rakocevic, Veselin

2007-01-01

Mobile devices have penetrated the healthcare sector due to their increased functionality, low cost, high reliability and easy-to-use nature. However, in healthcare applications the privacy and security of the transmitted information must be preserved. Therefore applications require a concrete security framework based on long-term security keys, such as the security key that can be found in a mobile Subscriber Identity Module (SIM). The wireless nature of communication links in mobile networks presents a major challenge in this respect. This paper presents a novel protocol that will send the information securely while including the access privileges to the authorized recipient.

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

Securing Real-Time Sessions in an IMS-Based Architecture

NASA Astrophysics Data System (ADS)

Cennamo, Paolo; Fresa, Antonio; Longo, Maurizio; Postiglione, Fabio; Robustelli, Anton Luca; Toro, Francesco

The emerging all-IP mobile network infrastructures based on 3rd Generation IP Multimedia Subsystem philosophy are characterised by radio access technology independence and ubiquitous connectivity for mobile users. Currently, great focus is being devoted to security issues since most of the security threats presently affecting the public Internet domain, and the upcoming ones as well, are going to be suffered by mobile users in the years to come. While a great deal of research activity, together with standardisation efforts and experimentations, is carried out on mechanisms for signalling protection, very few integrated frameworks for real-time multimedia data protection have been proposed in a context of IP Multimedia Subsystem, and even fewer experimental results based on testbeds are available. In this paper, after a general overview of the security issues arising in an advanced IP Multimedia Subsystem scenario, a comprehensive infrastructure for real-time multimedia data protection, based on the adoption of the Secure Real-Time Protocol, is proposed; then, the development of a testbed incorporating such functionalities, including mechanisms for key management and cryptographic context transfer, and allowing the setup of Secure Real-Time Protocol sessions is presented; finally, experimental results are provided together with quantitative assessments and comparisons of system performances for audio sessions with and without the adoption of the Secure Real-Time Protocol framework.

75 FR 20401 - Self-Regulatory Organizations; NYSE Amex LLC; Notice of Filing of Proposed Rule Change, and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-19

... Nasdaq Securities within the existing DMM and SLP framework used to trade its listed securities. The... substantially similar to the Exchange's current SLP procedures in Rule 107B--NYSE Amex Equities. See proposed..., reassign one or more Nasdaq Securities to a different DMM Unit or to a different SLP or SLPs. a. Assignment...

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

A Review of State Test Security Laws in 2013. ACT Research Report Series, 2014 (1)

ERIC Educational Resources Information Center

Croft, Michelle

2014-01-01

Test security has increased in importance in the last few years given high-profile cases of educator misconduct. This paper provides a review of state test security statutes and regulations related to statewide achievement testing using as a framework recent best practices reports by the U.S. Department of Education's National Center for Education…

Risks and responses to universal drinking water security.

PubMed

Hope, Robert; Rouse, Michael

2013-11-13

Risks to universal drinking water security are accelerating due to rapid demographic, climate and economic change. Policy responses are slow, uneven and largely inadequate to address the nature and scale of the global challenges. The challenges relate both to maintaining water security in increasingly fragile supply systems and to accelerating reliable access to the hundreds of millions who remain water-insecure. A conceptual framework illustrates the relationship between institutional, operational and financial risks and drinking water security outcomes. We apply the framework to nine case studies from rural and urban contexts in South Asia and sub-Saharan Africa. Case studies are purposively selected based on established and emerging examples of political, technological or institutional reforms that address water security risks. We find broad evidence that improved information flows reduce institutional costs and promote stronger and more transparent operational performance to increase financial sustainability. However, political barriers need to be overcome in all cases through internal or external interventions that require often decadal time frames and catalytic investments. No single model exists, though there is sufficient evidence to demonstrate that risks to drinking water security can be reduced even in the most difficult and challenging contexts.

Shared Identity and Reconciliation: Can a Future Security Framework in Northeast Asia Draw from Experiences of the North Atlantic Security Cooperation?

DTIC Science & Technology

2013-06-01

the former Allies of the Second World War, several European countries, the United States of America , and Canada came together to provide for their...European countries, the United States of America , and Canada came together to provide for their security and in 1949 formed a unique security alliance, the ...European countries, the United States of America (U.S.), and Canada came together to provide for their

Nuclear security policy in the context of counter-terrorism in Cambodia

NASA Astrophysics Data System (ADS)

Khun, Vuthy; Wongsawaeng, Doonyapong

2016-01-01

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the context of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia.

Using High-Dimensional Image Models to Perform Highly Undetectable Steganography

NASA Astrophysics Data System (ADS)

Pevný, Tomáš; Filler, Tomáš; Bas, Patrick

This paper presents a complete methodology for designing practical and highly-undetectable stegosystems for real digital media. The main design principle is to minimize a suitably-defined distortion by means of efficient coding algorithm. The distortion is defined as a weighted difference of extended state-of-the-art feature vectors already used in steganalysis. This allows us to "preserve" the model used by steganalyst and thus be undetectable even for large payloads. This framework can be efficiently implemented even when the dimensionality of the feature set used by the embedder is larger than 107. The high dimensional model is necessary to avoid known security weaknesses. Although high-dimensional models might be problem in steganalysis, we explain, why they are acceptable in steganography. As an example, we introduce HUGO, a new embedding algorithm for spatial-domain digital images and we contrast its performance with LSB matching. On the BOWS2 image database and in contrast with LSB matching, HUGO allows the embedder to hide 7× longer message with the same level of security level.

A framework for analyzing the economic tradeoffs between urban commerce and security against terrorism.

PubMed

Rose, Adam; Avetisyan, Misak; Chatterjee, Samrat

2014-08-01

This article presents a framework for economic consequence analysis of terrorism countermeasures. It specifies major categories of direct and indirect costs, benefits, spillover effects, and transfer payments that must be estimated in a comprehensive assessment. It develops a spreadsheet tool for data collection, storage, and refinement, as well as estimation of the various components of the necessary economic accounts. It also illustrates the usefulness of the framework in the first assessment of the tradeoffs between enhanced security and changes in commercial activity in an urban area, with explicit attention to the role of spillover effects. The article also contributes a practical user interface to the model for emergency managers. © 2014 Society for Risk Analysis.

State Regulatory Authority (SRA) Coordination of Safety, Security, and Safeguards of Nuclear Facilities: A Framework for Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mladineo, Stephen V.; Frazar, Sarah L.; Kurzrok, Andrew J.

This paper will explore the development of a framework for conducting an assessment of safety-security-safeguards integration within a State. The goal is to examine State regulatory structures to identify conflicts and gaps that hinder management of the three disciplines at nuclear facilities. Such an analysis could be performed by a State Regulatory Authority (SRA) to provide a self-assessment or as part of technical cooperation with either a newcomer State, or to a State with a fully developed SRA.

Trading-off fish biodiversity, food security, and hydropower in the Mekong River Basin.

PubMed

Ziv, Guy; Baran, Eric; Nam, So; Rodríguez-Iturbe, Ignacio; Levin, Simon A

2012-04-10

The Mekong River Basin, site of the biggest inland fishery in the world, is undergoing massive hydropower development. Planned dams will block critical fish migration routes between the river's downstream floodplains and upstream tributaries. Here we estimate fish biomass and biodiversity losses in numerous damming scenarios using a simple ecological model of fish migration. Our framework allows detailing trade-offs between dam locations, power production, and impacts on fish resources. We find that the completion of 78 dams on tributaries, which have not previously been subject to strategic analysis, would have catastrophic impacts on fish productivity and biodiversity. Our results argue for reassessment of several dams planned, and call for a new regional agreement on tributary development of the Mekong River Basin.

Risk Assessment for Mobile Systems Through a Multilayered Hierarchical Bayesian Network.

PubMed

Li, Shancang; Tryfonas, Theo; Russell, Gordon; Andriotis, Panagiotis

2016-08-01

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire system.

76 FR 22409 - Nationwide Cyber Security Review (NCSR) Assessment

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-21

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0012] Nationwide Cyber Security Review (NCSR...), National Cyber Security Division (NCSD), Cyber Security Evaluation Program (CSEP), will submit the... for all levels of government to complete a cyber network security assessment so that a full measure of...

A secure and easy-to-implement web-based communication framework for caregiving robot teams

NASA Astrophysics Data System (ADS)

Tuna, G.; Daş, R.; Tuna, A.; Örenbaş, H.; Baykara, M.; Gülez, K.

2016-03-01

In recent years, robots have started to become more commonplace in our lives, from factory floors to museums, festivals and shows. They have started to change how we work and play. With an increase in the population of the elderly, they have also been started to be used for caregiving services, and hence many countries have been investing in the robot development. The advancements in robotics and wireless communications has led to the emergence of autonomous caregiving robot teams which cooperate to accomplish a set of tasks assigned by human operators. Although wireless communications and devices are flexible and convenient, they are vulnerable to many risks compared to traditional wired networks. Since robots with wireless communication capability transmit all data types, including sensory, coordination, and control, through radio frequencies, they are open to intruders and attackers unless protected and their openness may lead to many security issues such as data theft, passive listening, and service interruption. In this paper, a secure web-based communication framework is proposed to address potential security threats due to wireless communication in robot-robot and human-robot interaction. The proposed framework is simple and practical, and can be used by caregiving robot teams in the exchange of sensory data as well as coordination and control data.

75 FR 6681 - National Disaster Recovery Framework

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-10

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2010-0004] National Disaster Recovery Framework AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice of availability; request for comments. SUMMARY: The Federal Emergency Management Agency (FEMA), in coordination...

Mathematical Frameworks for Diagnostics, Prognostics and Condition Based Maintenance Problems

DTIC Science & Technology

2008-08-15

REPORT Mathematical Frameworks for Diagnostics, Prognostics and Condition Based Maintenance Problems (W911NF-05-1-0426) 14. ABSTRACT 16. SECURITY ...other documentation. 12. DISTRIBUTION AVAILIBILITY STATEMENT Approved for Public Release; Distribution Unlimited 9. SPONSORING/MONITORING AGENCY NAME...parallel and distributed computing environment were researched. In support of the Condition Based Maintenance (CBM) philosophy, a theoretical framework

Separation Kernel Protection Profile Revisited: Choices and Rationale

DTIC Science & Technology

2010-12-01

provide the most stringent protection and rigorous security countermeasures” [ IATF ]. In other words, robustness is not the same as assurance. Figure 3... IATF Information Assurance Technical Framework, Chapter 4, Release 3.1, National Security Agency, September 2002. Karjoth01 G. Karjoth, “The

The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

PubMed

Pandya, Sheel M

2010-05-01

Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.

A Sustainable WMD Nonproliferation Strategy for East Africa: Connecting the WMD Nonproliferation Agenda with Local Border Security Needs to Achieve Mutually Beneficial Outcomes

DTIC Science & Technology

2014-01-01

Government of Kenya stakeholders with providing a framework for analysis by engaging with a wide range of border security experts from key donor states...holistic national border security action plan and gap analysis were necessary to simultaneously deal with the global WMD nonproliferation agenda and...efforts from a research and analysis vantage point. The underlying idea was that Kenya, through this border security action plan and gap analysis , would

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Privacy Protection by Masking Moving Objects for Security Cameras

NASA Astrophysics Data System (ADS)

Yabuta, Kenichi; Kitazawa, Hitoshi; Tanaka, Toshihisa

Because of an increasing number of security cameras, it is crucial to establish a system that protects the privacy of objects in the recorded images. To this end, we propose a framework of image processing and data hiding for security monitoring and privacy protection. First, we state the requirements of the proposed monitoring systems and suggest possible implementation that satisfies those requirements. The underlying concept of our proposed framework is as follows: (1) in the recorded images, the objects whose privacy should be protected are deteriorated by appropriate image processing; (2) the original objects are encrypted and watermarked into the output image, which is encoded using an image compression standard; (3) real-time processing is performed such that no future frame is required to generate on output bitstream. It should be noted that in this framework, anyone can observe the decoded image that includes the deteriorated objects that are unrecognizable or invisible. On the other hand, for crime investigation, this system allows a limited number of users to observe the original objects by using a special viewer that decrypts and decodes the watermarked objects with a decoding password. Moreover, the special viewer allows us to select the objects to be decoded and displayed. We provide an implementation example, experimental results, and performance evaluations to support our proposed framework.

Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach

PubMed Central

Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

2018-01-01

Background: Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. Objective: In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. Method: We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. Results: The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. Conclusion: It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture. PMID:29853816

Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach.

PubMed

Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

2018-04-01

Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture.

The Natural Hospital Environment: a Socio-Technical-Material perspective.

PubMed

Fernando, Juanita; Dawson, Linda

2014-02-01

This paper introduces two concepts into analyses of information security and hospital-based information systems-- a Socio-Technical-Material theoretical framework and the Natural Hospital Environment. The research is grounded in a review of pertinent literature with previously published Australian (Victoria) case study data to analyse the way clinicians work with privacy and security in their work. The analysis was sorted into thematic categories, providing the basis for the Natural Hospital Environment and Socio-Technical-Material framework theories discussed here. Natural Hospital Environments feature inadequate yet pervasive computer use, aural privacy shortcomings, shared workspace, meagre budgets, complex regulation that hinders training outcomes and out-dated infrastructure and are highly interruptive. Working collaboratively in many cases, participants found ways to avoid or misuse security tools, such as passwords or screensavers for patient care. Workgroup infrastructure was old, architecturally limited, haphazard in some instances, and was less useful than paper handover sheets to ensure the quality of patient care outcomes. Despite valiant efforts by some participants, they were unable to control factors influencing the privacy of patient health information in public hospital settings. Future improvements to hospital-based organisational frameworks for e-health can only be made when there is an improved understanding of the Socio-Technical-Material theoretical framework and Natural Hospital Environment contexts. Aspects within control of clinicians and administrators can be addressed directly although some others are beyond their control. An understanding and acknowledgement of these issues will benefit the management and planning of improved and secure hospital settings. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

Hispanic mothers’ beliefs regarding HPV vaccine series completion in their adolescent daughters

PubMed Central

Roncancio, A. M.; Ward, K. K.; Carmack, C. C.; Mu�oz, B. T.; Cribbs, F. L.

2017-01-01

Abstract Rates of human papillomavirus (HPV) vaccine series completion among adolescent Hispanic females in Texas in 2014 (∼39%) lag behind the Healthy People 2020 goal (80%). This qualitative study identifies Hispanic mothers’ salient behavioral, normative and control beliefs regarding having their adolescent daughters complete the vaccine series. Thirty-two mothers of girls (aged 11–17) that had received at least one dose of the HPV vaccine, completed in-depth interviews. Six girls had received one dose of the HPV vaccine, 10 girls had received two doses, and 16 girls had received all three doses. The questions elicited salient: (i) experiential and instrumental attitudes (behavioral beliefs); (ii) supporters and non-supporters (normative beliefs) and (iii) facilitators and barriers (control beliefs). Directed content analysis was employed to select the most salient beliefs. Mothers: (i) expressed salient positive feelings (e.g. good, secure, happy and satisfied); (ii) believed that completing the series resulted in positive effects (e.g. protection, prevention); (iii) believed that the main supporters were themselves, their daughter’s father and doctor with some of their friends not supporting series completion and (iv) believed that vaccine affordability, information, transportation, ease of scheduling and keeping vaccination appointments and taking their daughter’s immunization card to appointments were facilitators. This study represents the first step in building theory-based framework of vaccine series completion for this population. The beliefs identified provide guidance for health care providers and intervention developers. PMID:28088755

Complex problems require complex solutions: the utility of social quality theory for addressing the Social Determinants of Health.

PubMed

Ward, Paul R; Meyer, Samantha B; Verity, Fiona; Gill, Tiffany K; Luong, Tini C N

2011-08-05

In order to improve the health of the most vulnerable groups in society, the WHO Commission on Social Determinants of Health (CSDH) called for multi-sectoral action, which requires research and policy on the multiple and inter-linking factors shaping health outcomes. Most conceptual tools available to researchers tend to focus on singular and specific social determinants of health (SDH) (e.g. social capital, empowerment, social inclusion). However, a new and innovative conceptual framework, known as social quality theory, facilitates a more complex and complete understanding of the SDH, with its focus on four domains: social cohesion, social inclusion, social empowerment and socioeconomic security, all within the same conceptual framework. This paper provides both an overview of social quality theory in addition to findings from a national survey of social quality in Australia, as a means of demonstrating the operationalisation of the theory. Data were collected using a national random postal survey of 1044 respondents in September, 2009. Multivariate logistic regression analysis was conducted. Statistical analysis revealed that people on lower incomes (less than $45000) experience worse social quality across all of the four domains: lower socio-economic security, lower levels of membership of organisations (lower social cohesion), higher levels of discrimination and less political action (lower social inclusion) and lower social empowerment. The findings were mixed in terms of age, with people over 65 years experiencing lower socio-economic security, but having higher levels of social cohesion, experiencing lower levels of discrimination (higher social inclusion) and engaging in more political action (higher social empowerment). In terms of gender, women had higher social cohesion than men, although also experienced more discrimination (lower social inclusion). Applying social quality theory allows researchers and policy makers to measure and respond to the multiple sources of oppression and advantage experienced by certain population groups, and to monitor the effectiveness of interventions over time.

Complex problems require complex solutions: the utility of social quality theory for addressing the Social Determinants of Health

PubMed Central

2011-01-01

Background In order to improve the health of the most vulnerable groups in society, the WHO Commission on Social Determinants of Health (CSDH) called for multi-sectoral action, which requires research and policy on the multiple and inter-linking factors shaping health outcomes. Most conceptual tools available to researchers tend to focus on singular and specific social determinants of health (SDH) (e.g. social capital, empowerment, social inclusion). However, a new and innovative conceptual framework, known as social quality theory, facilitates a more complex and complete understanding of the SDH, with its focus on four domains: social cohesion, social inclusion, social empowerment and socioeconomic security, all within the same conceptual framework. This paper provides both an overview of social quality theory in addition to findings from a national survey of social quality in Australia, as a means of demonstrating the operationalisation of the theory. Methods Data were collected using a national random postal survey of 1044 respondents in September, 2009. Multivariate logistic regression analysis was conducted. Results Statistical analysis revealed that people on lower incomes (less than $45000) experience worse social quality across all of the four domains: lower socio-economic security, lower levels of membership of organisations (lower social cohesion), higher levels of discrimination and less political action (lower social inclusion) and lower social empowerment. The findings were mixed in terms of age, with people over 65 years experiencing lower socio-economic security, but having higher levels of social cohesion, experiencing lower levels of discrimination (higher social inclusion) and engaging in more political action (higher social empowerment). In terms of gender, women had higher social cohesion than men, although also experienced more discrimination (lower social inclusion). Conclusions Applying social quality theory allows researchers and policy makers to measure and respond to the multiple sources of oppression and advantage experienced by certain population groups, and to monitor the effectiveness of interventions over time. PMID:21819576

Livelihoods, power, and food insecurity: adaptation of social capital portfolios in protracted crises--case study Burundi.

PubMed

Vervisch, Thomas G A; Vlassenroot, Koen; Braeckman, Johan

2013-04-01

The failure of food security and livelihood interventions to adapt to conflict settings remains a key challenge in humanitarian responses to protracted crises. This paper proposes a social capital analysis to address this policy gap, adding a political economy dimension on food security and conflict to the actor-based livelihood framework. A case study of three hillsides in north Burundi provides an ethnographic basis for this hypothesis. While relying on a theoretical framework in which different combinations of social capital (bonding, bridging, and linking) account for a diverse range of outcomes, the findings offer empirical insights into how social capital portfolios adapt to a protracted crisis. It is argued that these social capital adaptations have the effect of changing livelihood policies, institutions, and processes (PIPs), and clarify the impact of the distribution of power and powerlessness on food security issues. In addition, they represent a solid way of integrating political economy concerns into the livelihood framework. © 2013 The Author(s). Journal compilation © Overseas Development Institute, 2013.

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

49 CFR 1542.103 - Content.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Content. 1542.103 Section 1542.103 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Airport Security Program § 1542.103 Content. (a) Complete program. Except as...

49 CFR 1542.103 - Content.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 9 2012-10-01 2012-10-01 false Content. 1542.103 Section 1542.103 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Airport Security Program § 1542.103 Content. (a) Complete program. Except as...

49 CFR 1542.103 - Content.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 9 2013-10-01 2013-10-01 false Content. 1542.103 Section 1542.103 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Airport Security Program § 1542.103 Content. (a) Complete program. Except as...

49 CFR 1542.103 - Content.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Content. 1542.103 Section 1542.103 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Airport Security Program § 1542.103 Content. (a) Complete program. Except as...

49 CFR 1549.103 - Qualifications and training of individuals with security-related duties.

Code of Federal Regulations, 2010 CFR

2010-10-01

... with security-related duties. (a) Security threat assessments. Each certified cargo screening facility... certified cargo screening facility complete a security threat assessment or comparable security threat... acuity, physical coordination, and motor skills to the extent required to effectively operate cargo...

50 CFR 600.240 - Security assurances.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 50 Wildlife and Fisheries 12 2013-10-01 2013-10-01 false Security assurances. 600.240 Section 600... ADMINISTRATION, DEPARTMENT OF COMMERCE MAGNUSON-STEVENS ACT PROVISIONS Council Membership § 600.240 Security assurances. (a) DOC Office of Security will issue security assurances to Council members following completion...

50 CFR 600.240 - Security assurances.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 50 Wildlife and Fisheries 12 2012-10-01 2012-10-01 false Security assurances. 600.240 Section 600... ADMINISTRATION, DEPARTMENT OF COMMERCE MAGNUSON-STEVENS ACT PROVISIONS Council Membership § 600.240 Security assurances. (a) DOC Office of Security will issue security assurances to Council members following completion...

76 FR 56208 - Homeland Security Advisory Council, Correction

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-12

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0063] Homeland Security Advisory Council... Security Advisory Council in the Federal Register on September 6, 2011. The document contained an incorrect... completed before 3 p.m. Dated: September 7, 2011. Becca Sharp, Executive Director, Homeland Security...

50 CFR 600.240 - Security assurances.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 50 Wildlife and Fisheries 10 2011-10-01 2011-10-01 false Security assurances. 600.240 Section 600... ADMINISTRATION, DEPARTMENT OF COMMERCE MAGNUSON-STEVENS ACT PROVISIONS Council Membership § 600.240 Security assurances. (a) DOC Office of Security will issue security assurances to Council members following completion...

Securing support for eye health policy in low- and middle-income countries: identifying stakeholders through a multi-level analysis.

PubMed

Morone, Piergiuseppe; Camacho Cuena, Eva; Kocur, Ivo; Banatvala, Nicholas

2014-05-01

This article empirically evaluates advocacy in low- and middle-income countries as a key tool for raising policy priority and securing high-level decision maker support in eye health. We used a unique data set based on a survey conducted by World Health Organization in 2011 on eye care and prevention of blindness in 82 low- and middle-income countries. The theoretical framework derives from the idea that a plethora of stakeholders at local and global level pressure national governments, acting in economic and the political spheres. Previously, eye care has not been investigated in such a framework. We found structural differences across countries with different income levels and proposed policy recommendations to secure high-level decision makers' support for promoting eye health. Three case studies suggest that, in order to secure more support and resources for eye health, domestic and international stakeholders must strengthen their engagement with ministries of health at political and above all economic levels.

Context matters: the structure of task goals affects accuracy in multiple-target visual search.

PubMed

Clark, Kait; Cain, Matthew S; Adcock, R Alison; Mitroff, Stephen R

2014-05-01

Career visual searchers such as radiologists and airport security screeners strive to conduct accurate visual searches, but despite extensive training, errors still occur. A key difference between searches in radiology and airport security is the structure of the search task: Radiologists typically scan a certain number of medical images (fixed objective), and airport security screeners typically search X-rays for a specified time period (fixed duration). Might these structural differences affect accuracy? We compared performance on a search task administered either under constraints that approximated radiology or airport security. Some displays contained more than one target because the presence of multiple targets is an established source of errors for career searchers, and accuracy for additional targets tends to be especially sensitive to contextual conditions. Results indicate that participants searching within the fixed objective framework produced more multiple-target search errors; thus, adopting a fixed duration framework could improve accuracy for career searchers. Copyright © 2013 Elsevier Ltd and The Ergonomics Society. All rights reserved.

[Investigating work, age, health and work participation in the ageing work force in Germany].

PubMed

Ebener, M; Hasselhorn, H M

2015-04-01

Working life in Germany is changing. The work force is ageing and the number of people available to the labour market will - from now on - shrink considerably. Prospectively, people will have to work longer; but still today, most people leave employment long before reaching official retirement age. What are the reasons for this? In this report, a conceptual framework and the German lidA Cohort Study are presented. The "lidA conceptual framework on work, age, health and work participation" visualises determinants of employment (11 "domains") in higher working age, e. g., "work", "health", "social status" and "life style". The framework reveals 4 key characteristics of withdrawal from work: leaving working life is the result of an interplay of different domains (complexity); (early) retirement is a process with in part early determinants in the life course (processual character); retirement has a strong individual component (individuality); retirement is embedded in a strong structural frame (structure). On the basis of this framework, the "lidA Cohort Study on work, age, health and work participation" (www.lida-studie.de) investigates long-term effects of work on health and work participation in the ageing work force in Germany. It is the only large study in Germany operationalising the concept of employability in a broad interdisciplinary approach. Employees subject to social security and born in 1959 or in 1965 will be interviewed (CAPI) every 3 years (N[wave 1]=6 585, N[wave 2]=4 244) and their data will be linked (where consented) with social security data covering employment history and with health insurance data. The study design ("Schaie's most efficient design") allows for a tri-factor model that isolates the impact of age, cohort and time. In 2014, the second wave was completed. In the coming years lidA will analyse the association of work, health and work participation, and identify age as well as generation differences. lidA will investigate the complexity of work participation and assess the benefit of broader conceptual and methodological research approaches in the field. © Georg Thieme Verlag KG Stuttgart · New York.

On the pursuit of a nuclear development capability: The case of the Cuban nuclear program

NASA Astrophysics Data System (ADS)

Benjamin-Alvarado, Jonathan Calvert

1998-09-01

While there have been many excellent descriptive accounts of modernization schemes in developing states, energy development studies based on prevalent modernization theory have been rare. Moreover, heretofore there have been very few analyses of efforts to develop a nuclear energy capability by developing states. Rarely have these analyses employed social science research methodologies. The purpose of this study was to develop a general analytical framework, based on such a methodology to analyze nuclear energy development and to utilize this framework for the study of the specific case of Cuba's decision to develop nuclear energy. The analytical framework developed focuses on a qualitative tracing of the process of Cuban policy objectives and implementation to develop a nuclear energy capability, and analyzes the policy in response to three models of modernization offered to explain the trajectory of policy development. These different approaches are the politically motivated modernization model, the economic and technological modernization model and the economic and energy security model. Each model provides distinct and functionally differentiated expectations for the path of development toward this objective. Each model provides expected behaviors to external stimuli that would result in specific policy responses. In the study, Cuba's nuclear policy responses to stimuli from domestic constraints and intensities, institutional development, and external influences are analyzed. The analysis revealed that in pursuing the nuclear energy capability, Cuba primarily responded by filtering most of the stimuli through the twin objectives of economic rationality and technological advancement. Based upon the Cuban policy responses to the domestic and international stimuli, the study concluded that the economic and technological modernization model of nuclear energy development offered a more complete explanation of the trajectory of policy development than either the politically-motivated or economic and energy security models. The findings of this case pose some interesting questions for the general study of energy programs in developing states. By applying the analytical framework employed in this study to a number of other cases, perhaps the understanding of energy development schemes may be expanded through future research.

Climate change and nutrition: creating a climate for nutrition security.

PubMed

Tirado, M C; Crahay, P; Mahy, L; Zanev, C; Neira, M; Msangi, S; Brown, R; Scaramella, C; Costa Coitinho, D; Müller, A

2013-12-01

Climate change further exacerbates the enormous existing burden of undernutrition. It affects food and nutrition security and undermines current efforts to reduce hunger and promote nutrition. Undernutrition in turn undermines climate resilience and the coping strategies of vulnerable populations. The objectives of this paper are to identify and undertake a cross-sectoral analysis of the impacts of climate change on nutrition security and the existing mechanisms, strategies, and policies to address them. A cross-sectoral analysis of the impacts of climate change on nutrition security and the mechanisms and policies to address them was guided by an analytical framework focused on the three 'underlying causes' of undernutrition: 1) household food access, 2) maternal and child care and feeding practices, 3) environmental health and health access. The analytical framework includes the interactions of the three underlying causes of undernutrition with climate change,vulnerability, adaptation and mitigation. Within broad efforts on climate change mitigation and adaptation and climate-resilient development, a combination of nutrition-sensitive adaptation and mitigation measures, climate-resilient and nutrition-sensitive agricultural development, social protection, improved maternal and child care and health, nutrition-sensitive risk reduction and management, community development measures, nutrition-smart investments, increased policy coherence, and institutional and cross-sectoral collaboration are proposed as a means to address the impacts of climate change to food and nutrition security. This paper proposes policy directions to address nutrition in the climate change agenda and recommendations for consideration by the UN Framework Convention on Climate Change (UNFCCC). Nutrition and health stakeholders need to be engaged in key climate change adaptation and mitigation initiatives, including science-based assessment by the Intergovernmental Panel on Climate Change (IPCC), and policies and actions formulated by the UN Framework Convention on Climate Change (UNFCCC). Improved multi-sectoral coordination and political will is required to integrate nutrition-sensitive actions into climate-resilient sustainable development efforts in the UNFCCC work and in the post 2015 development agenda. Placing human rights at the center of strategies to mitigate and adapt to the impacts of climate change and international solidarity is essential to advance sustainable development and to create a climate for nutrition security.

SOCR: Statistics Online Computational Resource

PubMed Central

Dinov, Ivo D.

2011-01-01

The need for hands-on computer laboratory experience in undergraduate and graduate statistics education has been firmly established in the past decade. As a result a number of attempts have been undertaken to develop novel approaches for problem-driven statistical thinking, data analysis and result interpretation. In this paper we describe an integrated educational web-based framework for: interactive distribution modeling, virtual online probability experimentation, statistical data analysis, visualization and integration. Following years of experience in statistical teaching at all college levels using established licensed statistical software packages, like STATA, S-PLUS, R, SPSS, SAS, Systat, etc., we have attempted to engineer a new statistics education environment, the Statistics Online Computational Resource (SOCR). This resource performs many of the standard types of statistical analysis, much like other classical tools. In addition, it is designed in a plug-in object-oriented architecture and is completely platform independent, web-based, interactive, extensible and secure. Over the past 4 years we have tested, fine-tuned and reanalyzed the SOCR framework in many of our undergraduate and graduate probability and statistics courses and have evidence that SOCR resources build student’s intuition and enhance their learning. PMID:21451741

Camera Control and Geo-Registration for Video Sensor Networks

NASA Astrophysics Data System (ADS)

Davis, James W.

With the use of large video networks, there is a need to coordinate and interpret the video imagery for decision support systems with the goal of reducing the cognitive and perceptual overload of human operators. We present computer vision strategies that enable efficient control and management of cameras to effectively monitor wide-coverage areas, and examine the framework within an actual multi-camera outdoor urban video surveillance network. First, we construct a robust and precise camera control model for commercial pan-tilt-zoom (PTZ) video cameras. In addition to providing a complete functional control mapping for PTZ repositioning, the model can be used to generate wide-view spherical panoramic viewspaces for the cameras. Using the individual camera control models, we next individually map the spherical panoramic viewspace of each camera to a large aerial orthophotograph of the scene. The result provides a unified geo-referenced map representation to permit automatic (and manual) video control and exploitation of cameras in a coordinated manner. The combined framework provides new capabilities for video sensor networks that are of significance and benefit to the broad surveillance/security community.

6 CFR 27.210 - Submissions schedule.

Code of Federal Regulations, 2010 CFR

2010-01-01

... in any subsequent Federal Register notice. (2) Security Vulnerability Assessment. Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90... Department's approval of the facility's Site Security Plan. (2) Security Vulnerability Assessment. Unless...

Decision Aids Using Heterogeneous Intelligence Analysis

DTIC Science & Technology

2010-08-20

developing a Geocultural service, a software framework and inferencing engine for the Transparent Urban Structures program. The scope of the effort...has evolved as the program has matured and is including multiple data sources, as well as interfaces out to the ONR architectural framework . Tasks...Interface; Application Program Interface; Application Programmer Interface CAF Common Application Framework EDA Event Driven Architecture a 16. SECURITY

Sensitivity Analysis in RIPless Compressed Sensing

DTIC Science & Technology

2014-10-01

SECURITY CLASSIFICATION OF: The compressive sensing framework finds a wide range of applications in signal processing and analysis. Within this...Analysis of Compressive Sensing Solutions Report Title The compressive sensing framework finds a wide range of applications in signal processing and...compressed sensing. More specifically, we show that in a noiseless and RIP-less setting [11], the recovery process of a compressed sensing framework is

Economic performance of water storage capacity expansion for food security

NASA Astrophysics Data System (ADS)

Gohar, Abdelaziz A.; Ward, Frank A.; Amer, Saud A.

2013-03-01

SummaryContinued climate variability, population growth, and rising food prices present ongoing challenges for achieving food and water security in poor countries that lack adequate water infrastructure. Undeveloped storage infrastructure presents a special challenge in northern Afghanistan, where food security is undermined by highly variable water supplies, inefficient water allocation rules, and a damaged irrigation system due three decades of war and conflict. Little peer-reviewed research to date has analyzed the economic benefits of water storage capacity expansions as a mechanism to sustain food security over long periods of variable climate and growing food demands needed to feed growing populations. This paper develops and applies an integrated water resources management framework that analyzes impacts of storage capacity expansions for sustaining farm income and food security in the face of highly fluctuating water supplies. Findings illustrate that in Afghanistan's Balkh Basin, total farm income and food security from crop irrigation increase, but at a declining rate as water storage capacity increases from zero to an amount equal to six times the basin's long term water supply. Total farm income increases by 21%, 41%, and 42% for small, medium, and large reservoir capacity, respectively, compared to the existing irrigation system unassisted by reservoir storage capacity. Results provide a framework to target water infrastructure investments that improve food security for river basins in the world's dry regions with low existing storage capacity that face ongoing climate variability and increased demands for food security for growing populations.

Nuclear security policy in the context of counter-terrorism in Cambodia

DOE Office of Scientific and Technical Information (OSTI.GOV)

Khun, Vuthy, E-mail: vuthy.khun@gmail.com; Wongsawaeng, Doonyapong

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the contextmore » of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia.« less

Army Global Basing Posture: An Analytic Framework for Maximizing Responsiveness and Effectiveness

DTIC Science & Technology

2015-01-01

potential changes in the national security environment and to evaluate U.S. Army stationing, prepositioning, security cooperation activities, and...report should be of interest to those concerned with U.S. global posture and national security strategy, especially as it pertains to U.S. land power...40   A.1. United Nations Support Index for Plenary Votes, by State ................................................ 64   A.2. United Nations

A Dynamic Security Framework for Ambient Intelligent Systems: A Smart-Home Based eHealth Application

NASA Astrophysics Data System (ADS)

Compagna, Luca; El Khoury, Paul; Massacci, Fabio; Saidane, Ayda

Providing context-dependent security services is an important challenge for ambient intelligent systems. The complexity and the unbounded nature of such systems make it difficult even for the most experienced and knowledgeable security engineers, to foresee all possible situations and interactions when developing the system. In order to solve this problem context based self- diagnosis and reconfiguration at runtime should be provided.

Genesis: A Framework for Achieving Software Component Diversity

DTIC Science & Technology

2007-01-01

correctly—the initial filters develop to fix the Hotmail vulnerability could be circumvented by using alternate character encodings4. Hence, we focus on...Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo, (March 2004); http://www.greymagic.com/security/advisories/gm005-mc/. 4...EyeonSecurity, Microsoft Passport Account Hijack Attack: Hacking Hotmail and More, Hacker’s Digest. 5. Y.-W. Huang et al., Web Application Security Assessment by

Whither the Medvedev Initiative on European Security? (Transatlantic Current, no. 3)

DTIC Science & Technology

2011-12-01

Alliance prepares for its May 2012 summit in Chicago, NATO and Russia have yet to develop a mutually agreeable framework for European security that...their relationship. The challenge of develop- ing a mutually agreeable vision for European security will require some creative thinking, and the...dealing with rules and decisionmaking procedures. With regard to the balance between soft and hard secu- developing a mutually agreeable vision for

Towards a Cross-Domain MapReduce Framework

DTIC Science & Technology

2013-11-01

These Big Data applications typically run as a set of MapReduce jobs to take advantage of Hadoop’s ease of service deployment and large-scale...parallelism. Yet, Hadoop has not been adapted for multilevel secure (MLS) environments where data of different security classifications co-exist. To solve...multilevel security. I. INTRODUCTION The US Department of Defense (DoD) and US Intelligence Community (IC) recognize they have a Big Data problem

The Regulatory Framework for Privacy and Security

NASA Astrophysics Data System (ADS)

Hiller, Janine S.

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

Insider Alert 1.0 Beta Version

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Robert

2004-02-01

Insider Alert 1.0 Beta Version supports interactive selection and graphical display of data generated by the Sandia Cognitive Framework, which simulates the examination of security data by experts of various specialties. Insider Alert also encompasses the configuration and data files input to the Cognitive Framework for this application. Insider Alert 1.0 Beta Version is a computer program for analyzing data indicative of possible espionage or improper handling of data by employees at Sandia National Laboratories (or other facilities with comparable policies and procedures for managing sensitive information) It prioritizes and displays information for review by security analysts.

78 FR 36797 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-19

...\\ sets out a framework for the registration and regulation of national securities exchanges. Under the... regarding how the futures market operates, its rules and procedures, corporate governance, its criteria for membership, its subsidiaries and affiliates, and the security futures products it intends to trade. Rule 6a-4...

78 FR 54454 - Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-04

... include the following items: --Cybersecurity Executive Order 13636, Improving Critical Infrastructure Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity Framework; Request for Information (RFI)--Developing a Framework to Improve Critical Infrastructure Cybersecurity (78 FR 13024...

Performance analysis of model based iterative reconstruction with dictionary learning in transportation security CT

NASA Astrophysics Data System (ADS)

Haneda, Eri; Luo, Jiajia; Can, Ali; Ramani, Sathish; Fu, Lin; De Man, Bruno

2016-05-01

In this study, we implement and compare model based iterative reconstruction (MBIR) with dictionary learning (DL) over MBIR with pairwise pixel-difference regularization, in the context of transportation security. DL is a technique of sparse signal representation using an over complete dictionary which has provided promising results in image processing applications including denoising,1 as well as medical CT reconstruction.2 It has been previously reported that DL produces promising results in terms of noise reduction and preservation of structural details, especially for low dose and few-view CT acquisitions.2 A distinguishing feature of transportation security CT is that scanned baggage may contain items with a wide range of material densities. While medical CT typically scans soft tissues, blood with and without contrast agents, and bones, luggage typically contains more high density materials (i.e. metals and glass), which can produce severe distortions such as metal streaking artifacts. Important factors of security CT are the emphasis on image quality such as resolution, contrast, noise level, and CT number accuracy for target detection. While MBIR has shown exemplary performance in the trade-off of noise reduction and resolution preservation, we demonstrate that DL may further improve this trade-off. In this study, we used the KSVD-based DL3 combined with the MBIR cost-minimization framework and compared results to Filtered Back Projection (FBP) and MBIR with pairwise pixel-difference regularization. We performed a parameter analysis to show the image quality impact of each parameter. We also investigated few-view CT acquisitions where DL can show an additional advantage relative to pairwise pixel difference regularization.

49 CFR 1540.209 - Fees for security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Fees for security threat assessment. 1540.209...: GENERAL RULES Security Threat Assessments § 1540.209 Fees for security threat assessment. This section describes the payment process for completion of the security threat assessments required under subpart. (a...

Can a theoretical framework help to embed alcohol screening and brief interventions in an endoscopy day-unit?

PubMed

O'Neill, G; Masson, S; Bewick, L; Doyle, J; McGovern, R; Stoker, E; Wright, H; Newbury-Birch, D

2016-01-01

The National Institute for Health Care and Excellence recommend that alcohol screening and brief intervention (ASBI) should be routinely implemented in secondary care. This study used theoretical frameworks to understand how health professionals can be supported to adapt their behaviour and clinical practice. Staff training and support was conducted using theoretical frameworks. A 12-week study, delivering ASBI was carried out as part of routine practice in an endoscopy day-unit. Anonymised patient data were collected using the Alcohol Use Disorders Identification Tool (AUDIT) and whether patients received a brief intervention. Staff completed the Shortened Alcohol and Alcohol Problems Perceptions Questionnaire at three time points and took part in a focus group both pre and post study. For staff, levels or role adequacy, role legitimacy, motivation to discuss alcohol, security in their role, job satisfaction and commitment to working with patients who drink increased during the time of the study. 1598 individual patients were seen in the department in the timeframe. Of these, 1180 patients were approached (74%); 18% (n=207) of patients were AUDIT positive. This study has shown that it is possible to reach a high number of patients in a busy hospital out-patient department and deliver ASBI by working with staff using theoretical frameworks for training. Embedding evidence-based public health interventions into routine clinical environments is complex. The social system in which professionals operate requires consideration alongside individual professionals' real and perceived barriers and facilitators to change.

Remotely Monitored Sealing Array Software

DOE Office of Scientific and Technical Information (OSTI.GOV)

2012-09-12

The Remotely Monitored Sealing Array (RMSA) utilizes the Secure Sensor Platform (SSP) framework to establish the fundamental operating capabilities for communication, security, power management, and cryptography. In addition to the SSP framework the RMSA software has unique capabilities to support monitoring a fiber optic seal. Fiber monitoring includes open and closed as well as parametric monitoring to detect tampering attacks. The fiber monitoring techniques, using the SSP power management processes, allow the seals to last for years while maintaining the security requirements of the monitoring application. The seal is enclosed in a tamper resistant housing with software to support activemore » tamper monitoring. New features include LED notification of fiber closure, the ability to retrieve the entire fiber optic history via translator command, separate memory storage for fiber optic events, and a more robust method for tracking and resending failed messages.« less

Security and Dependability Solutions for Web Services and Workflows

NASA Astrophysics Data System (ADS)

Kokolakis, Spyros; Rizomiliotis, Panagiotis; Benameur, Azzedine; Sinha, Smriti Kumar

In this chapter we present an innovative approach towards the design and application of Security and Dependability (S&D) solutions for Web services and service-based workflows. Recently, several standards have been published that prescribe S&D solutions for Web services, e.g. OASIS WS-Security. However,the application of these solutions in specific contexts has been proven problematic. We propose a new framework for the application of such solutions based on the SERENITY S&D Pattern concept. An S&D Pattern comprises all the necessary information for the implementation, verification, deployment, and active monitoring of an S&D Solution. Thus, system developers may rely on proven solutions that are dynamically deployed and monitored by the Serenity Runtime Framework. Finally, we further extend this approach to cover the case of executable workflows which are realised through the orchestration of Web services.

An integrated water-energy-food-livelihoods approach for assessing environmental livelihood security

NASA Astrophysics Data System (ADS)

Biggs, E. M.; Duncan, J.; Boruff, B.; Bruce, E.; Neef, A.; McNeill, K.; van Ogtrop, F. F.; Haworth, B.; Duce, S.; Horsley, J.; Pauli, N.; Curnow, J.; Imanari, Y.

2015-12-01

Environmental livelihood security refers to the challenges of maintaining global food security and universal access to freshwater and energy to sustain livelihoods and promote inclusive economic growth, whilst sustaining key environmental systems' functionality, particularly under variable climatic regimes. Environmental security is a concept complementary to sustainable development, and considers the increased vulnerability people have to certain environmental stresses, such as climatic change. Bridging links between the core component concepts of environmental security is integral to future human security, and in an attempt to create this bridge, the nexus approach to human protection has been created, where water resource availability underpins food, water and energy security. The water-energy-food nexus has an influential role in attaining human security, yet little research has made the link between the nexus and livelihoods. In this research we provide a critical appraisal of the synergies between water-energy-food nexus framings and sustainable livelihoods approaches, both of which aim to promote sustainable development. In regions where livelihoods are dependent on environmental conditions, the concept of sustainable development is critical for ensuring future environmental and human security. Given our appraisal we go on to develop an integrated framework for assessing environmental livelihood security of multiscale and multi-level systems. This framework provides a tangible approach for assessing changes in the water-energy-food-livelihood indicators of a system. Examples of where system applications may occur are discussed for the Southeast Asia and Oceania region. Our approach will be particularly useful for policy-makers to inform evidence-based decision-making, especially in localities where climate change increases the vulnerability of impoverished communities and extenuates environmental livelihood insecurity.

Final Report for Bio-Inspired Approaches to Moving-Target Defense Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Oehmen, Christopher S.

This report records the work and contributions of the NITRD-funded Bio-Inspired Approaches to Moving-Target Defense Strategies project performed by Pacific Northwest National Laboratory under the technical guidance of the National Security Agency’s R6 division. The project has incorporated a number of bio-inspired cyber defensive technologies within an elastic framework provided by the Digital Ants. This project has created the first scalable, real-world prototype of the Digital Ants Framework (DAF)[11] and integrated five technologies into this flexible, decentralized framework: (1) Ant-Based Cyber Defense (ABCD), (2) Behavioral Indicators, (3) Bioinformatic Clas- sification, (4) Moving-Target Reconfiguration, and (5) Ambient Collaboration. The DAF canmore » be used operationally to decentralize many such data intensive applications that normally rely on collection of large amounts of data in a central repository. In this work, we have shown how these component applications may be decentralized and may perform analysis at the edge. Operationally, this will enable analytics to scale far beyond current limitations while not suffering from the bandwidth or computational limitations of centralized analysis. This effort has advanced the R6 Cyber Security research program to secure digital infrastructures by developing a dynamic means to adaptively defend complex cyber systems. We hope that this work will benefit both our client’s efforts in system behavior modeling and cyber security to the overall benefit of the nation.« less

Secure environment for real-time tele-collaboration on virtual simulation of radiation treatment planning.

PubMed

Ntasis, Efthymios; Maniatis, Theofanis A; Nikita, Konstantina S

2003-01-01

A secure framework is described for real-time tele-collaboration on Virtual Simulation procedure of Radiation Treatment Planning. An integrated approach is followed clustering the security issues faced by the system into organizational issues, security issues over the LAN and security issues over the LAN-to-LAN connection. The design and the implementation of the security services are performed according to the identified security requirements, along with the need for real time communication between the collaborating health care professionals. A detailed description of the implementation is given, presenting a solution, which can directly be tailored to other tele-collaboration services in the field of health care. The pilot study of the proposed security components proves the feasibility of the secure environment, and the consistency with the high performance demands of the application.

32 CFR 253.6 - Procedures.

Code of Federal Regulations, 2010 CFR

2010-07-01

... continuation of assignment is not clearly consistent with the national interest. (d) Completed security forms (DD Form 398, Personnel Security Questionnaire (BI/SBI), or 398-2, Personnel Security Questionnaire (National Agency Check)) shall be forwarded to the Defense Industrial Security Clearance Office (DISCO...

Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

EPA Pesticide Factsheets

Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

A Unified Approach to Intra-Domain Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Shue, Craig A; Kalafut, Andrew J.; Gupta, Prof. Minaxi

2009-01-01

While a variety of mechanisms have been developed for securing individual intra-domain protocols, none address the issue in a holistic manner. We develop a unified framework to secure prominent networking protocols within a single domain. We begin with a secure version of the DHCP protocol, which has the additional feature of providing each host with a certificate. We then leverage these certificates to secure ARP, prevent spoofing within the domain, and secure SSH and VPN connections between the domain and hosts which have previously interacted with it locally. In doing so, we also develop an incrementally deployable public key infrastructuremore » which can later be leveraged to support inter-domain authentication.« less

78 FR 25254 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-30

... include the following items: --Cybersecurity Executive Order 13636, Improving Critical Infrastructure Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity Framework; Request for Information (RFI)--Developing a Framework to Improve Critical Infrastructure Cybersecurity (78 FR 13024...

Security for Telecommuting and Broadband Communications: Recommendations of the National Institute of Standards and Technology

NASA Astrophysics Data System (ADS)

Kuhn, D. R.; Tracy, Miles C.; Frankel, Sheila E.

2002-08-01

This document is intended to assist those responsible - users, system administrators, and management - for telecommuting security, by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. It addresses concepts relating to the selection, deployment, and management of broadband communications for a telecommuting user. This document is not intended to provide a mandatory framework for telecommuting or home office broadband communication environments, but rather to present suggested approaches to the topic.

Secure Multiparty AES

NASA Astrophysics Data System (ADS)

Damgård, Ivan; Keller, Marcel

We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

A framework for secure and decentralized sharing of medical imaging data via blockchain consensus.

PubMed

Patel, Vishal

2018-04-01

The electronic sharing of medical imaging data is an important element of modern healthcare systems, but current infrastructure for cross-site image transfer depends on trust in third-party intermediaries. In this work, we examine the blockchain concept, which enables parties to establish consensus without relying on a central authority. We develop a framework for cross-domain image sharing that uses a blockchain as a distributed data store to establish a ledger of radiological studies and patient-defined access permissions. The blockchain framework is shown to eliminate third-party access to protected health information, satisfy many criteria of an interoperable health system, and readily generalize to domains beyond medical imaging. Relative drawbacks of the framework include the complexity of the privacy and security models and an unclear regulatory environment. Ultimately, the large-scale feasibility of such an approach remains to be demonstrated and will depend on a number of factors which we discuss in detail.

Policy reconciliation for access control in dynamic cross-enterprise collaborations

NASA Astrophysics Data System (ADS)

Preuveneers, D.; Joosen, W.; Ilie-Zudor, E.

2018-03-01

In dynamic cross-enterprise collaborations, different enterprises form a - possibly temporary - business relationship. To integrate their business processes, enterprises may need to grant each other limited access to their information systems. Authentication and authorization are key to secure information handling. However, access control policies often rely on non-standardized attributes to describe the roles and permissions of their employees which convolutes cross-organizational authorization when business relationships evolve quickly. Our framework addresses the managerial overhead of continuous updates to access control policies for enterprise information systems to accommodate disparate attribute usage. By inferring attribute relationships, our framework facilitates attribute and policy reconciliation, and automatically aligns dynamic entitlements during the evaluation of authorization decisions. We validate our framework with a Industry 4.0 motivating scenario on networked production where such dynamic cross-enterprise collaborations are quintessential. The evaluation reveals the capabilities and performance of our framework, and illustrates the feasibility of liberating the security administrator from manually provisioning and aligning attributes, and verifying the consistency of access control policies for cross-enterprise collaborations.

Waste biomass toward hydrogen fuel supply chain management for electricity: Malaysia perspective

NASA Astrophysics Data System (ADS)

Zakaria, Izatul Husna; Ibrahim, Jafni Azhan; Othman, Abdul Aziz

2016-08-01

Green energy is becoming an important aspect of every country in the world toward energy security by reducing dependence on fossil fuel import and enhancing better life quality by living in the healthy environment. This conceptual paper is an approach toward determining physical flow's characteristic of waste wood biomass in high scale plantation toward producing gas fuel for electricity using gasification technique. The scope of this study is supply chain management of syngas fuel from wood waste biomass using direct gasification conversion technology. Literature review on energy security, Malaysia's energy mix, Biomass SCM and technology. This paper uses the theoretical framework of a model of transportation (Lumsden, 2006) and the function of the terminal (Hulten, 1997) for research purpose. To incorporate biomass unique properties, Biomass Element Life Cycle Analysis (BELCA) which is a novel technique develop to understand the behaviour of biomass supply. Theoretical framework used to answer the research questions are Supply Chain Operations Reference (SCOR) framework and Sustainable strategy development in supply chain management framework

Three-step semiquantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Zou, XiangFu; Qiu, DaoWen

2014-09-01

Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first. In the existing schemes, quantum secure direct communication is possible only when both parties are quantum. In this paper, we construct a three-step semiquantum secure direct communication (SQSDC) protocol based on single photon sources in which the sender Alice is classical. In a semiquantum protocol, a person is termed classical if he (she) can measure, prepare and send quantum states only with the fixed orthogonal quantum basis {|0>, |1>}. The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption. Therefore, the proposed SQSDC protocol is also completely robust. Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol. In the proposed protocol, we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed. Moreover, the proposed SQSDC protocol can be implemented with the existing techniques. Compared with many quantum secure direct communication protocols, the proposed SQSDC protocol has two merits: firstly the sender only needs classical capabilities; secondly to check Eves disturbing after the transmission of quantum states, no additional classical information is needed.

Trading-off fish biodiversity, food security, and hydropower in the Mekong River Basin

PubMed Central

Ziv, Guy; Baran, Eric; Nam, So; Rodríguez-Iturbe, Ignacio; Levin, Simon A.

2012-01-01

The Mekong River Basin, site of the biggest inland fishery in the world, is undergoing massive hydropower development. Planned dams will block critical fish migration routes between the river's downstream floodplains and upstream tributaries. Here we estimate fish biomass and biodiversity losses in numerous damming scenarios using a simple ecological model of fish migration. Our framework allows detailing trade-offs between dam locations, power production, and impacts on fish resources. We find that the completion of 78 dams on tributaries, which have not previously been subject to strategic analysis, would have catastrophic impacts on fish productivity and biodiversity. Our results argue for reassessment of several dams planned, and call for a new regional agreement on tributary development of the Mekong River Basin. PMID:22393001

Complete Insecurity of Quantum Protocols for Classical Two-Party Computation

NASA Astrophysics Data System (ADS)

Buhrman, Harry; Christandl, Matthias; Schaffner, Christian

2012-10-01

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other’s input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.

Complete insecurity of quantum protocols for classical two-party computation.

PubMed

Buhrman, Harry; Christandl, Matthias; Schaffner, Christian

2012-10-19

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other's input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.

The Defense Science Board Task Force on Tactical Battlefield Communications

DTIC Science & Technology

1999-12-01

impact of the system is clearly under appreciated. It could be the foundation for a common- user , QoS, Internet and could integrate legacy systems...into a common- user framework as is occurring in the private sector. Unfortunately, the networking aspects of the system are being lost; the focus...system-centric framework to a common- user , internetwork framework . Recommendation V—Information Security

Military Cooperation Frameworks: Effective Models to Address Transnational Security Challenges of the Asia-Pacific Region

DTIC Science & Technology

2011-05-04

evolving security challenges. Issues such as terrorism, proliferation of weapons of mass destruction, impacts of climate change , and the ever...impacts of climate change , and the ever-growing competition for valuable natural resources are a few of the these challenges. As an integral part...destruction, impacts of climate change , and the ever-growing competition for valuable natural resources have resulted in a new set of security

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 193.2709 - Security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 3 2010-10-01 2010-10-01 false Security. 193.2709 Section 193.2709 Transportation...: FEDERAL SAFETY STANDARDS Personnel Qualifications and Training § 193.2709 Security. Personnel having security duties must be qualified to perform their assigned duties by successful completion of the training...

49 CFR 193.2709 - Security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 3 2011-10-01 2011-10-01 false Security. 193.2709 Section 193.2709 Transportation...: FEDERAL SAFETY STANDARDS Personnel Qualifications and Training § 193.2709 Security. Personnel having security duties must be qualified to perform their assigned duties by successful completion of the training...

49 CFR 193.2709 - Security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 3 2014-10-01 2014-10-01 false Security. 193.2709 Section 193.2709 Transportation...: FEDERAL SAFETY STANDARDS Personnel Qualifications and Training § 193.2709 Security. Personnel having security duties must be qualified to perform their assigned duties by successful completion of the training...

49 CFR 193.2709 - Security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 3 2012-10-01 2012-10-01 false Security. 193.2709 Section 193.2709 Transportation...: FEDERAL SAFETY STANDARDS Personnel Qualifications and Training § 193.2709 Security. Personnel having security duties must be qualified to perform their assigned duties by successful completion of the training...

49 CFR 193.2709 - Security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 3 2013-10-01 2013-10-01 false Security. 193.2709 Section 193.2709 Transportation...: FEDERAL SAFETY STANDARDS Personnel Qualifications and Training § 193.2709 Security. Personnel having security duties must be qualified to perform their assigned duties by successful completion of the training...

49 CFR 1548.7 - Approval, amendment, annual renewal, and withdrawal of approval of the security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... requested by TSA concerning Security Threat Assessments. (ix) A statement acknowledging and ensuring that each employee and agent will successfully complete a Security Threat Assessment under § 1548.15 before... training and Security Threat Assessments by relevant personnel. (4) Duration of security program. The...

Reframing the Food-Biodiversity Challenge.

PubMed

Fischer, Joern; Abson, David J; Bergsten, Arvid; French Collier, Neil; Dorresteijn, Ine; Hanspach, Jan; Hylander, Kristoffer; Schultner, Jannik; Senbeta, Feyera

2017-05-01

Given the serious limitations of production-oriented frameworks, we offer here a new conceptual framework for how to analyze the nexus of food security and biodiversity conservation. We introduce four archetypes of social-ecological system states corresponding to win-win (e.g., agroecology), win-lose (e.g., intensive agriculture), lose-win (e.g., fortress conservation), and lose-lose (e.g., degraded landscapes) outcomes for food security and biodiversity conservation. Each archetype is shaped by characteristic external drivers, exhibits characteristic internal social-ecological features, and has characteristic feedbacks that maintain it. This framework shifts the emphasis from focusing on production only to considering social-ecological dynamics, and enables comparison among landscapes. Moreover, examining drivers and feedbacks facilitates the analysis of possible transitions between system states (e.g., from a lose-lose outcome to a more preferred outcome). Copyright © 2017 Elsevier Ltd. All rights reserved.

Nuclear and radiological Security: Introduction.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miller, James Christopher

Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of themore » various entities involved in nuclear security.« less

Building a Successful Security Infrastructure: What You Want vs. What You Need vs. What You Can Afford

NASA Technical Reports Server (NTRS)

Crabb, Michele D.; Woodrow, Thomas S. (Technical Monitor)

1995-01-01

With the fast growing popularity of the Internet, many organizations are racing to get onto the on-ramp to the Information Superhighway. However, with frequent headlines such as 'Hackers' break in at General Electric raises questions about the Net's Security', 'Internet Security Imperiled - Hackers steal data that could threaten computers world-wide' and 'Stanford Computer system infiltrated; Security fears grow', organizations find themselves rethinking their approach to the on-ramp. Is the Internet safe? What do I need to do to protect my organization? Will hackers try to break into my systems? These are questions many organizations are asking themselves today. In order to safely travel along the Information Superhighway, organizations need a strong security framework. Developing such a framework for a computer site, whether it be just a few dozen hosts or several thousand hosts is not an easy task. The security infrastructure for a site is often developed piece-by-piece in response to security incidents which have affected that site over time. Or worse yet, no coordinated effort has been dedicated toward security. The end result is that many sites are still poorly prepared to handle the security dangers of the Internet. This paper presents guidelines for building a successful security infrastructure. The problem is addressed in a cookbook style method. First is a discussion on how to identify your assets and evaluate the threats to those assets; next are suggestions and tips for identifying the weak areas in your security armor. Armed with this information we can begin to think about what you really need for your site and what you can afford. In this stage of the process we examine the different categories of security tools and products that are available and then present some tips for deciding what is best for your site.

Martime Security: Ferry Security Measures Have Been Implemented, but Evaluating Existing Studies Could Further Enhance Security

DTIC Science & Technology

2010-12-01

relevant requirements, analyzed 2006 through 2009 security operations data, interviewed federal and industry officials, and made observations at five...warranted, acted on all findings and recommendations resulting from five agency- contracted studies on ferry security completed in 2005 and 2006 ...Figure 5: Security Deficiencies by Vessel Type, 2006 through 2009 27 Figure 6: Security Deficiencies by Facility Type, 2006 through 2009 28

12 CFR 591.2 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... includes transfers of real property subject to a real property loan by assumptions, installment land sales... other like transfers.“Completed credit application” has the same meaning as completed application for... security instrument upon a sale of transfer of all or any part of the real property securing the loan...

12 CFR 591.2 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... includes transfers of real property subject to a real property loan by assumptions, installment land sales... other like transfers.“Completed credit application” has the same meaning as completed application for... security instrument upon a sale of transfer of all or any part of the real property securing the loan...

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2013 CFR

2013-10-01

.... (3) Date and place of birth. (4) Social security number (submission is voluntary, although failure to provide it may delay or prevent completion of the threat assessment). (5) Gender. (6) Country of... Border Protection. (i) If asserting completion of a comparable threat assessment listed in paragraph (h...

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2012 CFR

2012-10-01

.... (3) Date and place of birth. (4) Social security number (submission is voluntary, although failure to provide it may delay or prevent completion of the threat assessment). (5) Gender. (6) Country of... Border Protection. (i) If asserting completion of a comparable threat assessment listed in paragraph (h...

17 CFR 300.305 - Excluded contracts.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Excluded contracts. 300.305 Section 300.305 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Closeout Or Completion of Open...

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

20 CFR 664.210 - How is the “requires additional assistance to complete an educational program, or to secure and...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false How is the ârequires additional assistance to complete an educational program, or to secure and hold employmentâ criterion in § 664.200(c)(6) defined... Services § 664.210 How is the “requires additional assistance to complete an educational program, or to...

Collaborative Access Control For Critical Infrastructures

NASA Astrophysics Data System (ADS)

Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

Privacy-preserving GWAS analysis on federated genomic datasets.

PubMed

Constable, Scott D; Tang, Yuzhe; Wang, Shuang; Jiang, Xiaoqian; Chapin, Steve

2015-01-01

The biomedical community benefits from the increasing availability of genomic data to support meaningful scientific research, e.g., Genome-Wide Association Studies (GWAS). However, high quality GWAS usually requires a large amount of samples, which can grow beyond the capability of a single institution. Federated genomic data analysis holds the promise of enabling cross-institution collaboration for effective GWAS, but it raises concerns about patient privacy and medical information confidentiality (as data are being exchanged across institutional boundaries), which becomes an inhibiting factor for the practical use. We present a privacy-preserving GWAS framework on federated genomic datasets. Our method is to layer the GWAS computations on top of secure multi-party computation (MPC) systems. This approach allows two parties in a distributed system to mutually perform secure GWAS computations, but without exposing their private data outside. We demonstrate our technique by implementing a framework for minor allele frequency counting and χ2 statistics calculation, one of typical computations used in GWAS. For efficient prototyping, we use a state-of-the-art MPC framework, i.e., Portable Circuit Format (PCF) 1. Our experimental results show promise in realizing both efficient and secure cross-institution GWAS computations.

Comprehensive security framework for the communication and storage of medical images

NASA Astrophysics Data System (ADS)

Slik, David; Montour, Mike; Altman, Tym

2003-05-01

Confidentiality, integrity verification and access control of medical imagery and associated metadata is critical for the successful deployment of integrated healthcare networks that extend beyond the department level. As medical imagery continues to become widely accessed across multiple administrative domains and geographically distributed locations, image data should be able to travel and be stored on untrusted infrastructure, including public networks and server equipment operated by external entities. Given these challenges associated with protecting large-scale distributed networks, measures must be taken to protect patient identifiable information while guarding against tampering, denial of service attacks, and providing robust audit mechanisms. The proposed framework outlines a series of security practices for the protection of medical images, incorporating Transport Layer Security (TLS), public and secret key cryptography, certificate management and a token based trusted computing base. It outlines measures that can be utilized to protect information stored within databases, online and nearline storage, and during transport over trusted and untrusted networks. In addition, it provides a framework for ensuring end-to-end integrity of image data from acquisition to viewing, and presents a potential solution to the challenges associated with access control across multiple administrative domains and institution user bases.

Secure and Trustable Electronic Medical Records Sharing using Blockchain.

PubMed

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost.

Secure and Trustable Electronic Medical Records Sharing using Blockchain

PubMed Central

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost. PMID:29854130

Sustainable Food Security in the Mountains of Pakistan: Towards a Policy Framework.

PubMed

Rasul, Golam; Hussain, Abid

2015-01-01

The nature and causes of food and livelihood security in mountain areas are quite different to those in the plains. Rapid socioeconomic and environmental changes added to the topographical constraints have exacerbated the problem of food insecurity in the Hindu Kush-Himalayan (HKH) region. In Pakistan, food insecurity is significantly higher in the mountain areas than in the plains as a result of a range of biophysical and socioeconomic factors. The potential of mountain niche products such as fruit, nuts, and livestock has remained underutilized. Moreover, the opportunities offered by globalization, market integration, remittances, and non-farm income have not been fully tapped. This paper analyzes the opportunities and challenges of food security in Pakistan's mountain areas, and outlines a framework for addressing the specific issues in terms of four different types of area differentiated by agro-ecological potential and access to markets, information, and institutional services.

I-WASTE: EPA’s Suite of Homeland Security Decision Support Tools for the Waste and Disaster Debris Management and Disposal

EPA Science Inventory

In the U.S., a single comprehensive approach to all-hazards domestic incident management has been established by the Department of Homeland Security through the National Response Framework. This helps prevent, prepare for, respond to, and recover from terrorist attacks, major di...

Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

ERIC Educational Resources Information Center

Szuba, Tom

This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

General Framework for Evaluating Password Complexity and Strength

DTIC Science & Technology

2015-11-15

stronger password requirements: User attitudes and behaviors,” in Pro- ceedings of the Sixth Symposium on Usable Privacy and Security, ser. SOUPS ’10. New...Proceedings of the Eighth Symposium on Usable Privacy and Security, ser. SOUPS ’12. New York, NY, USA: ACM, 2012, pp. 1–20. [22] P. Kelley, S. Komanduri

External Labeling as a Framework for Access Control

ERIC Educational Resources Information Center

Rozenbroek, Thomas H.

2012-01-01

With the ever increasing volume of data existing on and passing through on-line resources together with a growing number of legitimate users of that information and potential adversaries, the need for better security and safeguards is immediate and critical. Currently, most of the security and safeguards afforded on-line information are provided…

A Framework For Analyzing And Mitigating The Vulnerabilities Of Complex Systems Via Attack And Protection Trees

DTIC Science & Technology

2007-07-01

Systems, Ciudad Real, Spain, 2002. [Ame00] "Metamorphosis," in American Heritage Dictionary of the English Language Fourth ed: Houghton Mifflin Company...Beyond Fear: Thinking Sensibly About Security in an Uncertain World. New York: Copernicus Books, 2003. [Sch99] Schneier, B. "Modeling Security

A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

ERIC Educational Resources Information Center

Alshareef, Naser

2016-01-01

Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

RUASN: a robust user authentication framework for wireless sensor networks.

PubMed

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for...: Security threat assessments for cargo personnel in the United States. This section applies in the United...— (1) Each individual must successfully complete a security threat assessment or comparable security...

Homeland security challenges in nursing practice.

PubMed

Boatright, Connie; McGlown, K Joanne

2005-09-01

Nurses need a comprehensive knowledge of doctrine, laws, regulations,programs, and processes that build the operational framework for health care preparedness. Key components of this knowledge base reside in the areas of: evolution of homeland security: laws and mandates affecting health care and compliance and regulatory issues for health care organizations. This article addresses primary components in both of these areas, after first assessing the status of nursing's involvement (in homeland security), as portrayed in the professional literature.

Smartphone Application Enabling Global Graph Exploitation and Proactive Dissemination Service (DSPro) Integration (Revised Fiscal Year 2015)

DTIC Science & Technology

2015-09-01

interface. 15. SUBJECT TERMS smartphone, HDPT, global graph, DSPro, ozone widget framework, distributed common ground system, web service 16. SECURITY...Lee M. Lessons learned with a global graph and ozone widget framework (OWF) testbed. Aberdeen Proving Ground (MD): Army Research Laboratory (US); 2013

Cyber threats to health information systems: A systematic review.

PubMed

Luna, Raul; Rhine, Emily; Myhra, Matthew; Sullivan, Ross; Kruse, Clemens Scott

2016-01-01

Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

17 CFR 300.303 - Report to trustee.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Report to trustee. 300.303 Section 300.303 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Closeout Or Completion of Open...

Teaching RFID Information Systems Security

ERIC Educational Resources Information Center

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Hispanic mothers' beliefs regarding HPV vaccine series completion in their adolescent daughters.

PubMed

Roncancio, A M; Ward, K K; Carmack, C C; Muñoz, B T; Cribbs, F L

2017-02-01

Rates of human papillomavirus (HPV) vaccine series completion among adolescent Hispanic females in Texas in 2014 (∼39%) lag behind the Healthy People 2020 goal (80%). This qualitative study identifies Hispanic mothers' salient behavioral, normative and control beliefs regarding having their adolescent daughters complete the vaccine series. Thirty-two mothers of girls (aged 11-17) that had received at least one dose of the HPV vaccine, completed in-depth interviews. Six girls had received one dose of the HPV vaccine, 10 girls had received two doses, and 16 girls had received all three doses. The questions elicited salient: (i) experiential and instrumental attitudes (behavioral beliefs); (ii) supporters and non-supporters (normative beliefs) and (iii) facilitators and barriers (control beliefs). Directed content analysis was employed to select the most salient beliefs. Mothers: (i) expressed salient positive feelings (e.g. good, secure, happy and satisfied); (ii) believed that completing the series resulted in positive effects (e.g. protection, prevention); (iii) believed that the main supporters were themselves, their daughter's father and doctor with some of their friends not supporting series completion and (iv) believed that vaccine affordability, information, transportation, ease of scheduling and keeping vaccination appointments and taking their daughter's immunization card to appointments were facilitators. This study represents the first step in building theory-based framework of vaccine series completion for this population. The beliefs identified provide guidance for health care providers and intervention developers. © The Author 2017. Published by Oxford University Press. All rights reserved. For permissions, please email: journals.permissions@oup.com.

Global agenda, local health: including concepts of health security in preparedness programs at the jurisdictional level.

PubMed

Eby, Chas

2014-01-01

The Global Health Security Agenda's objectives contain components that could help health departments address emerging public health challenges that threaten the population. As part of the agenda, partner countries with advanced public health systems will support the development of infrastructure in stakeholder health departments. To facilitate this process and augment local programs, state and local health departments may want to include concepts of health security in their public health preparedness offices in order to simultaneously build capacity. Health security programs developed by public health departments should complete projects that are closely aligned with the objectives outlined in the global agenda and that facilitate the completion of current preparedness grant requirements. This article identifies objectives and proposes tactical local projects that run parallel to the 9 primary objectives of the Global Health Security Agenda. Executing concurrent projects at the international and local levels in preparedness offices will accelerate the completion of these objectives and help prevent disease epidemics, detect health threats, and respond to public health emergencies. Additionally, future funding tied or related to health security may become more accessible to state and local health departments that have achieved these objectives.

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

CREM monitoring: a wireless RF application

NASA Astrophysics Data System (ADS)

Valencia, J. D.; Burghard, B. J.; Skorpik, J. R.; Silvers, K. L.; Schwartz, M. J.

2005-05-01

Recent security lapses within the Department of Energy laboratories prompted the establishment and implementation of additional procedures and training for operations involving classified removable electronic media (CREM) storage. In addition, the definition of CREM has been expanded and the number of CREM has increased significantly. Procedures now require that all CREM be inventoried and accounted for on a weekly basis. Weekly inventories consist of a physical comparison of each item against the reportable inventory listing. Securing and accounting for CREM is a continuous challenge for existing security systems. To address this challenge, an innovative framework, encompassing a suite of technologies, has been developed by Pacific Northwest National Laboratory (PNNL) to monitor, track, and locate CREM in safes, vaults, and storage areas. This Automated Removable Media Observation and Reporting (ARMOR)framework, described in this paper, is an extension of an existing PNNL program, SecureSafe. The key attributes of systems built around the ARMOR framework include improved accountability, reduced risk of human error, improved accuracy and timeliness of inventory data, and reduced costs. ARMOR solutions require each CREM to be tagged with a unique electronically readable ID code. Inventory data is collected from tagged CREM at regular intervals and upon detection of an access event. Automated inventory collection and report generation eliminates the need for hand-written inventory sheets and allows electronic transfer of the collected inventory data to a modern electronic reporting system. An electronic log of CREM access events is maintained, providing enhanced accountability for daily/weekly checks, routine audits, and follow-up investigations.

Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

PubMed

Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

2013-08-01

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

PubMed

Andrijcic, Eva; Horowitz, Barry

2006-08-01

The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

Enterprise systems security management: a framework for breakthrough protection

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2010-04-01

Securing the DoD information network is a tremendous task due to its size, access locations and the amount of network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic requirements for secure information sharing in a net-centric environment. We introduce many of the new technology components to secure the enterprise. The cooperative mission requirements lead to developing automatic data discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public Clouds.

Towards An Engineering Discipline of Computational Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mili, Ali; Sheldon, Frederick T; Jilani, Lamia Labed

2007-01-01

George Boole ushered the era of modern logic by arguing that logical reasoning does not fall in the realm of philosophy, as it was considered up to his time, but in the realm of mathematics. As such, logical propositions and logical arguments are modeled using algebraic structures. Likewise, we submit that security attributes must be modeled as formal mathematical propositions that are subject to mathematical analysis. In this paper, we approach this problem by attempting to model security attributes in a refinement-like framework that has traditionally been used to represent reliability and safety claims. Keywords: Computable security attributes, survivability, integrity,more » dependability, reliability, safety, security, verification, testing, fault tolerance.« less

Effectiveness of the Civil Aviation Security Program.

DTIC Science & Technology

1977-04-05

diversions. Perhaps the best evidence of the effectiveness of airline and airport security measures is the number of hijackings and related crimes prevented...airports. Consideration is being given to include a provision in the airport security regulation which would prohibit the introduction of...Security Program. A complete revision of the regulation that established basic airport security requirements is currently underway. One of the more

Survey of Cyber Crime in Big Data

NASA Astrophysics Data System (ADS)

Rajeswari, C.; Soni, Krishna; Tandon, Rajat

2017-11-01

Big data is like performing computation operations and database operations for large amounts of data, automatically from the data possessor’s business. Since a critical strategic offer of big data access to information from numerous and various areas, security and protection will assume an imperative part in big data research and innovation. The limits of standard IT security practices are notable, with the goal that they can utilize programming sending to utilize programming designers to incorporate pernicious programming in a genuine and developing risk in applications and working frameworks, which are troublesome. The impact gets speedier than big data. In this way, one central issue is that security and protection innovation are sufficient to share controlled affirmation for countless direct get to. For powerful utilization of extensive information, it should be approved to get to the information of that space or whatever other area from a space. For a long time, dependable framework improvement has arranged a rich arrangement of demonstrated ideas of demonstrated security to bargain to a great extent with the decided adversaries, however this procedure has been to a great extent underestimated as “needless excess” and sellers In this discourse, essential talks will be examined for substantial information to exploit this develop security and protection innovation, while the rest of the exploration difficulties will be investigated.

Script-like attachment representations in dreams containing current romantic partners.

PubMed

Selterman, Dylan; Apetroaia, Adela; Waters, Everett

2012-01-01

Recent research has demonstrated parallels between romantic attachment styles and general dream content. The current study examined partner-specific attachment representations alongside dreams that contained significant others. The general prediction was that dreams would follow the "secure base script," and a general correspondence would emerge between secure attachment cognitions in waking life and in dreams. Sixty-one undergraduate student participants in committed dating relationships of six months duration or longer completed the Secure Base Script Narrative Assessment at Time 1, and then completed a dream diary for 14 consecutive days. Blind coders scored dreams that contained significant others using the same criteria for secure base content in laboratory narratives. Results revealed a significant association between relationship-specific attachment security and the degree to which dreams about romantic partners followed the secure base script. The findings illuminate our understanding of mental representations with regards to specific attachment figures. Implications for attachment theory and clinical applications are discussed.

76 FR 53663 - Sierra County Resource Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-29

... complete project review. The committee is authorized under the Secure Rural Schools and Community Self... back-up meeting if the vote was not completed on September 12.) The agenda may be viewed at https://fsplaces.fs.fed.us/fsfiles/unit/wo/secure_rural_schools.nsf . Anyone who would like to bring related...

Framework for Managing Metadata Security Tags as the Basis for Making Security Decisions.

DTIC Science & Technology

2002-12-01

and Performance,” D.H. Associates, Inc., Sep 2001. [3] Deitel , H. M., and Deitel , P. J., Java How to Program , 3rd Edition, Prentice Hall Inc...1999. [4] Deitel , H. M., Deitel , P. J., and Nieto, T. R., Internet and The World Wide Web: How to Program , 2nd Edition, 2002. [5] Grohn, M. J., A...words) This thesis presents an analysis of a capability to employ CAPCO (Controlled Access Program Coordination Office) compliant Metadata security

The Contribution of the Spanish Guardia Civil to the Peace and Stability Operations Within the Human Security Framework

DTIC Science & Technology

2010-03-08

1999.- U.N. Civilian Police component in Kosovo (UNMIK.) 2000.- Oficina del Programa de Irak (no es especificamente una misi6n de paz) 2000.- Special...community security, and political security. Nevertheless, it is worth pointing out that the establishment and the inclusion of an agenda based on the human...model the pattern set in France by the Gendarmerie and in Catalonia by the existing Mossos de Escuadra. The Dulce of Ahumada personally shaped this new

A systems science perspective and transdisciplinary models for food and nutrition security

PubMed Central

Hammond, Ross A.; Dubé, Laurette

2012-01-01

We argue that food and nutrition security is driven by complex underlying systems and that both research and policy in this area would benefit from a systems approach. We present a framework for such an approach, examine key underlying systems, and identify transdisciplinary modeling tools that may prove especially useful. PMID:22826247

76 FR 4706 - Self-Defense of Vessels of the United States

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-26

... view the comments and Coast Guard Port Security Advisory (PSA) 3-09, which provides guidance to the... guidance published by the Coast Guard in Port Security Advisory (PSA) 3-09 provide an adequate framework... regard to the use of force against pirates is currently provided in PSA 3-09. The Coast Guard seeks...

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

PubMed

N Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

2016-01-01

Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

The game-theoretic national interstate economic model : an integrated framework to quantify the economic impacts of cyber-terrorist behavior.

DOT National Transportation Integrated Search

2014-12-01

This study suggests an integrated framework to quantify cyber attack impacts on the U.S. airport security system. A cyber attack by terrorists on the U.S. involves complex : strategic behavior by the terrorists because they could plan to invade an ai...

2016-2020 Strategic Plan and Implementing Framework

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2015-11-01

The 2016-2020 Strategic Plan and Implementing Framework from the Office of Energy Efficiency and Renewable Energy (EERE) is the blueprint for launching the nation’s leadership in the global clean energy economy. This document will guide the organization to build on decades of progress in powering our nation from clean, affordable and secure energy.

The Advanced Security Operations Corporation Special Weapons and Tactics Initiative: A Business Plan

DTIC Science & Technology

2004-12-01

5 Kotler , Philip . (2003). A Framework for Marketing Management (2nd ed.). New Jersey: Pearson Education. 8 teams in Los...www.ojp.usdoj.gov/odp/docs/fy04hsgp_appkit.pdf 5. Kotler , Philip . (2003). A Framework for Marketing Management (2nd ed.). New Jersey: Pearson Education. 6

Biosafety and Biosecurity: A Relative Risk-Based Framework for Safer, More Secure, and Sustainable Laboratory Capacity Building.

PubMed

Dickmann, Petra; Sheeley, Heather; Lightfoot, Nigel

2015-01-01

Laboratory capacity building is characterized by a paradox between endemicity and resources: countries with high endemicity of pathogenic agents often have low and intermittent resources (water, electricity) and capacities (laboratories, trained staff, adequate regulations). Meanwhile, countries with low endemicity of pathogenic agents often have high-containment facilities with costly infrastructure and maintenance governed by regulations. The common practice of exporting high biocontainment facilities and standards is not sustainable and concerns about biosafety and biosecurity require careful consideration. A group at Chatham House developed a draft conceptual framework for safer, more secure, and sustainable laboratory capacity building. The draft generic framework is guided by the phrase "LOCAL - PEOPLE - MAKE SENSE" that represents three major principles: capacity building according to local needs (local) with an emphasis on relationship and trust building (people) and continuous outcome and impact measurement (make sense). This draft generic framework can serve as a blueprint for international policy decision-making on improving biosafety and biosecurity in laboratory capacity building, but requires more testing and detailing development.

Power system security enhancement through direct non-disruptive load control

NASA Astrophysics Data System (ADS)

Ramanathan, Badri Narayanan

The transition to a competitive market structure raises significant concerns regarding reliability of the power grid. A need to build tools for security assessment that produce operating limit boundaries for both static and dynamic contingencies is recognized. Besides, an increase in overall uncertainty in operating conditions makes corrective actions at times ineffective leaving the system vulnerable to instability. The tools that are in place for stability enhancement are mostly corrective and suffer from lack of robustness to operating condition changes. They often pose serious coordination challenges. With deregulation, there have also been ownership and responsibility issues associated with stability controls. However, the changing utility business model and the developments in enabling technologies such as two-way communication, metering, and control open up several new possibilities for power system security enhancement. This research proposes preventive modulation of selected loads through direct control for power system security enhancement. Two main contributions of this research are the following: development of an analysis framework and two conceptually different analysis approaches for load modulation to enhance oscillatory stability, and the development and study of algorithms for real-time modulation of thermostatic loads. The underlying analysis framework is based on the Structured Singular Value (SSV or mu) theory. Based on the above framework, two fundamentally different approaches towards analysis of the amount of load modulation for desired stability performance have been developed. Both the approaches have been tested on two different test systems: CIGRE Nordic test system and an equivalent of the Western Electric Coordinating Council test system. This research also develops algorithms for real-time modulation of thermostatic loads that use the results of the analysis. In line with some recent load management programs executed by utilities, two different algorithms based on dynamic programming are proposed for air-conditioner loads, while a decision-tree based algorithm is proposed for water-heater loads. An optimization framework has been developed employing the above algorithms. Monte Carlo simulations have been performed using this framework with the objective of studying the impact of different parameters and constraints on the effectiveness as well as the effect of control. The conclusions drawn from this research strongly advocate direct load control for stability enhancement from the perspectives of robustness and coordination, as well as economic viability and the developments towards availability of the institutional framework for load participation in providing system reliability services.

Verification and accreditation schemes for climate change activities: A review of requirements for verification of greenhouse gas reductions and accreditation of verifiers—Implications for long-term carbon sequestration

NASA Astrophysics Data System (ADS)

Roed-Larsen, Trygve; Flach, Todd

The purpose of this chapter is to provide a review of existing national and international requirements for verification of greenhouse gas reductions and associated accreditation of independent verifiers. The credibility of results claimed to reduce or remove anthropogenic emissions of greenhouse gases (GHG) is of utmost importance for the success of emerging schemes to reduce such emissions. Requirements include transparency, accuracy, consistency, and completeness of the GHG data. The many independent verification processes that have developed recently now make up a quite elaborate tool kit for best practices. The UN Framework Convention for Climate Change and the Kyoto Protocol specifications for project mechanisms initiated this work, but other national and international actors also work intensely with these issues. One initiative gaining wide application is that taken by the World Business Council for Sustainable Development with the World Resources Institute to develop a "GHG Protocol" to assist companies in arranging for auditable monitoring and reporting processes of their GHG activities. A set of new international standards developed by the International Organization for Standardization (ISO) provides specifications for the quantification, monitoring, and reporting of company entity and project-based activities. The ISO is also developing specifications for recognizing independent GHG verifiers. This chapter covers this background with intent of providing a common understanding of all efforts undertaken in different parts of the world to secure the reliability of GHG emission reduction and removal activities. These verification schemes may provide valuable input to current efforts of securing a comprehensive, trustworthy, and robust framework for verification activities of CO2 capture, transport, and storage.

Association of market, mission, operational, and financial factors with hospitals' level of cash and security investments.

PubMed

McCue, M J; Thompson, J M; Dodd-McCue, D

Using a resource dependency framework and financial theory, this study assessed the market, mission, operational, and financial factors associated with the level of cash and security investments in hospitals. We ranked hospitals in the study sample based on their cash and security investments as a percentage of total assets: hospitals in the high cash/security investment category were in the top 25th percentile of all hospitals; those in the low cash/security investment group were in the bottom 25th percentile. Findings indicate that high cash/security investment hospitals are under either public or private nonprofit ownership and have greater market share. They also serve more complex cases, offer more technology services, generate greater profits, incur a more stable patient revenue base, and maintain less debt.

Children’s Attachment to Both Parents from Toddler Age to Middle Childhood: Links to Adaptive and Maladaptive Outcomes

PubMed Central

Boldt, Lea J.; Kochanska, Grazyna; Yoon, Jeung Eun; Nordling, Jamie Koenig

2014-01-01

We examined children’s attachment security with their mothers and fathers in a community sample (N = 100). At 25 months, mothers, fathers, and trained observers completed Attachment Q-Set (AQS). At 100 months, children completed Kerns Security Scale (KSS) for each parent. Children’s adaptation (behavior problems and competence in broader ecologies of school and peer group, child- and parent-reported) was assessed at 100 months. By and large, the child’s security with the mother and father was modestly to robustly concordant across both relationships, depending on the assessment method. Observers’ AQS security scores predicted children’s self-reported security 6 years later. For children with low AQS security scores with mothers, variations in security with fathers had significant implications for adaptation: Those whose security with fathers was also low reported the most behavior problems and were seen as least competent in broader ecologies, but those whose security with fathers was high reported few problems and were seen as competent. Security with fathers, observer-rated and child-reported, predicted children’s higher competence in broader ecologies. A cumulative index of the history of security from toddler age to middle childhood, integrating measures across both relationships and diverse methodologies, was significantly associated with positive adaptation at 100 months. PMID:24605850

A risk management approach to CAIS development

NASA Technical Reports Server (NTRS)

Hart, Hal; Kerner, Judy; Alden, Tony; Belz, Frank; Tadman, Frank

1986-01-01

The proposed DoD standard Common APSE Interface Set (CAIS) was developed as a framework set of interfaces that will support the transportability and interoperability of tools in the support environments of the future. While the current CAIS version is a promising start toward fulfilling those goals and current prototypes provide adequate testbeds for investigations in support of completing specifications for a full CAIS, there are many reasons why the proposed CAIS might fail to become a usable product and the foundation of next-generation (1990'S) project support environments such as NASA's Space Station software support environment. The most critical threats to the viability and acceptance of the CAIS include performance issues (especially in piggybacked implementations), transportability, and security requirements. To make the situation worse, the solution to some of these threats appears to be at conflict with the solutions to others.

Hybrid methods for cybersecurity analysis :

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davis, Warren Leon,; Dunlavy, Daniel M.

2014-01-01

Early 2010 saw a signi cant change in adversarial techniques aimed at network intrusion: a shift from malware delivered via email attachments toward the use of hidden, embedded hyperlinks to initiate sequences of downloads and interactions with web sites and network servers containing malicious software. Enterprise security groups were well poised and experienced in defending the former attacks, but the new types of attacks were larger in number, more challenging to detect, dynamic in nature, and required the development of new technologies and analytic capabilities. The Hybrid LDRD project was aimed at delivering new capabilities in large-scale data modeling andmore » analysis to enterprise security operators and analysts and understanding the challenges of detection and prevention of emerging cybersecurity threats. Leveraging previous LDRD research e orts and capabilities in large-scale relational data analysis, large-scale discrete data analysis and visualization, and streaming data analysis, new modeling and analysis capabilities were quickly brought to bear on the problems in email phishing and spear phishing attacks in the Sandia enterprise security operational groups at the onset of the Hybrid project. As part of this project, a software development and deployment framework was created within the security analyst work ow tool sets to facilitate the delivery and testing of new capabilities as they became available, and machine learning algorithms were developed to address the challenge of dynamic threats. Furthermore, researchers from the Hybrid project were embedded in the security analyst groups for almost a full year, engaged in daily operational activities and routines, creating an atmosphere of trust and collaboration between the researchers and security personnel. The Hybrid project has altered the way that research ideas can be incorporated into the production environments of Sandias enterprise security groups, reducing time to deployment from months and years to hours and days for the application of new modeling and analysis capabilities to emerging threats. The development and deployment framework has been generalized into the Hybrid Framework and incor- porated into several LDRD, WFO, and DOE/CSL projects and proposals. And most importantly, the Hybrid project has provided Sandia security analysts with new, scalable, extensible analytic capabilities that have resulted in alerts not detectable using their previous work ow tool sets.« less

The Event Chain of Survival in the Context of Music Festivals: A Framework for Improving Outcomes at Major Planned Events.

PubMed

Lund, Adam; Turris, Sheila

2017-08-01

Despite the best efforts of event producers and on-site medical teams, there are sometimes serious illnesses, life-threatening injuries, and fatalities related to music festival attendance. Producers, clinicians, and researchers are actively seeking ways to reduce the mortality and morbidity associated with these events. After analyzing the available literature on music festival health and safety, several major themes emerged. Principally, stakeholder groups planning in isolation from one another (ie, in silos) create fragmentation, gaps, and overlap in plans for major planned events (MPEs). The authors hypothesized that one approach to minimizing this fragmentation may be to create a framework to "connect the dots," or join together the many silos of professionals responsible for safety, security, health, and emergency planning at MPEs. Adapted from the well-established literature regarding the management of cardiac arrests, both in and out of hospital, the "chain of survival" concept is applied to the disparate groups providing services that support event safety in the context of music festivals. The authors propose this framework for describing, understanding, coordinating and planning around the integration of safety, security, health, and emergency service for events. The adapted Event Chain of Survival contains six interdependent links, including: (1) event producers; (2) police and security; (3) festival health; (4) on-site medical services; (5) ambulance services; and (6) off-site medical services. The authors argue that adapting and applying this framework in the context of MPEs in general, and music festivals specifically, has the potential to break down the current disconnected approach to event safety, security, health, and emergency planning. It offers a means of shifting the focus from a purely reactive stance to a more proactive, collaborative, and integrated approach. Improving health outcomes for music festival attendees, reducing gaps in planning, promoting consistency, and improving efficiency by reducing duplication of services will ultimately require coordination and collaboration from the beginning of event production to post-event reporting. Lund A , Turris SA . The Event Chain of Survival in the context of music festivals: a framework for improving outcomes at major planned events. Prehosp Disaster Med. 2017;32(4):437-443.

Developing Renewable Energy Projects Larger Than 10 MWs at Federal Facilities (Book)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2013-03-01

To accomplish Federal goals for renewable energy, sustainability, and energy security, large-scale renewable energy projects must be developed and constructed on Federal sites at a significant scale with significant private investment. The U.S. Department of Energy's Federal Energy Management Program (FEMP) helps Federal agencies meet these goals and assists agency personnel navigate the complexities of developing such projects and attract the necessary private capital to complete them. This guide is intended to provide a general resource that will begin to develop the Federal employee's awareness and understanding of the project developer's operating environment and the private sector's awareness and understandingmore » of the Federal environment. Because the vast majority of the investment that is required to meet the goals for large-scale renewable energy projects will come from the private sector, this guide has been organized to match Federal processes with typical phases of commercial project development. The main purpose of this guide is to provide a project development framework to allow the Federal Government, private developers, and investors to work in a coordinated fashion on large-scale renewable energy projects. The framework includes key elements that describe a successful, financially attractive large-scale renewable energy project.« less

Acceptance Criteria Framework for Autonomous Biological Detectors

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dzenitis, J M

2006-12-12

The purpose of this study was to examine a set of user acceptance criteria for autonomous biological detection systems for application in high-traffic, public facilities. The test case for the acceptance criteria was the Autonomous Pathogen Detection System (APDS) operating in high-traffic facilities in New York City (NYC). However, the acceptance criteria were designed to be generally applicable to other biological detection systems in other locations. For such detection systems, ''users'' will include local authorities (e.g., facility operators, public health officials, and law enforcement personnel) and national authorities [including personnel from the Department of Homeland Security (DHS), the BioWatch Program,more » the Centers for Disease Control and Prevention (CDC), and the Federal Bureau of Investigation (FBI)]. The panel members brought expertise from a broad range of backgrounds to complete this picture. The goals of this document are: (1) To serve as informal guidance for users in considering the benefits and costs of these systems. (2) To serve as informal guidance for developers in understanding the needs of users. In follow-up work, this framework will be used to systematically document the APDS for appropriateness and readiness for use in NYC.« less

The Experiences of Young Adults With Hodgkin Lymphoma Transitioning to Survivorship: A Grounded Theory Study.

PubMed

Matheson, Lauren; Boulton, Mary; Lavender, Verna; Collins, Graham; Mitchell-Floyd, Tracy; Watson, Eila

2016-09-01

To explore the experiences of young adults with Hodgkin lymphoma during the first year following the end of initial treatment. 
. A qualitative grounded theory study.
. Interviews with patients recruited from three cancer centers in England.
. 10 Hodgkin lymphoma survivors (four men and six women aged 21-39 years) recruited as part of a larger study of 28 young adult cancer survivors.
. Semistructured interviews were conducted about two months after treatment completion, and follow-up interviews were conducted seven months later. The authors' grounded theory of positive psychosocial adjustment to cancer provided the conceptual framework.
. Positive reframing, informal peer support, acceptance, and normalization helped young adults dismantle the threats of Hodgkin lymphoma during the course of treatment. However, they described losing a sense of security following treatment completion. Greater age-specific information to enable better preparation for the future was desired regarding body image, fertility, sexual relationships, work, and socializing.
. Informal support mechanisms, like peer support and patient navigator interventions, may be useful ways to further support young adults after treatment completion.
. Positive psychosocial adjustment to cancer survivorship in young adults is facilitated by having informal peer support; being able to positively reframe, accept, and normalize their experience; and being prepared for the future.

LISA, the next generation: from a web-based application to a fat client.

PubMed

Pierlet, Noëlla; Aerts, Werner; Vanautgaerden, Mark; Van den Bosch, Bart; De Deurwaerder, André; Schils, Erik; Noppe, Thomas

2008-01-01

The LISA application, developed by the University Hospitals Leuven, permits referring physicians to consult the electronic medical records of their patients over the internet in a highly secure way. We decided to completely change the way we secured the application, discard the existing web application and build a completely new application, based on the in-house developed hospital information system, used in the University Hospitals Leuven. The result is a fat Java client, running on a Windows Terminal Server, secured by a commercial SSL-VPN solution.

Report: Fiscal Year 2015 Federal Information Security Modernization Act Report: Status of CSB’s Information Security Program

EPA Pesticide Factsheets

Report #16-P-0086, January 27, 2016. The effectiveness of the CSB’s information security program is challenged by its lack of personal identity verification cards for logical access, complete system inventory.

Secure Distributed Detection under Energy Constraint in IoT-Oriented Sensor Networks.

PubMed

Zhang, Guomei; Sun, Hao

2016-12-16

We study the secure distributed detection problems under energy constraint for IoT-oriented sensor networks. The conventional channel-aware encryption (CAE) is an efficient physical-layer secure distributed detection scheme in light of its energy efficiency, good scalability and robustness over diverse eavesdropping scenarios. However, in the CAE scheme, it remains an open problem of how to optimize the key thresholds for the estimated channel gain, which are used to determine the sensor's reporting action. Moreover, the CAE scheme does not jointly consider the accuracy of local detection results in determining whether to stay dormant for a sensor. To solve these problems, we first analyze the error probability and derive the optimal thresholds in the CAE scheme under a specified energy constraint. These results build a convenient mathematic framework for our further innovative design. Under this framework, we propose a hybrid secure distributed detection scheme. Our proposal can satisfy the energy constraint by keeping some sensors inactive according to the local detection confidence level, which is characterized by likelihood ratio. In the meanwhile, the security is guaranteed through randomly flipping the local decisions forwarded to the fusion center based on the channel amplitude. We further optimize the key parameters of our hybrid scheme, including two local decision thresholds and one channel comparison threshold. Performance evaluation results demonstrate that our hybrid scheme outperforms the CAE under stringent energy constraints, especially in the high signal-to-noise ratio scenario, while the security is still assured.

Secure Distributed Detection under Energy Constraint in IoT-Oriented Sensor Networks

PubMed Central

Zhang, Guomei; Sun, Hao

2016-01-01

We study the secure distributed detection problems under energy constraint for IoT-oriented sensor networks. The conventional channel-aware encryption (CAE) is an efficient physical-layer secure distributed detection scheme in light of its energy efficiency, good scalability and robustness over diverse eavesdropping scenarios. However, in the CAE scheme, it remains an open problem of how to optimize the key thresholds for the estimated channel gain, which are used to determine the sensor’s reporting action. Moreover, the CAE scheme does not jointly consider the accuracy of local detection results in determining whether to stay dormant for a sensor. To solve these problems, we first analyze the error probability and derive the optimal thresholds in the CAE scheme under a specified energy constraint. These results build a convenient mathematic framework for our further innovative design. Under this framework, we propose a hybrid secure distributed detection scheme. Our proposal can satisfy the energy constraint by keeping some sensors inactive according to the local detection confidence level, which is characterized by likelihood ratio. In the meanwhile, the security is guaranteed through randomly flipping the local decisions forwarded to the fusion center based on the channel amplitude. We further optimize the key parameters of our hybrid scheme, including two local decision thresholds and one channel comparison threshold. Performance evaluation results demonstrate that our hybrid scheme outperforms the CAE under stringent energy constraints, especially in the high signal-to-noise ratio scenario, while the security is still assured. PMID:27999282

Multinational Experiment 7. Outcome 3 - Cyber Domain. Objective 3.3: Concept Framework Version 3.0

DTIC Science & Technology

2012-10-03

experimentation in order to give some parameters for Decision Makers’ actions. A.5 DIFFERENT LEGAL FRAMEWORKS The juridical framework to which we refer, in...material effects (e.g. psychological impact), economic et al, or, especially in the military field, it may affect Operational Security (OPSEC). 7...not expected at all to be run as a mechanistic tool that produces univocal outputs on the base of juridically qualified inputs, making unnecessary

Solving Homeland Security’s Wicked Problems: A Design Thinking Approach

DTIC Science & Technology

2015-09-01

spur solutions. This thesis provides a framework for how S&T can incorporate design- thinking principles that are working well in other domains to...to spur solutions. This thesis provides a framework for how S&T can incorporate design-thinking principles that are working well in other domains to...Galbraith’s Star Model was used to analyze how DHS S&T, MindLab, and DARPA apply design-thinking principles to inform the framework to apply and

Identifying seasonal mobility profiles from anonymized and aggregated mobile phone data. Application in food security.

PubMed

Zufiria, Pedro J; Pastor-Escuredo, David; Úbeda-Medina, Luis; Hernandez-Medina, Miguel A; Barriales-Valbuena, Iker; Morales, Alfredo J; Jacques, Damien C; Nkwambi, Wilfred; Diop, M Bamba; Quinn, John; Hidalgo-Sanchís, Paula; Luengo-Oroz, Miguel

2018-01-01

We propose a framework for the systematic analysis of mobile phone data to identify relevant mobility profiles in a population. The proposed framework allows finding distinct human mobility profiles based on the digital trace of mobile phone users characterized by a Matrix of Individual Trajectories (IT-Matrix). This matrix gathers a consistent and regularized description of individual trajectories that enables multi-scale representations along time and space, which can be used to extract aggregated indicators such as a dynamic multi-scale population count. Unsupervised clustering of individual trajectories generates mobility profiles (clusters of similar individual trajectories) which characterize relevant group behaviors preserving optimal aggregation levels for detailed and privacy-secured mobility characterization. The application of the proposed framework is illustrated by analyzing fully anonymized data on human mobility from mobile phones in Senegal at the arrondissement level over a calendar year. The analysis of monthly mobility patterns at the livelihood zone resolution resulted in the discovery and characterization of seasonal mobility profiles related with economic activities, agricultural calendars and rainfalls. The use of these mobility profiles could support the timely identification of mobility changes in vulnerable populations in response to external shocks (such as natural disasters, civil conflicts or sudden increases of food prices) to monitor food security.

Efficient Authorization of Rich Presence Using Secure and Composed Web Services

NASA Astrophysics Data System (ADS)

Li, Li; Chou, Wu

This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

The Secure-Base Hypothesis: Global Attachment, Attachment to Counselor, and Session Exploration in Psychotherapy

ERIC Educational Resources Information Center

Romano, Vera; Fitzpatrick, Marilyn; Janzen, Jennifer

2008-01-01

This study explored J. Bowlby's (1988) secure-base hypothesis, which predicts that a client's secure attachment to the therapist, as well as the client's and the therapist's global attachment security, will facilitate in-session exploration. Volunteer clients (N = 59) and trainee counselors (N = 59) in short-term therapy completed the Experiences…

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization.

PubMed

He, Ying; Johnson, Chris

2017-12-01

Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Developing a Defense Sector Assessment Rating Tool

DTIC Science & Technology

2010-01-01

JUSTICE EDUCATION ENERGY AND ENVIRONMENT HEALTH AND HEALTH CARE INTERNATIONAL AFFAIRS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND...Cathryn Quantic Thurston, and Gregory F. Treverton (MG-863-OSD). • Making Liberia Safe: Transformation of the National Security Sector, by David C...Cathryn Quantic Thurston, and Gregory F. Treverton, A Framework to Assess Programs for Building Partnerships, Santa Monica, Calif.: RAND Corporation

Cyber OODA: Towards a Conceptual Cyberspace Framework

DTIC Science & Technology

2010-06-01

settings (cannot view), or a combination of physical and syntactic limits, or viewing a content-rich PowerPoint presentation on a blackberry ...original work) 21 This is an ideal type definition. VPNs tunnel through traditional networks, but do not...exchange information other than travel instructions. As long as the VPN tunnel remains secure, it is treated as a separate cyberspace. If security

US Foreign Policy toward North Korea: A Way Ahead

DTIC Science & Technology

2008-01-01

property rights, suffer from poverty, encourage black markets , and involve themselves in other illicit activities, including money counter­ feiting...formal national security strategy is not yet published. As a longtime US ally whose democratic institutions, capitalist market system, and national...regards the improvement and strength­ ening of multilayer frameworks for bilateral and multilateral dialogue while securing the presence and engagement

The Security of Machine Learning

DTIC Science & Technology

2008-04-24

Machine learning has become a fundamental tool for computer security, since it can rapidly evolve to changing and complex situations. That...adaptability is also a vulnerability: attackers can exploit machine learning systems. We present a taxonomy identifying and analyzing attacks against machine ...We use our framework to survey and analyze the literature of attacks against machine learning systems. We also illustrate our taxonomy by showing

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

ERIC Educational Resources Information Center

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Correlation between Employee Participation and Organizational Information Security Management in Community College Districts

ERIC Educational Resources Information Center

Powell, Roger

2013-01-01

The dominant view of the relationship between employees and information security (InfoSec) is that employees are the weakest link. This research investigates the relationship between employees and InfoSec from a positive perspective. User buy-in is the theoretical framework of this study and Western U.S. Community Colleges (WUCCs) are the setting.…

Key Considerations of Community, Scalability, Supportability, Security, and Functionality in Selecting Open-Source Software in California Universities as Perceived by Technology Leaders

ERIC Educational Resources Information Center

Britton, Todd Alan

2014-01-01

Purpose: The purpose of this study was to examine the key considerations of community, scalability, supportability, security, and functionality for selecting open-source software in California universities as perceived by technology leaders. Methods: After a review of the cogent literature, the key conceptual framework categories were identified…

Framework for behavioral analytics in anomaly identification

NASA Astrophysics Data System (ADS)

Touma, Maroun; Bertino, Elisa; Rivera, Brian; Verma, Dinesh; Calo, Seraphin

2017-05-01

Behavioral Analytics (BA) relies on digital breadcrumbs to build user profiles and create clusters of entities that exhibit a large degree of similarity. The prevailing assumption is that an entity will assimilate the group behavior of the cluster it belongs to. Our understanding of BA and its application in different domains continues to evolve and is a direct result of the growing interest in Machine Learning research. When trying to detect security threats, we use BA techniques to identify anomalies, defined in this paper as deviation from the group behavior. Early research papers in this field reveal a high number of false positives where a security alert is triggered based on deviation from the cluster learned behavior but still within the norm of what the system defines as an acceptable behavior. Further, domain specific security policies tend to be narrow and inadequately represent what an entity can do. Hence, they: a) limit the amount of useful data during the learning phase; and, b) lead to violation of policy during the execution phase. In this paper, we propose a framework for future research on the role of policies and behavior security in a coalition setting with emphasis on anomaly detection and individual's deviation from group activities.

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

PubMed Central

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost. PMID:22163888

A Security Monitoring Framework For Virtualization Based HEP Infrastructures

NASA Astrophysics Data System (ADS)

Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

2017-10-01

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Cyberspace Human Capital: Building a Cadre Today to Win Tomorrows War

DTIC Science & Technology

2016-04-28

sustainable and flexible framework that manages and develops a cyberspace cadre, today and into the future. This professional paper examines USAF and DoD...future conflicts, USAF leadership must develop a sustainable and flexible framework that manages and develops cyberspace cadre...international security and stability. CYBERSPACE FORCE MANAGEMENT ACCESSIONS RETENTION INSTITUTIONAL STRUCTURE FORCE DEVELOPMENT EDUCATION TRAINING

Securing the Place of Educating for Sustainable Development within Existing Curriculum Frameworks: A Reflective Analysis

ERIC Educational Resources Information Center

Metz, Don; McMillan, Barbara; Maxwell, Mona; Tetrault, Amanda

2010-01-01

Educating for sustainable development (ESD) is generally found within existing disciplinary frameworks. In this paper, our intent is to compare the views and practices of environmental educators who pursue ESD from a perspective different from what is occurring in our own constituency. We collected data on curriculum, teaching perspectives and…

InfoSec-MobCop - Framework for Theft Detection and Data Security on Mobile Computing Devices

NASA Astrophysics Data System (ADS)

Gupta, Anand; Gupta, Deepank; Gupta, Nidhi

People steal mobile devices with the intention of making money either by selling the mobile or by taking the sensitive information stored inside it. Mobile thefts are rising even with existing deterrents in place. This is because; they are ineffective, as they generate unnecessary alerts and might require expensive hardware equipments. In this paper a novel framework termed as InfoSec-MobCop is proposed which secures a mobile user’s data and discovers theft by detecting any anomaly in the user behavior. The anomaly of the user is computed by extracting and monitoring user specific details (typing pattern and usage history). The result of any intrusion attempt by a masquerader is intimated to the service provider through an SMS. Effectiveness of the used approach is discussed using FAR and FRR graphs. The experimental system uses both real users and simulated studies to quantify the effectiveness of the InfoSec-MobCop (Information Security Mobile Cop).

Security Event Recognition for Visual Surveillance

NASA Astrophysics Data System (ADS)

Liao, W.; Yang, C.; Yang, M. Ying; Rosenhahn, B.

2017-05-01

With rapidly increasing deployment of surveillance cameras, the reliable methods for automatically analyzing the surveillance video and recognizing special events are demanded by different practical applications. This paper proposes a novel effective framework for security event analysis in surveillance videos. First, convolutional neural network (CNN) framework is used to detect objects of interest in the given videos. Second, the owners of the objects are recognized and monitored in real-time as well. If anyone moves any object, this person will be verified whether he/she is its owner. If not, this event will be further analyzed and distinguished between two different scenes: moving the object away or stealing it. To validate the proposed approach, a new video dataset consisting of various scenarios is constructed for more complex tasks. For comparison purpose, the experiments are also carried out on the benchmark databases related to the task on abandoned luggage detection. The experimental results show that the proposed approach outperforms the state-of-the-art methods and effective in recognizing complex security events.

Meeting the privacy requirements for the development of a multi-centre patient registry in Canada: the Rick Hansen Spinal Cord Injury Registry.

PubMed

Noonan, Vanessa K; Thorogood, Nancy P; Joshi, Phalgun B; Fehlings, Michael G; Craven, B Catharine; Linassi, Gary; Fourney, Daryl R; Kwon, Brian K; Bailey, Christopher S; Tsai, Eve C; Drew, Brian M; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F

2013-05-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. Copyright © 2013 Longwoods Publishing.

Examining National Public Health Law to Realize the Global Health Security Agenda.

PubMed

Meier, Benjamin Mason; Tureski, Kara; Bockh, Emily; Carr, Derek; Ayala, Ana; Roberts, Anna; Cloud, Lindsay; Wilhelm, Nicolas; Burris, Scott

2017-05-01

Where the Global Health Security Agenda (GHSA) seeks to accelerate progress toward a world safe and secure from public health emergencies, the realization of GHSA 'Action Packages' will require national governments to establish necessary legal frameworks to prevent, detect, and respond to infectious disease. By analyzing the scope and content of existing national legislation in each of the GHSA Action Packages, this comparative cross-national research has developed a framework that disaggregates the legal domains necessary to meet each Action Package target. Based upon these legal domains, this study developed an assessment tool that can identify specific attributes of national legislation. This article applies this tool to assess the legal environment in twenty Sub-Saharan African countries, examining the content of laws across the GHSA Action Packages, analyzing the legal domains necessary to implement each Action Package, and highlighting specific national laws that reflect attributes of each legal domain. © The Author 2017. Published by Oxford University Press; all rights reserved. For Permissions, please email: journals.permissions@oup.com.

Meeting the Privacy Requirements for the Development of a Multi-Centre Patient Registry in Canada: The Rick Hansen Spinal Cord Injury Registry

PubMed Central

Noonan, Vanessa K.; Thorogood, Nancy P.; Joshi, Phalgun B.; Fehlings, Michael G.; Craven, B. Catharine; Linassi, Gary; Fourney, Daryl R.; Kwon, Brian K.; Bailey, Christopher S.; Tsai, Eve C.; Drew, Brian M.; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F.

2013-01-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. PMID:23968640

The Impact of Changing Financial Work Incentives on the Earnings of Social Security Disability Insurance (SSDI) Beneficiaries

ERIC Educational Resources Information Center

Weathers, Robert R., II; Hemmeter, Jeffrey

2011-01-01

SSDI beneficiaries lose their entire cash benefit if they perform work that is substantial gainful activity (SGA) after using Social Security work incentive programs. The complete loss of benefits might be a work disincentive for beneficiaries. We report results from a pilot project that replaces the complete loss of benefits with a gradual…

Exploring Robust and Resilient Pathways to Water Security (Invited)

NASA Astrophysics Data System (ADS)

Brown, C. M.

2013-12-01

Lack of water security and the resultant cumulative effects of water-related hazards are understood to hinder economic growth throughout the world. Traditional methods for achieving water security as exemplified in the industrialized world have exerted negative externalities such as degradation of aquatic ecosystems. There is also growing concern that such methods may not be robust to climate variability change. It has been proposed that alternative pathways to water security must be followed in the developing world. However, it is not clear such pathways currently exist and there is an inherent moral hazard in such recommendations. This presentation will present a multidimensional definition of water security, explore the conflict in norms between engineering and ecologically oriented communities, and present a framework synthesizing those norms for assessing and innovating robust and resilient pathways to water security.

Security Verification Techniques Applied to PatchLink COTS Software

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Powell, John D.; Bishop, Matt; Andrew, Chris; Jog, Sameer

2006-01-01

Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propulsion Laboratory (JPL) and the University of California at Davis (UC Davis). Two security verification instruments were developed and then piloted on PatchLink's UNIX Agent, a Commercial-Off-The-Shelf (COTS) software product, to assess the value of the instruments and the approach. The two instruments are the Flexible Modeling Framework (FMF) -- a model-based verification instrument (JPL), and a Property-Based Tester (UC Davis). Security properties were formally specified for the COTS artifact and then verified using these instruments. The results were then reviewed to determine the effectiveness of the approach and the security of the COTS product.

Data governance in predictive toxicology: A review.

PubMed

Fu, Xin; Wojak, Anna; Neagu, Daniel; Ridley, Mick; Travis, Kim

2011-07-13

Due to recent advances in data storage and sharing for further data processing in predictive toxicology, there is an increasing need for flexible data representations, secure and consistent data curation and automated data quality checking. Toxicity prediction involves multidisciplinary data. There are hundreds of collections of chemical, biological and toxicological data that are widely dispersed, mostly in the open literature, professional research bodies and commercial companies. In order to better manage and make full use of such large amount of toxicity data, there is a trend to develop functionalities aiming towards data governance in predictive toxicology to formalise a set of processes to guarantee high data quality and better data management. In this paper, data quality mainly refers in a data storage sense (e.g. accuracy, completeness and integrity) and not in a toxicological sense (e.g. the quality of experimental results). This paper reviews seven widely used predictive toxicology data sources and applications, with a particular focus on their data governance aspects, including: data accuracy, data completeness, data integrity, metadata and its management, data availability and data authorisation. This review reveals the current problems (e.g. lack of systematic and standard measures of data quality) and desirable needs (e.g. better management and further use of captured metadata and the development of flexible multi-level user access authorisation schemas) of predictive toxicology data sources development. The analytical results will help to address a significant gap in toxicology data quality assessment and lead to the development of novel frameworks for predictive toxicology data and model governance. While the discussed public data sources are well developed, there nevertheless remain some gaps in the development of a data governance framework to support predictive toxicology. In this paper, data governance is identified as the new challenge in predictive toxicology, and a good use of it may provide a promising framework for developing high quality and easy accessible toxicity data repositories. This paper also identifies important research directions that require further investigation in this area.

Data governance in predictive toxicology: A review

PubMed Central

2011-01-01

Background Due to recent advances in data storage and sharing for further data processing in predictive toxicology, there is an increasing need for flexible data representations, secure and consistent data curation and automated data quality checking. Toxicity prediction involves multidisciplinary data. There are hundreds of collections of chemical, biological and toxicological data that are widely dispersed, mostly in the open literature, professional research bodies and commercial companies. In order to better manage and make full use of such large amount of toxicity data, there is a trend to develop functionalities aiming towards data governance in predictive toxicology to formalise a set of processes to guarantee high data quality and better data management. In this paper, data quality mainly refers in a data storage sense (e.g. accuracy, completeness and integrity) and not in a toxicological sense (e.g. the quality of experimental results). Results This paper reviews seven widely used predictive toxicology data sources and applications, with a particular focus on their data governance aspects, including: data accuracy, data completeness, data integrity, metadata and its management, data availability and data authorisation. This review reveals the current problems (e.g. lack of systematic and standard measures of data quality) and desirable needs (e.g. better management and further use of captured metadata and the development of flexible multi-level user access authorisation schemas) of predictive toxicology data sources development. The analytical results will help to address a significant gap in toxicology data quality assessment and lead to the development of novel frameworks for predictive toxicology data and model governance. Conclusions While the discussed public data sources are well developed, there nevertheless remain some gaps in the development of a data governance framework to support predictive toxicology. In this paper, data governance is identified as the new challenge in predictive toxicology, and a good use of it may provide a promising framework for developing high quality and easy accessible toxicity data repositories. This paper also identifies important research directions that require further investigation in this area. PMID:21752279

End-to-End Verification of Information-Flow Security for C and Assembly Programs

DTIC Science & Technology

2016-04-01

seL4 security verification [18] avoids this issue in the same way. In that work, the authors frame their solution as a restriction that disallows...identical: (σ, σ′1) ∈ TM ∧ (σ, σ′2) ∈ TM =⇒ Ol(σ′1) = Ol(σ′2) The successful security verifications of both seL4 and mCertiKOS provide reasonable...evidence that this restriction on specifications is not a major hindrance for usability. Unlike the seL4 verification, however, our framework runs into a

BIOS Security Analysis and a Kind of Trusted BIOS

NASA Astrophysics Data System (ADS)

Zhou, Zhenliu; Xu, Rongsheng

The BIOS's security threats to computer system are analyzed and security requirements for firmware BIOS are summarized in this paper. Through discussion about TCG's trust transitivity, a new approach about CRTM implementation based on BIOS is developed. In this paper, we also put forward a new trusted BIOS architecture-UTBIOS which is built on Intel Framework for EFI/UEFI. The trustworthiness of UTBIOS is based on trusted hardware TPM. In UTBIOS, trust encapsulation and trust measurement are used to construct pre-OS trust chain. Performance of trust measurement is also analyzed in the end.

20 CFR 422.1 - Organization and functions.

Code of Federal Regulations, 2011 CFR

2011-04-01

....1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION ORGANIZATION AND PROCEDURES Organization and Functions of the Social Security Administration § 422.1 Organization and functions. (a) General. A complete description of the organization and functions of the Social Security Administration (pursuant to 5 U.S.C. 552...

20 CFR 422.1 - Organization and functions.

Code of Federal Regulations, 2010 CFR

2010-04-01

....1 Employees' Benefits SOCIAL SECURITY ADMINISTRATION ORGANIZATION AND PROCEDURES Organization and Functions of the Social Security Administration § 422.1 Organization and functions. (a) General. A complete description of the organization and functions of the Social Security Administration (pursuant to 5 U.S.C. 552...

Multi-Disciplinary Analysis and Optimization Frameworks

NASA Technical Reports Server (NTRS)

Naiman, Cynthia Gutierrez

2009-01-01

Since July 2008, the Multidisciplinary Analysis & Optimization Working Group (MDAO WG) of the Systems Analysis Design & Optimization (SAD&O) discipline in the Fundamental Aeronautics Program s Subsonic Fixed Wing (SFW) project completed one major milestone, Define Architecture & Interfaces for Next Generation Open Source MDAO Framework Milestone (9/30/08), and is completing the Generation 1 Framework validation milestone, which is due December 2008. Included in the presentation are: details of progress on developing the Open MDAO framework, modeling and testing the Generation 1 Framework, progress toward establishing partnerships with external parties, and discussion of additional potential collaborations

Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework

NASA Astrophysics Data System (ADS)

Tsigkritis, Theocharis; Spanoudakis, George; Kloukinas, Christos; Lorenzoli, Davide

The SERENITY monitoring framework offers mechanisms for diagnosing the causes of violations of security and dependability (S&D) properties and detecting potential violations of such properties, called "Cthreats". Diagnostic information and threat detection are often necessary for deciding what an appropriate reaction to a violation is and taking pre-emptive actions against predicted violations, respectively. In this chapter, we describe the mechanisms of the SERENITY monitoring framework which generate diagnostic information for violations of S&D properties and detecting threats.

17 CFR 239.38 - Form F-8, for registration under the Securities Act of 1933 of securities of certain Canadian...

Code of Federal Regulations, 2010 CFR

2010-04-01

... completed fiscal years immediately prior to the business combination, when combined with the listing history... offers or a business combination. 239.38 Section 239.38 Commodity and Securities Exchanges SECURITIES AND... issuers to be issued in exchange offers or a business combination. (a) Form F-8 may be used for...

17 CFR 239.41 - Form F-80, for registration under the Securities Act of 1933 of securities of certain Canadian...

Code of Federal Regulations, 2010 CFR

2010-04-01

... completed fiscal years immediately prior to the business combination, when combined with the listing history... offers or a business combination. 239.41 Section 239.41 Commodity and Securities Exchanges SECURITIES AND... issuers to be issued in exchange offers or a business combination. (a) Form F-80 may be used for...

17 CFR 301.300a - Form 300-A, for summary of buy-ins or sell-outs of all open contractual commitments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form 300-A, for summary of buy... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 FORMS, SECURITIES INVESTOR PROTECTION CORPORATION Forms for Closeout Or Completion of Open Contractual Commitments § 301.300a...

Logistics Composite Model (LCOM) Workbook

DTIC Science & Technology

1976-06-01

nc;-J to e UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE (When Dots Ew.ervol. REPORT DOCUMENTATION PAGE READ INSTRUCTIONS BEFORE COMPLETING FORM I...Controlling Office) 15. SECURITY CLASS. (of this report) Unclassified 158. DECLASSIFICATIONDOWNGRADING SCHEDULE 16. DISTRIBUTION STATEMENT (of this Report...ID SECURITY CLASSIFICATION OF THIS PAGE (When Des Entered) K7 UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE(Whon Dal Entore o l Logic networks

SRI PUFF 8 Computer Program for One-Dimensional Stress Wave Propagation

DTIC Science & Technology

1980-03-01

raial product. UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE (Tfhen Data Entered) REPORT DOCUMENTATION PAGE READ INSTRUCTIONS BEFORE COMPLETING...EDITION OF I NOV 6S (S OBSOLETE UNCLASSIFIED SECURITY CLASSIFICATIOK OF THIS PAGE (When Data Entered) UNCLASSIFIED SECURITY CLASSIFICATION OF THIS...aspects of wave propagation calculations. UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGEfWhen Data Entered) FOREWORD This volume constitutes a

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET

PubMed Central

N. Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

2016-01-01

Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks. PMID:27285146

A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs

NASA Astrophysics Data System (ADS)

Elahi, Golnaz; Yu, Eric

In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for "good enough" security, given the competing demands from many parties. In this paper, we examine how conceptual modeling can provide explicit and systematic support for analyzing security trade-offs. After considering the desirable criteria for conceptual modeling methods, we examine several existing approaches for dealing with security trade-offs. From analyzing the limitations of existing methods, we propose an extension to the i* framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches.

Threat driven modeling framework using petri nets for e-learning system.

PubMed

Khamparia, Aditya; Pandey, Babita

2016-01-01

Vulnerabilities at various levels are main cause of security risks in e-learning system. This paper presents a modified threat driven modeling framework, to identify the threats after risk assessment which requires mitigation and how to mitigate those threats. To model those threat mitigations aspects oriented stochastic petri nets are used. This paper included security metrics based on vulnerabilities present in e-learning system. The Common Vulnerability Scoring System designed to provide a normalized method for rating vulnerabilities which will be used as basis in metric definitions and calculations. A case study has been also proposed which shows the need and feasibility of using aspect oriented stochastic petri net models for threat modeling which improves reliability, consistency and robustness of the e-learning system.

JACOB: an enterprise framework for computational chemistry.

PubMed

Waller, Mark P; Dresselhaus, Thomas; Yang, Jack

2013-06-15

Here, we present just a collection of beans (JACOB): an integrated batch-based framework designed for the rapid development of computational chemistry applications. The framework expedites developer productivity by handling the generic infrastructure tier, and can be easily extended by user-specific scientific code. Paradigms from enterprise software engineering were rigorously applied to create a scalable, testable, secure, and robust framework. A centralized web application is used to configure and control the operation of the framework. The application-programming interface provides a set of generic tools for processing large-scale noninteractive jobs (e.g., systematic studies), or for coordinating systems integration (e.g., complex workflows). The code for the JACOB framework is open sourced and is available at: www.wallerlab.org/jacob. Copyright © 2013 Wiley Periodicals, Inc.

17 CFR 300.300 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Closeout Or Completion of Open...) of the Securities Investor Protection Act of 1970, as amended (hereinafter referred to as “the Act... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Definitions. 300.300 Section...

20 CFR 401.65 - How to correct your record.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 401.65 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS..., complete, relevant, or necessary to the administration of a social security program. To amend or correct... social security office can help you prepare the request. You should submit any available evidence to...

CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection

PubMed Central

Dai, Huning; Murphy, Christian; Kaiser, Gail

2010-01-01

Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, we present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants” that, if violated, indicate a vulnerability. We discuss the approach and introduce a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. We also present the results of case studies that demonstrate the approach’s feasibility and evaluate its performance. PMID:21037923

Digital Dimension Disruption: A National Security Enterprise Response

DTIC Science & Technology

2017-12-21

societal institutions, methods of business, and fundamental ideas about national security. This realignment will, of necessity, change the frameworks...humans did calculations and searched for information. In the past quarter century, human use of computers has changed fundamentally , but com- mon...the nature of data is, itself, undergoing a fundamental change. The terms “bespoke data” (from the British term for cus- tom-tailored) and “by

Joint Combined Exchange Training Evaluation Framework: A Crucial Tool in Security Cooperation Assessment

DTIC Science & Technology

2015-12-01

DOD, joint, or armed service component’s manuals , and other publications . Obviously, JCETs fall under the broader spectrum of security cooperation...NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release; distribution is unlimited JOINT COMBINED...No. 0704–0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing

Assessing Irregular Warfare: A Framework for Intelligence Analysis

DTIC Science & Technology

2008-01-01

AND HEALTH CARE INTERNATIONAL AFFAIRS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND TECHNOLOGY SUBSTANCE ABUSE TERRORISM AND...Interim FSTC Foreign Science and Technology Center GMI general military intelligence IED improvised explosive device INSCOM Intelligence and Security...ground forces intelligence in the Department of Defense (DoD).1 NGIC was created in March 1995, when the U.S. Army Foreign Science and Technology

75 FR 41264 - Self-Regulatory Organizations; NYSE Amex LLC; Notice of Filing of Amendment Nos. 2 and 3, and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-15

... Exchange proposes to trade Nasdaq Securities within the existing DMM and SLP framework used to trade its... member organization will not be permitted to be registered as both the DMM Unit and an SLP for the same... Nasdaq Securities to a different DMM Unit or to a different SLP or SLPs. \\5\\ A representative of NYSE...

The Journal of the Naval Postgraduate School Center for Homeland Defense and Security. Volume 6. Issue 3

DTIC Science & Technology

2010-09-01

genetic relationships between kin.33 Regardless of the underlying mechanism, individual symbiotic relationships can confer multiple benefits to the...allocation guidelines for homeland security and emergency management policymakers. The framework provides an operationally relevant rubric for...S. Wells, The Journey of Man: A Genetic Odyssey (Princeton, NJ: Princeton University Press, 2002). 4 A. Jakubowicz, “Anglo-multiculturalism

A Framework For Dynamic Subversion

DTIC Science & Technology

2003-06-01

informal methods. These methods examine the security requirements, security specification, also called the Formal Top Level Specification and its ...not be always invoked due to its possible deactivation by errant or malicious code. Further, the RVM, if no separation exists between the kernel...that this thesis focused on, is the means by which the dynamic portion of the artifice finds space to operate or is loaded, is relocated in its

Shared Awareness in Times of Crisis: A Framework for Collaboration

DTIC Science & Technology

2011-06-01

also affords a “ dashboard ” perspective allowing for centralization of resources. The U.S. Army’s Knowledge Online portal is one example of a single...labor, energy, materials, information, cash and technology into outputs of higher value • Organization’s values (criteria that managers and...follows: Challenges - Disabilities Inter-Organizational Cross-Organizational Privacy and Security high security (portal) blocks information flow Trust

[Ecological security early-warning in Zhoushan Islands based on variable weight model].

PubMed

Zhou, Bin; Zhong, Lin-sheng; Chen, Tian; Zhou, Rui

2015-06-01

Ecological security early warning, as an important content of ecological security research, is of indicating significance in maintaining regional ecological security. Based on driving force, pressure, state, impact and response (D-P-S-I-R) framework model, this paper took Zhoushan Islands in Zhejiang Province as an example to construct the ecological security early warning index system, test degrees of ecological security early warning of Zhoushan Islands from 2000 to 2012 by using the method of variable weight model, and forecast ecological security state of 2013-2018 by Markov prediction method. The results showed that the variable weight model could meet the study needs of ecological security early warning of Zhoushan Islands. There was a fluctuant rising ecological security early warning index from 0.286 to 0.484 in Zhoushan Islands between year 2000 and 2012, in which the security grade turned from "serious alert" into " medium alert" and the indicator light turned from "orange" to "yellow". The degree of ecological security warning was "medium alert" with the light of "yellow" for Zhoushan Islands from 2013 to 2018. These findings could provide a reference for ecological security maintenance of Zhoushan Islands.

Method for secure electronic voting system: face recognition based approach

NASA Astrophysics Data System (ADS)

Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

2017-06-01

In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

Complexity Studies and Security in the Complex World: An Epistemological Framework of Analysis

NASA Astrophysics Data System (ADS)

Mesjasz, Czeslaw

The impact of systems thinking can be found in numerous security-oriented research, beginning from the early works on international system: Pitrim Sorokin, Quincy Wright, first models of military conflict and war: Frederick Lanchester, Lewis F. Richardson, national and military security (origins of RAND Corporation), through development of game theory-based conflict studies, International Relations, classical security studies of Morton A. Kaplan, Karl W. Deutsch [Mesjasz 1988], and ending with contemporary ideas of broadened concepts of security proposed by the Copenhagen School [Buzan et al 1998]. At present it may be even stated that the new military and non-military threats to contemporary complex society, such as low-intensity conflicts, regional conflicts, terrorism, environmental disturbances, etc. cannot be embraced without ideas taken from modern complex systems studies.

DOD/COCOM Water Security Program Strategy Document

DTIC Science & Technology

2011-04-22

in alignment with USG foreign policy objectives? The following discussion and appendices provide a framework to facilitate this process for DOD...USG foreign policy objectives? The following discussion and appendices provide a framework to facilitate this process for DOD. DOD/COCOM Water...technology, etc. Because water resources often cross political boundaries on a regional scale, focusing water scarcity initiatives on this level

Towards a global water scarcity risk assessment framework: using scenarios and risk distributions

NASA Astrophysics Data System (ADS)

Veldkamp, Ted; Wada, Yoshihide; Aerts, Jeroen; Ward, Philip

2016-04-01

Over the past decades, changing hydro-climatic and socioeconomic conditions have led to increased water scarcity problems. A large number of studies have shown that these water scarcity conditions will worsen in the near future. Despite numerous calls for risk-based assessments of water scarcity, a framework that includes UNISDR's definition of risk does not yet exist at the global scale. This study provides a first step towards such a risk-based assessment, applying a Gamma distribution to estimate water scarcity conditions at the global scale under historic and future conditions, using multiple climate change projections and socioeconomic scenarios. Our study highlights that water scarcity risk increases given all future scenarios, up to >56.2% of the global population in 2080. Looking at the drivers of risk, we find that population growth outweigh the impacts of climate change at global and regional scales. Using a risk-based method to assess water scarcity in terms of Expected Annual Exposed Population, we show the results to be less sensitive than traditional water scarcity assessments to the use of fixed threshold to represent different levels of water scarcity. This becomes especially important when moving from global to local scales, whereby deviations increase up to 50% of estimated risk levels. Covering hazard, exposure, and vulnerability, risk-based methods are well-suited to assess water scarcity adaptation. Completing the presented risk framework therefore offers water managers a promising perspective to increase water security in a well-informed and adaptive manner.

[The 20th century legal framework regarding risk at work and occupational health in Colombia].

PubMed

Arango-Soler, Juan M; Luna-García, Jairo E; Correa-Moreno, Yerson A; Campos, Adriana C

2013-01-01

Analyzing the 20th century Colombian legal framework from the point of view of labor law, social security and public health for identifying concepts regarding occupational health and professional risk and trying to establish convergence and differences between such foci and whether they fulfilled a complementary view. This work involved documentary research by means of thematic categorical analysis of the laws and statutes promulgated in 20th century Colombia, considering the main element or entity which should have regulated that related to professional risk or occupational health. The development of the 20th century Colombian legal framework regarding health at work was periodized, revealing the predominance of a view of social law focused on protecting dependent workers' work-related risks, as part of a tendency extending to the Colombian Sistema General de Riesgos Laborales. The proposed stages used for organizing the legal framework concerning social security regarding professional risk and occupational health facilitated some important elements being recognized concerning the social, legal and institutional context from which workers' health laws emerged. Tension was noted concerning statutes orientated towards redress and compensation regarding accidents at work and legislation emphasizing prevention.

DOES TRAINING IN THE CIRCLE OF SECURITY FRAMEWORK INCREASE RELATIONAL UNDERSTANDING IN INFANT/CHILD AND FAMILY WORKERS?

PubMed

McMahon, Catherine; Huber, Anna; Kohlhoff, Jane; Camberis, Anna-Lisa

2017-09-01

This article evaluated whether attendance at Circle of Security training workshops resulted in attendees showing greater empathy and attachment-related knowledge and understanding, and fewer judgmental responses to viewing a stressful parent-child interaction. Participants were 202 practitioners who attended and completed a 2-day (n = 70), 4-day (n = 105), or 10-day (n = 27) COS training workshop in Australia or New Zealand in 2015. In a pre/post design, participant reactions to a video clip of a challenging parent-child interaction were coded for empathic, judgmental, or attachment-focused language. Attachment understanding was coded in response to questions about the greatest challenge that the dyad faced. In all training conditions, participants provided significantly more attachment-focused descriptors and showed significantly greater attachment understanding after training, but significantly fewer empathic descriptors. While participants at the longer workshops provided significantly fewer judgmental/critical descriptors, there was no change for those attending the 2-day workshop. Irrespective of workshop duration or professional background, participants took a more relational perspective on the vignette after the training workshops. More detailed research is required to establish the extent to which this increased knowledge and understanding is retained and integrated into infant mental health practice with parents and young children. © 2017 Michigan Association for Infant Mental Health.

Using Distributed Data over HBase in Big Data Analytics Platform for Clinical Services

PubMed Central

Zamani, Hamid

2017-01-01

Big data analytics (BDA) is important to reduce healthcare costs. However, there are many challenges of data aggregation, maintenance, integration, translation, analysis, and security/privacy. The study objective to establish an interactive BDA platform with simulated patient data using open-source software technologies was achieved by construction of a platform framework with Hadoop Distributed File System (HDFS) using HBase (key-value NoSQL database). Distributed data structures were generated from benchmarked hospital-specific metadata of nine billion patient records. At optimized iteration, HDFS ingestion of HFiles to HBase store files revealed sustained availability over hundreds of iterations; however, to complete MapReduce to HBase required a week (for 10 TB) and a month for three billion (30 TB) indexed patient records, respectively. Found inconsistencies of MapReduce limited the capacity to generate and replicate data efficiently. Apache Spark and Drill showed high performance with high usability for technical support but poor usability for clinical services. Hospital system based on patient-centric data was challenging in using HBase, whereby not all data profiles were fully integrated with the complex patient-to-hospital relationships. However, we recommend using HBase to achieve secured patient data while querying entire hospital volumes in a simplified clinical event model across clinical services. PMID:29375652

Using Distributed Data over HBase in Big Data Analytics Platform for Clinical Services.

PubMed

Chrimes, Dillon; Zamani, Hamid

2017-01-01

Big data analytics (BDA) is important to reduce healthcare costs. However, there are many challenges of data aggregation, maintenance, integration, translation, analysis, and security/privacy. The study objective to establish an interactive BDA platform with simulated patient data using open-source software technologies was achieved by construction of a platform framework with Hadoop Distributed File System (HDFS) using HBase (key-value NoSQL database). Distributed data structures were generated from benchmarked hospital-specific metadata of nine billion patient records. At optimized iteration, HDFS ingestion of HFiles to HBase store files revealed sustained availability over hundreds of iterations; however, to complete MapReduce to HBase required a week (for 10 TB) and a month for three billion (30 TB) indexed patient records, respectively. Found inconsistencies of MapReduce limited the capacity to generate and replicate data efficiently. Apache Spark and Drill showed high performance with high usability for technical support but poor usability for clinical services. Hospital system based on patient-centric data was challenging in using HBase, whereby not all data profiles were fully integrated with the complex patient-to-hospital relationships. However, we recommend using HBase to achieve secured patient data while querying entire hospital volumes in a simplified clinical event model across clinical services.

Medical intelligence, security and global health: the foundations of a new health agenda.

PubMed

Bowsher, G; Milner, C; Sullivan, R

2016-07-01

Medical intelligence, security and global health are distinct fields that often overlap, especially as the drive towards a global health security agenda gathers pace. Here, we outline some of the ways in which this has happened in the recent past during the recent Ebola epidemic in West Africa and in the killing of Osama Bin laden by US intelligence services. We evaluate medical intelligence and the role it can play in global health security; we also attempt to define a framework that illustrates how medical intelligence can be incorporated into foreign policy action in order delineate the boundaries and scope of this growing field. © The Royal Society of Medicine.

Conceptual framework to ensure water security in Ukraine

NASA Astrophysics Data System (ADS)

Gadzalo, Yaroslav; Romashchenko, Mykhailo; Yatsiuk, Mykhailo

2018-02-01

As a result of global climate change against the background of natural water supply deterioration and river water content reductions, nowadays Ukraine is facing the problem of environmental degradation of river basins. In light of this, we suggest that achieving an acceptable level of water security in Ukraine should be defined as the strategic objective of national water policy. The state of national water security should be evaluated by its progress in certain sectors. The basic principles of the new water policy of Ukraine are supposed to be represented in Water Strategy of Ukraine. Integrated water management by the basin principle should serve as the main tool for achieving the objectives of water security.

Towards a Relation Extraction Framework for Cyber-Security Concepts

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jones, Corinne L; Bridges, Robert A; Huffer, Kelly M

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised NLP and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting the desired relations. Preliminary testing on a smallmore » corpus shows promising results, obtaining precision of .82.« less

Prospective in-patient cohort study of moves between levels of therapeutic security: the DUNDRUM-1 triage security, DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales and the HCR-20.

PubMed

Davoren, Mary; O'Dwyer, Sarah; Abidin, Zareena; Naughton, Leena; Gibbons, Olivia; Doyle, Elaine; McDonnell, Kim; Monks, Stephen; Kennedy, Harry G

2012-07-13

We examined whether new structured professional judgment instruments for assessing need for therapeutic security, treatment completion and recovery in forensic settings were related to moves from higher to lower levels of therapeutic security and added anything to assessment of risk. This was a prospective naturalistic twelve month observational study of a cohort of patients in a forensic hospital placed according to their need for therapeutic security along a pathway of moves from high to progressively less secure units in preparation for discharge. Patients were assessed using the DUNDRUM-1 triage security scale, the DUNDRUM-3 programme completion scale and the DUNDRUM-4 recovery scale and assessments of risk of violence, self harm and suicide, symptom severity and global function. Patients were subsequently observed for positive moves to less secure units and negative moves to more secure units. There were 86 male patients at baseline with mean follow-up 0.9 years, 11 positive and 9 negative moves. For positive moves, logistic regression indicated that along with location at baseline, the DUNDRUM-1, HCR-20 dynamic and PANSS general symptom scores were associated with subsequent positive moves. The receiver operating characteristic was significant for the DUNDRUM-1 while ANOVA co-varying for both location at baseline and HCR-20 dynamic score was significant for DUNDRUM-1. For negative moves, logistic regression showed DUNDRUM-1 and HCR-20 dynamic scores were associated with subsequent negative moves, along with DUNDRUM-3 and PANSS negative symptoms in some models. The receiver operating characteristic was significant for the DUNDRUM-4 recovery and HCR-20 dynamic scores with DUNDRUM-1, DUNDRUM-3, PANSS general and GAF marginal. ANOVA co-varying for both location at baseline and HCR-20 dynamic scores showed only DUNDRUM-1 and PANSS negative symptoms associated with subsequent negative moves. Clinicians appear to decide moves based on combinations of current and imminent (dynamic) risk measured by HCR-20 dynamic score and historical seriousness of risk as measured by need for therapeutic security (DUNDRUM-1) in keeping with Scott's formulation of risk and seriousness. The DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales have utility as dynamic measures that can off-set perceived 'dangerousness'.

Prospective in-patient cohort study of moves between levels of therapeutic security: the DUNDRUM-1 triage security, DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales and the HCR-20

PubMed Central

2012-01-01

Background We examined whether new structured professional judgment instruments for assessing need for therapeutic security, treatment completion and recovery in forensic settings were related to moves from higher to lower levels of therapeutic security and added anything to assessment of risk. Methods This was a prospective naturalistic twelve month observational study of a cohort of patients in a forensic hospital placed according to their need for therapeutic security along a pathway of moves from high to progressively less secure units in preparation for discharge. Patients were assessed using the DUNDRUM-1 triage security scale, the DUNDRUM-3 programme completion scale and the DUNDRUM-4 recovery scale and assessments of risk of violence, self harm and suicide, symptom severity and global function. Patients were subsequently observed for positive moves to less secure units and negative moves to more secure units. Results There were 86 male patients at baseline with mean follow-up 0.9 years, 11 positive and 9 negative moves. For positive moves, logistic regression indicated that along with location at baseline, the DUNDRUM-1, HCR-20 dynamic and PANSS general symptom scores were associated with subsequent positive moves. The receiver operating characteristic was significant for the DUNDRUM-1 while ANOVA co-varying for both location at baseline and HCR-20 dynamic score was significant for DUNDRUM-1. For negative moves, logistic regression showed DUNDRUM-1 and HCR-20 dynamic scores were associated with subsequent negative moves, along with DUNDRUM-3 and PANSS negative symptoms in some models. The receiver operating characteristic was significant for the DUNDRUM-4 recovery and HCR-20 dynamic scores with DUNDRUM-1, DUNDRUM-3, PANSS general and GAF marginal. ANOVA co-varying for both location at baseline and HCR-20 dynamic scores showed only DUNDRUM-1 and PANSS negative symptoms associated with subsequent negative moves. Conclusions Clinicians appear to decide moves based on combinations of current and imminent (dynamic) risk measured by HCR-20 dynamic score and historical seriousness of risk as measured by need for therapeutic security (DUNDRUM-1) in keeping with Scott's formulation of risk and seriousness. The DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales have utility as dynamic measures that can off-set perceived 'dangerousness'. PMID:22794187

20 CFR 410.686c - Petition for approval of fee.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Section 410.686c Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL COAL MINE HEALTH AND SAFETY... performed before the Social Security Administration in any proceeding under the Act, a representative, upon completion of the proceedings in which he rendered services, must file at an office of the Social Security...

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

R2U2: Monitoring and Diagnosis of Security Threats for Unmanned Aerial Systems

NASA Technical Reports Server (NTRS)

Schumann, Johann; Moosbruger, Patrick; Rozier, Kristin Y.

2015-01-01

We present R2U2, a novel framework for runtime monitoring of security properties and diagnosing of security threats on-board Unmanned Aerial Systems (UAS). R2U2, implemented in FPGA hardware, is a real-time, REALIZABLE, RESPONSIVE, UNOBTRUSIVE Unit for security threat detection. R2U2 is designed to continuously monitor inputs from the GPS and the ground control station, sensor readings, actuator outputs, and flight software status. By simultaneously monitoring and performing statistical reasoning, attack patterns and post-attack discrepancies in the UAS behavior can be detected. R2U2 uses runtime observer pairs for linear and metric temporal logics for property monitoring and Bayesian networks for diagnosis of security threats. We discuss the design and implementation that now enables R2U2 to handle security threats and present simulation results of several attack scenarios on the NASA DragonEye UAS.

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

A Framework for Lab Work Management in Mass Courses. Application to Low Level Input/Output without Hardware

ERIC Educational Resources Information Center

Rodriguez, Santiago; Zamorano, Juan; Rosales, Francisco; Dopico, Antonio Garcia; Pedraza, Jose Luis

2007-01-01

This paper describes a complete lab work management framework designed and developed in the authors' department to help teachers to manage the small projects that students are expected to complete as lab assignments during their graduate-level computer engineering studies. The paper focuses on an application example of the framework to a specific…

Factor structure of the Essen Climate Evaluation Schema measure of social climate in a UK medium-security setting.

PubMed

Milsom, Sophia A; Freestone, Mark; Duller, Rachel; Bouman, Marisa; Taylor, Celia

2014-04-01

Social climate has an influence on a number of treatment-related factors, including service users' behaviour, staff morale and treatment outcomes. Reliable assessment of social climate is, therefore, beneficial within forensic mental health settings. The Essen Climate Evaluation Schema (EssenCES) has been validated in forensic mental health services in the UK and Germany. Preliminary normative data have been produced for UK high-security national health services and German medium-security and high-security services. We aim to validate the use of the EssenCES scale (English version) and provide preliminary normative data in UK medium-security hospital settings. The EssenCES scale was completed in a medium-security mental health service as part of a service-wide audit. A total of 89 patients and 112 staff completed the EssenCES. The three-factor structure of the EssenCES and its internal construct validity were maintained within the sample. Scores from this medium-security hospital sample were significantly higher than those from earlier high-security hospital data, with three exceptions--'patient cohesion' according to the patients and 'therapeutic hold' according to staff and patients. Our data support the use of the EssenCES scale as a valid measure for assessing social climate within medium-security hospital settings. Significant differences between the means of high-security and medium-security service samples imply that degree of security is a relevant factor affecting the ward climate and that in monitoring quality of secure services, it is likely to be important to apply different scores to reflect standards. Copyright © 2013 John Wiley & Sons, Ltd.

Quality Attribute Techniques Framework

NASA Astrophysics Data System (ADS)

Chiam, Yin Kia; Zhu, Liming; Staples, Mark

The quality of software is achieved during its development. Development teams use various techniques to investigate, evaluate and control potential quality problems in their systems. These “Quality Attribute Techniques” target specific product qualities such as safety or security. This paper proposes a framework to capture important characteristics of these techniques. The framework is intended to support process tailoring, by facilitating the selection of techniques for inclusion into process models that target specific product qualities. We use risk management as a theory to accommodate techniques for many product qualities and lifecycle phases. Safety techniques have motivated the framework, and safety and performance techniques have been used to evaluate the framework. The evaluation demonstrates the ability of quality risk management to cover the development lifecycle and to accommodate two different product qualities. We identify advantages and limitations of the framework, and discuss future research on the framework.

Social problem-solving interventions in medium secure settings for women.

PubMed

Long, C G; Fulton, B; Dolley, O; Hollin, C R

2011-10-01

Problem-solving interventions are a feature of overall medium secure treatment programmes. However, despite the relevance of such treatment to personality disorder there are few descriptions of such interventions for women. Beneficial effects for women who completed social problem-solving group treatment were evident on a number of psychometric assessments. A treatment non-completion rate of one-third raises questions of both acceptability and timing of cognitive behavioural interventions.

Toward an Integrated Executable Architecture and M&S Based Analysis for Counter Terrorism and Homeland Security

DTIC Science & Technology

2006-09-01

Lavoie, D. Kurts, SYNTHETIC ENVIRONMENTS AT THE ENTREPRISE LEVEL: OVERVIEW OF A GOVERNMENT OF CANADA (GOC), ACADEMIA and INDUSTRY DISTRIBUTED...vehicle (UAV) focused to locate the radiological source, and by comparing the performance of these assets in terms of various capability based...framework to analyze homeland security capabilities • Illustrate how a rapidly configured distributed simulation involving academia, industry and

The Cognitive Battlefield: A Framework for Strategic Communications

DTIC Science & Technology

2011-12-01

York: Alfred A. Knopf Publishers, 1993), 83. 35 Richard Ned Lebow, “Thucydides and Deterrence,” Security Studies, 16:2, 163-188. 36 Brayton Harris...University Press of Kansas, 2004. Harris, Brayton . Blue & Gray in Black & White: Newspapers in the Civil War. Washington DC: Brassey’s Inc...Army Capabilities. Santa Monica, CA: Rand Arroyo Center, 2009. Lebel, Udi. Communicating Security. New York, Routledge Taylor and Francis Group, 2008

Five-Year Research and Development Plan, Fiscal Years 2008-2013

DTIC Science & Technology

2008-08-01

protect our interior 1.l.1 Deploy a mix of infrastructure, technology, and personnel on the Southwest border to ensure all illegal activity along...requirements into a systems model. FY 2009: • Review the System of Systems model and ensure it correctly addresses SBI requirements. FY 2010... on a ship). This security architecture provides the framework within which DHS will incorporate their near-term CSD and future container security

U.S. Foreign Aid to East and South Asia: Selected Recipients

DTIC Science & Technology

2007-08-22

foreign policy and national security goals and respond to global development and humanitarian needs through its foreign assistance programs . In the past...national security strategy.1 Within this context, the Bush Administration reoriented U.S. foreign assistance programs : aid to “front line” states...building as major goals of foreign aid. Toward these ends, the new Strategic Framework for U.S. Foreign Assistance divides aid programming among five

Focus on Resiliency: A Process Improvement Approach to Security Introducing the Resiliency Engineering Framework

DTIC Science & Technology

2006-11-06

operational environment -1 No operational boundaries Pervasiveness of technology Expanding and rapidly changing risk profile High dependency on upstream...partners Successes are short-lived Skills have shorter longevity Less resources, more demands 5 © 2006 Carnegie Mellon University y Resiliency...involved Usually bolted on as an afterthought Security seen as technical problem Searching for magic bullet: CobiT , ITIL, ISO17799 Poorly defined and

Does Homeland Security Constitute an Emerging Academic Discipline?

DTIC Science & Technology

2013-03-01

Postgraduate School NSA National Security Agency OED Oxford English Dictionary U.S. United States xiv THIS PAGE INTENTIONALLY LEFT BLANK xv...Curriculum Design: A Case Study in Neuroscience ,” The Journal of Undergraduate Neuroscience Education 10, no. 1 (2011): A71–A79. 37 physical reaction...article entitled, “A Conceptual Framework for Interdisciplinary Curriculum Design: A Case Study in Neuroscience :”140 Table 2. An Overview of

A Secure Multicast Framework in Large and High-Mobility Network Groups

NASA Astrophysics Data System (ADS)

Lee, Jung-San; Chang, Chin-Chen

With the widespread use of Internet applications such as Teleconference, Pay-TV, Collaborate tasks, and Message services, how to construct and distribute the group session key to all group members securely is becoming and more important. Instead of adopting the point-to-point packet delivery, these emerging applications are based upon the mechanism of multicast communication, which allows the group member to communicate with multi-party efficiently. There are two main issues in the mechanism of multicast communication: Key Distribution and Scalability. The first issue is how to distribute the group session key to all group members securely. The second one is how to maintain the high performance in large network groups. Group members in conventional multicast systems have to keep numerous secret keys in databases, which makes it very inconvenient for them. Furthermore, in case that a member joins or leaves the communication group, many involved participants have to change their own secret keys to preserve the forward secrecy and the backward secrecy. We consequently propose a novel version for providing secure multicast communication in large network groups. Our proposed framework not only preserves the forward secrecy and the backward secrecy but also possesses better performance than existing alternatives. Specifically, simulation results demonstrate that our scheme is suitable for high-mobility environments.

System architecture of communication infrastructures for PPDR organisations

NASA Astrophysics Data System (ADS)

Müller, Wilmuth

2017-04-01

The growing number of events affecting public safety and security (PS and S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on organizations responsible for PS and S. In order to respond timely and in an adequate manner to such events Public Protection and Disaster Relief (PPDR) organizations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies do not provide broadband capability, which is a major limitation in supporting new services hence new information flows and currently they have no successor. There is also no known standard that addresses interoperability of these technologies. The paper at hands provides an approach to tackle the above mentioned aspects by defining an Enterprise Architecture (EA) of PPDR organizations and a System Architecture of next generation PPDR communication networks for a variety of applications and services on broadband networks, including the ability of inter-system, inter-agency and cross-border operations. The Open Safety and Security Architecture Framework (OSSAF) provides a framework and approach to coordinate the perspectives of different types of stakeholders within a PS and S organization. It aims at bridging the silos in the chain of commands and on leveraging interoperability between PPDR organizations. The framework incorporates concepts of several mature enterprise architecture frameworks including the NATO Architecture Framework (NAF). However, OSSAF is not providing details on how NAF should be used for describing the OSSAF perspectives and views. In this contribution a mapping of the NAF elements to the OSSAF views is provided. Based on this mapping, an EA of PPDR organizations with a focus on communication infrastructure related capabilities is presented. Following the capability modeling, a system architecture for secure and interoperable communication infrastructures for PPDR organizations is presented. This architecture was implemented within a project sponsored by the European Union and successfully demonstrated in a live validation exercise in June 2016.

Developing a Regional Recovery Framework

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lesperance, Ann M.; Olson, Jarrod; Stein, Steven L.

2011-09-01

Abstract A biological attack would present an unprecedented challenge for local, state, and federal agencies; the military; the private sector; and individuals on many fronts ranging from vaccination and treatment to prioritization of cleanup actions to waste disposal. To prepare the Seattle region to recover from a biological attack, the Seattle Urban Area Security Initiative (UASI) partners collaborated with military and federal agencies to develop a Regional Recovery Framework for a Biological Attack in the Seattle Urban Area. The goal was to reduce the time and resources required to recover and restore wide urban areas, military installations, and other criticalmore » infrastructure following a biological incident by providing a coordinated systems approach. Based on discussions in small workshops, tabletop exercises, and interviews with emergency response agency staff, the partners identified concepts of operation for various areas to address critical issues the region will face as recovery progresses. Key to this recovery is the recovery of the economy. Although the Framework is specific to a catastrophic, wide-area biological attack using anthrax, it was designed to be flexible and scalable so it could also serve as the recovery framework for an all-hazards approach. The Framework also served to coalesce policy questions that must be addressed for long-term recovery. These questions cover such areas as safety and health, security, financial management, waste management, legal issues, and economic development.« less

33 CFR 105.410 - Submission and approval.

Code of Federal Regulations, 2010 CFR

2010-07-01

... operational characteristics of each facility and must complete a separate Facility Vulnerability and Security Measures Summary (Form CG-6025), in appendix A to part 105—Facility Vulnerability and Security Measures...

Recovery and concordance in a secure forensic psychiatry hospital - the self rated DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales.

PubMed

Davoren, Mary; Hennessy, Sarah; Conway, Catherine; Marrinan, Seamus; Gill, Pauline; Kennedy, Harry G

2015-03-28

Detention in a secure forensic psychiatric hospital may inhibit engagement and recovery. Having validated the clinician rated DUNDRUM-3 (programme completion) and DUNDRUM-4 (recovery) in a forensic hospital, we set out to draft and validate scales measuring the same programme completion and recovery items that patients could use to self-rate. Based on previous work, we hypothesised that self-rating scores might be predictors of objective progress including conditional discharge. We hypothesised also that the difference between patients' and clinicians' ratings of progress in treatment and other factors relevant to readiness for discharge (concordance) would diminish as patients neared discharge. We hypothesised also that this difference in matched scores would predict objective progress including conditional discharge. In a prospective naturalistic observational cohort study in a forensic hospital, we examined whether scores on the self-rated DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales or differences between clinician and patient ratings on the same scales (concordance) would predict moves between levels of therapeutic security and conditional discharge over the next twelve months. Both scales stratified along the recovery pathway of the hospital, but clinician ratings matched the level of therapeutic security more accurately than self ratings. The clinician rated scales predicted moves to less secure units and to more secure units and predicted conditional discharge but the self-rated scores did not. The difference between clinician and self-rated scores (concordance) predicted positive and negative moves and conditional discharge, but this was not always an independent predictor as shown by regression analysis. In regression analysis the DUNDRUM-3 predicted moves to less secure places though the HCR-20 C & R score dominated the model. Moves back to more secure places were predicted by lack of concordance on the DUNDRUM-4. Conditional discharge was predicted predominantly by the DUNDRUM-3. Patients accurately self-rate relative to other patients however their absolute ratings were consistently lower (better) than clinicians' ratings and were less accurate predictors of outcomes including conditional discharge. Quantifying concordance is a useful part of the recovery process and predicts outcomes but self-ratings are not accurate predictors.

33 CFR 105.405 - Format and content of the Facility Security Plan (FSP).

Code of Federal Regulations, 2010 CFR

2010-07-01

... Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and... resubmission of the FSP. (c) The Facility Vulnerability and Security Measures Summary (Form CG-6025) must be completed using information in the FSA concerning identified vulnerabilities and information in the FSP...

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2010 CFR

2010-10-01

... threat assessments for cargo personnel in the United States. 1544.228 Section 1544.228 Transportation... COMMERCIAL OPERATORS Operations § 1544.228 Access to cargo and cargo screening: Security threat assessments... paragraph (b) of this section— (1) Each individual must successfully complete a security threat assessment...

76 FR 75781 - Treasury Inflation-Protected Securities Issued at a Premium

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-05

... Services and Enforcement. Emily S. McMahon, Acting Assistant Secretary of the Treasury (Tax Policy). [FR... principal amount of the security times the number of complete years to the security's maturity). In Notice... Administrative Procedure Act (5 U.S.C. chapter 5) does not apply to these regulations, and because the...

75 FR 34286 - Federal Acquisition Regulation; FAR Case 2009-018, Payrolls and Basic Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-16

... removed the requirement to submit complete social security numbers and home addresses of individual... of full social security numbers and home addresses of individual workers from the prime contractor on... for each employee (e.g., the last four digits of the employee's social security number). The...

EventSlider User Manual

DTIC Science & Technology

2016-09-01

is a Windows Presentation Foundation (WPF) control developed using the .NET framework in Microsoft Visual Studio. As a WPF control, it can be used in...any WPF application as a graphical visual element. The purpose of the control is to visually display time-related events as vertical lines on a...available on the control. 15. SUBJECT TERMS Windows Presentation Foundation, WPF, control, C#, .NET framework, Microsoft Visual Studio 16. SECURITY

A data protection framework for trans-European genetic research projects.

PubMed

Claerhout, Brecht; Forgó, Nikolaus; Krügel, Tina; Arning, Marian; De Moor, Georges

2008-01-01

The paper proposes a data protection framework for trans-European medical research projects, which is based on a technical security infrastructure as well as on organizational measures and contractual obligations. It mainly relies on pseudonymization, an internal Data Protection Authority and on a Trusted Third Party. The outcome is an environment that combines both good research conditions and an extensive protection of patients' privacy.

Design Methodology for Automated Construction Machines

DTIC Science & Technology

1987-12-11

along with the design of a pair of machines which automate framework installation.-,, 20. DISTRIBUTION IAVAILABILITY OF ABSTRACT 21. ABSTRACT SECURITY... Development Assistant Professor of Civil Engineering and Laura A . Demsetz, David H. Levy, Bruce Schena Graduate Research Assistants December 11, 1987 U.S...are discussed along with the design of a pair of machines which automate framework installation. Preliminary analysis and testing indicate that these

Education Imports and Exports in the Framework of the World Trade Organization and Adjustments of Education Legislation and Policy Making in China

ERIC Educational Resources Information Center

Mansheng, Zhou

2009-01-01

Commitments on trade in education services constitute a vital part of China's promises after securing World Trade Organization (WTO) membership. This paper provides a detailed analysis of the forms of educational imports and exports in the framework of WTO and examines the Chinese government's efforts to adjust education legislation and policy…

The Price of Uncertainty in Security Games

NASA Astrophysics Data System (ADS)

Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

In the realm of information security, lack of information about other users' incentives in a network can lead to inefficient security choices and reductions in individuals' payoffs. We propose, contrast and compare three metrics for measuring the price of uncertainty due to the departure from the payoff-optimal security outcomes under complete information. Per the analogy with other efficiency metrics, such as the price of anarchy, we define the price of uncertainty as the maximum discrepancy in expected payoff in a complete information environment versus the payoff in an incomplete information environment. We consider difference, payoffratio, and cost-ratio metrics as canonical nontrivial measurements of the price of uncertainty. We conduct an algebraic, numerical, and graphical analysis of these metrics applied to different well-studied security scenarios proposed in prior work (i.e., best shot, weakest-link, and total effort). In these scenarios, we study how a fully rational expert agent could utilize the metrics to decide whether to gather information about the economic incentives of multiple nearsighted and naïve agents. We find substantial differences between the various metrics and evaluate the appropriateness for security choices in networked systems.

Domestic water and sanitation as water security: monitoring, concepts and strategy

PubMed Central

Bradley, David J.; Bartram, Jamie K.

2013-01-01

Domestic water and sanitation provide examples of a situation where long-term, target-driven efforts have been launched with the objective of reducing the proportion of people who are water-insecure, most recently through the millennium development goals (MDGs) framework. Impacts of these efforts have been monitored by an increasingly evidence-based system, and plans for the next period of international policy, which are likely to aim at universal coverage with basic water and sanitation, are being currently developed. As distinct from many other domains to which the concept of water security is applied, domestic or personal water security requires a perspective that incorporates the reciprocal notions of provision and risk, as the current status of domestic water and sanitation security is dominated by deficiency This paper reviews the interaction of science and technology with policies, practice and monitoring, and explores how far domestic water can helpfully fit into the proposed concept of water security, how that is best defined, and how far the human right to water affects the situation. It is considered that they fit well together in terms both of practical planning of targets and indicators and as a conceptual framework to help development. The focus needs to be broad, to extend beyond households, to emphasize maintenance as well as construction and to increase equity of access. International and subnational monitoring need to interact, and monitoring results need to be meaningful to service providers as well as users. PMID:24080628

Development of a Dynamically Configurable, Object-Oriented Framework for Distributed, Multi-modal Computational Aerospace Systems Simulation

NASA Technical Reports Server (NTRS)

Afjeh, Abdollah A.; Reed, John A.

2003-01-01

The following reports are presented on this project:A first year progress report on: Development of a Dynamically Configurable,Object-Oriented Framework for Distributed, Multi-modal Computational Aerospace Systems Simulation; A second year progress report on: Development of a Dynamically Configurable, Object-Oriented Framework for Distributed, Multi-modal Computational Aerospace Systems Simulation; An Extensible, Interchangeable and Sharable Database Model for Improving Multidisciplinary Aircraft Design; Interactive, Secure Web-enabled Aircraft Engine Simulation Using XML Databinding Integration; and Improving the Aircraft Design Process Using Web-based Modeling and Simulation.

Social climate along the pathway of care in women's secure mental health service: variation with level of security, patient motivation, therapeutic alliance and level of disturbance.

PubMed

Long, C G; Anagnostakis, K; Fox, E; Silaule, P; Somers, J; West, R; Webster, A

2011-07-01

Social climate has been measured in a variety of therapeutic settings, but there is little information about it in secure mental health services, or how it may vary along a gender specific care pathway. To assess social climate in women's secure wards and its variation by level of security and ward type, therapeutic alliance, patient motivation, treatment engagement and disturbed behaviour. Three-quarters (80, 76%) of staff and nearly all (65, 92%) of patients in the two medium-security wards and two low-security wards that comprised the unit completed the Essen Climate Evaluation Schema (EssenCES) and the California Psychotherapy Alliance Scale (CALPAS); patients also completed the Patient Motivation Inventory (PMI). Pre-assessment levels of disturbed behaviour and treatment engagement were recorded. Social climate varied according to ward type and level of security. EssenCES ratings indicative of positive social climate were associated with lower levels of security; such ratings were also associated with lower behavioural disturbance and with higher levels of motivation, treatment engagement and therapeutic alliance. This serial cross-sectional survey indicated that use of the EssenCES alone might be a good practical measure of treatment progress/responsivity. A longitudinal study would be an important next step in establishing the extent to which it would be useful in this regard. Copyright © 2010 John Wiley & Sons, Ltd.

EFFICACY OF THE 20-WEEK CIRCLE OF SECURITY INTERVENTION: CHANGES IN CAREGIVER REFLECTIVE FUNCTIONING, REPRESENTATIONS, AND CHILD ATTACHMENT IN AN AUSTRALIAN CLINICAL SAMPLE.

PubMed

Huber, Anna; McMahon, Catherine A; Sweller, Naomi

2015-01-01

Circle of Security is an attachment theory based intervention that aims to promote secure parent-child attachment relationships. Despite extensive uptake of the approach, there is limited empirical evidence regarding efficacy. The current study examined whether participation in the 20-week Circle of Security intervention resulted in positive caregiver-child relationship change in four domains: caregiver reflective functioning; caregiver representations of the child and the relationship with the child; child attachment security, and attachment disorganization. Archived pre- and postintervention data were analyzed from 83 clinically referred caregiver-child dyads (child age: 13-88 months) who completed the Circle of Security intervention in sequential cohorts and gave permission for their data to be included in the study. Caregivers completed the Circle of Security Interview, and dyads were filmed in the Strange Situation Procedure before and after the intervention. Results supported all four hypotheses: Caregiver reflective functioning, caregiving representations, and level of child attachment security increased after the intervention, and level of attachment disorganization decreased for those with high baseline levels. Those whose scores were least optimal prior to intervention showed the greatest change in all domains. This study adds to the evidence suggesting that the 20-week Circle of Security intervention results in significant relationship improvements for caregivers and their children. © 2015 Michigan Association for Infant Mental Health.

The (in)adequacy of applicative use of quantum cryptography in wireless sensor networks

NASA Astrophysics Data System (ADS)

Turkanović, Muhamed; Hölbl, Marko

2014-10-01

Recently quantum computation and cryptography principles are exploited in the design of security systems for wireless sensor networks (WSNs), which are consequently named as quantum WSN. Quantum cryptography is presumably secure against any eavesdropper and thus labeled as providing unconditional security. This paper tries to analyze the aspect of the applicative use of quantum principles in WSN. The outcome of the analysis elaborates a summary about the inadequacy of applicative use of quantum cryptography in WSN and presents an overview of all possible applicative challenges and problems while designing quantum-based security systems for WSN. Since WSNs are highly complex frameworks, with many restrictions and constraints, every security system has to be fully compatible and worthwhile. The aim of the paper was to contribute a verdict about this topic, backed up by equitable facts.

Smart security and securing data through watermarking

NASA Astrophysics Data System (ADS)

Singh, Ritesh; Kumar, Lalit; Banik, Debraj; Sundar, S.

2017-11-01

The growth of image processing in embedded system has provided the boon of enhancing the security in various sectors. This lead to the developing of various protective strategies, which will be needed by private or public sectors for cyber security purposes. So, we have developed a method which uses digital water marking and locking mechanism for the protection of any closed premises. This paper describes a contemporary system based on user name, user id, password and encryption technique which can be placed in banks, protected offices to beef the security up. The burglary can be abated substantially by using a proactive safety structure. In this proposed framework, we are using water-marking in spatial domain to encode and decode the image and PIR(Passive Infrared Sensor) sensor to detect the existence of person in any close area.

Sensored fiber reinforced polymer grate

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ross, Michael P.; Mack, Thomas Kimball

Various technologies described herein pertain to a sensored grate that can be utilized for various security fencing applications. The sensored grate includes a grate framework and an embedded optical fiber. The grate framework is formed of a molded polymer such as, for instance, molded fiber reinforced polymer. Further, the grate framework includes a set of elongated elements, where the elongated elements are spaced to define apertures through the grate framework. The optical fiber is embedded in the elongated elements of the grate framework. Moreover, bending or breaking of one or more of the elongated elements can be detected based onmore » a change in a characteristic of input light provided to the optical fiber compared to output light received from the optical fiber.« less

An obsolete dichotomy? Rethinking the rural–urban interface in terms of food security and production in the global south.

PubMed

Lerner, Amy M; Eakin, Hallie

2011-01-01

The global food system is coming under increasing strain in the face of urban population growth. The recent spike in global food prices (2007–08) provoked consumer protests, and raised questions about food sovereignty and how and where food will be produced. Concurrently, for the first time in history the majority of the global population is urban, with the bulk of urban growth occurring in smaller-tiered cities and urban peripheries, or ‘peri-urban’ areas of the developing world. This paper discusses the new emerging spaces that incorporate a mosaic of urban and rural worlds, and reviews the implications of these spaces for livelihoods and food security. We propose a modified livelihoods framework to evaluate the contexts in which food production persists within broader processes of landscape and livelihood transformation in peri-urban locations. Where and how food production persists are central questions for the future of food security in an urbanising world. Our proposed framework provides directions for future research and highlights the role of policy and planning in reconciling food production with urban growth.

WHO-REMPAN for global health security and strengthening preparedness and response to radiation emergencies.

PubMed

Carr, Zhanat

2010-06-01

In response to the changing global environment and emerging new issues related to health security, the World Health Organization (WHO) is putting in place new tools for collective defense, such as the revised International Health Regulations (IHR) (2005). The new framework puts additional responsibilities on both Member States and WHO itself in order to effectively implement the IHR (2005) and react effectively in case of public health emergency events of any nature. Since its establishment in 1987, the Radiation Emergency Medical Preparedness and Assistance Network of WHO (WHO-REMPAN) has become an important asset for the organization's capacity to respond to radiation emergencies and to assist its Member States to strengthen their own response capacities. The paper describes in detail the framework for the WHO's role in preparedness and response to radiation emergencies, including Emergency Conventions and IHR (2005), and how the WHO-REMPAN, through its activities (i.e., technical guidelines development, training, education, research, and information sharing), provides a significant contribution to the organization's program of work towards achievement of the global health security goal.

Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

In earlier work, we presented a computational framework for quantifying the security of a system in terms of the average loss a stakeholder stands to sustain as a result of threats to the system. We named this system, the Cyberspace Security Econometrics System (CSES). In this paper, we refine the framework and apply it to cryptographic key management within the Advanced Metering Infrastructure (AMI) as an example. The stakeholders, requirements, components, and threats are determined. We then populate the matrices with justified values by addressing the AMI at a higher level, rather than trying to consider every piece of hardwaremore » and software involved. We accomplish this task by leveraging the recently established NISTR 7628 guideline for smart grid security. This allowed us to choose the stakeholders, requirements, components, and threats realistically. We reviewed the literature and selected an industry technical working group to select three representative threats from a collection of 29 threats. From this subset, we populate the stakes, dependency, and impact matrices, and the threat vector with realistic numbers. Each Stakeholder s Mean Failure Cost is then computed.« less

Resource Optimization Techniques and Security Levels for Wireless Sensor Networks Based on the ARSy Framework.

PubMed

Parenreng, Jumadi Mabe; Kitagawa, Akio

2018-05-17

Wireless Sensor Networks (WSNs) with limited battery, central processing units (CPUs), and memory resources are a widely implemented technology for early warning detection systems. The main advantage of WSNs is their ability to be deployed in areas that are difficult to access by humans. In such areas, regular maintenance may be impossible; therefore, WSN devices must utilize their limited resources to operate for as long as possible, but longer operations require maintenance. One method of maintenance is to apply a resource adaptation policy when a system reaches a critical threshold. This study discusses the application of a security level adaptation model, such as an ARSy Framework, for using resources more efficiently. A single node comprising a Raspberry Pi 3 Model B and a DS18B20 temperature sensor were tested in a laboratory under normal and stressful conditions. The result shows that under normal conditions, the system operates approximately three times longer than under stressful conditions. Maintaining the stability of the resources also enables the security level of a network's data output to stay at a high or medium level.

Optimizing SIEM Throughput on the Cloud Using Parallelization.

PubMed

Alam, Masoom; Ihsan, Asif; Khan, Muazzam A; Javaid, Qaisar; Khan, Abid; Manzoor, Jawad; Akhundzada, Adnan; Khan, Muhammad Khurram; Farooq, Sajid

2016-01-01

Processing large amounts of data in real time for identifying security issues pose several performance challenges, especially when hardware infrastructure is limited. Managed Security Service Providers (MSSP), mostly hosting their applications on the Cloud, receive events at a very high rate that varies from a few hundred to a couple of thousand events per second (EPS). It is critical to process this data efficiently, so that attacks could be identified quickly and necessary response could be initiated. This paper evaluates the performance of a security framework OSTROM built on the Esper complex event processing (CEP) engine under a parallel and non-parallel computational framework. We explain three architectures under which Esper can be used to process events. We investigated the effect on throughput, memory and CPU usage in each configuration setting. The results indicate that the performance of the engine is limited by the number of events coming in rather than the queries being processed. The architecture where 1/4th of the total events are submitted to each instance and all the queries are processed by all the units shows best results in terms of throughput, memory and CPU usage.

Resource Optimization Techniques and Security Levels for Wireless Sensor Networks Based on the ARSy Framework

PubMed Central

Kitagawa, Akio

2018-01-01

Wireless Sensor Networks (WSNs) with limited battery, central processing units (CPUs), and memory resources are a widely implemented technology for early warning detection systems. The main advantage of WSNs is their ability to be deployed in areas that are difficult to access by humans. In such areas, regular maintenance may be impossible; therefore, WSN devices must utilize their limited resources to operate for as long as possible, but longer operations require maintenance. One method of maintenance is to apply a resource adaptation policy when a system reaches a critical threshold. This study discusses the application of a security level adaptation model, such as an ARSy Framework, for using resources more efficiently. A single node comprising a Raspberry Pi 3 Model B and a DS18B20 temperature sensor were tested in a laboratory under normal and stressful conditions. The result shows that under normal conditions, the system operates approximately three times longer than under stressful conditions. Maintaining the stability of the resources also enables the security level of a network’s data output to stay at a high or medium level. PMID:29772773

Biometrics and international migration.

PubMed

Redpath, Jillyanne

2007-01-01

This paper will focus on the impact of the rapid expansion in the use of biometric systems in migration management on the rights of individuals; it seeks to highlight legal issues for consideration in implementing such systems, taking as the starting point that the security interests of the state and the rights of the individual are not, and should not be, mutually exclusive. The first part of this paper briefly describes the type of biometric applications available, how biometric systems function, and those used in migration management. The second part examines the potential offered by biometrics for greater security in migration management, and focuses on developments in the use of biometrics as a result of September 11. The third part discusses the impact of the use of biometrics in the management of migration on the individual's right to privacy and ability to move freely and lawfully. The paper highlights the increasing need for domestic and international frameworks to govern the use of biometric applications in the migration/security context, and proposes a number of issues that such frameworks could address.

Beyond a series of security nets: Applying STAMP & STPA to port security

DOE PAGES

Williams, Adam D.

2015-11-17

Port security is an increasing concern considering the significant role of ports in global commerce and today’s increasingly complex threat environment. Current approaches to port security mirror traditional models of accident causality -- ‘a series of security nets’ based on component reliability and probabilistic assumptions. Traditional port security frameworks result in isolated and inconsistent improvement strategies. Recent work in engineered safety combines the ideas of hierarchy, emergence, control and communication into a new paradigm for understanding port security as an emergent complex system property. The ‘System-Theoretic Accident Model and Process (STAMP)’ is a new model of causality based on systemsmore » and control theory. The associated analysis process -- System Theoretic Process Analysis (STPA) -- identifies specific technical or procedural security requirements designed to work in coordination with (and be traceable to) overall port objectives. This process yields port security design specifications that can mitigate (if not eliminate) port security vulnerabilities related to an emphasis on component reliability, lack of coordination between port security stakeholders or economic pressures endemic in the maritime industry. As a result, this article aims to demonstrate how STAMP’s broader view of causality and complexity can better address the dynamic and interactive behaviors of social, organizational and technical components of port security.« less

Beyond a series of security nets: Applying STAMP & STPA to port security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Williams, Adam D.

Port security is an increasing concern considering the significant role of ports in global commerce and today’s increasingly complex threat environment. Current approaches to port security mirror traditional models of accident causality -- ‘a series of security nets’ based on component reliability and probabilistic assumptions. Traditional port security frameworks result in isolated and inconsistent improvement strategies. Recent work in engineered safety combines the ideas of hierarchy, emergence, control and communication into a new paradigm for understanding port security as an emergent complex system property. The ‘System-Theoretic Accident Model and Process (STAMP)’ is a new model of causality based on systemsmore » and control theory. The associated analysis process -- System Theoretic Process Analysis (STPA) -- identifies specific technical or procedural security requirements designed to work in coordination with (and be traceable to) overall port objectives. This process yields port security design specifications that can mitigate (if not eliminate) port security vulnerabilities related to an emphasis on component reliability, lack of coordination between port security stakeholders or economic pressures endemic in the maritime industry. As a result, this article aims to demonstrate how STAMP’s broader view of causality and complexity can better address the dynamic and interactive behaviors of social, organizational and technical components of port security.« less

Urban environment and health: food security.

PubMed

Galal, Osman; Corroon, Meghan; Tirado, Cristina

2010-07-01

The authors examine the impact of urbanization on food security and human health in the Middle East. Within-urban-population disparities in food security represent one of the most dramatic indicators of economic and health disparities. These disparities are reflected in a double burden of health outcomes: increasing levels of chronic disease as well as growing numbers of undernourished among the urban poor. These require further comprehensive solutions. Some of the factors leading to food insecurity are an overdependence on purchased food commodities, lack of sufficient livelihoods, rapid reductions in peripheral agricultural land, and adverse impacts of climate change. The Food and Agriculture Organization of the United Nations (FAO) Food Security Framework is used to examine and compare 2 cities in the Middle East: Amman, Jordan, and Manama, Bahrain.

Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

PubMed

Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

2017-05-01

This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

Composable security proof for continuous-variable quantum key distribution with coherent States.

PubMed

Leverrier, Anthony

2015-02-20

We give the first composable security proof for continuous-variable quantum key distribution with coherent states against collective attacks. Crucially, in the limit of large blocks the secret key rate converges to the usual value computed from the Holevo bound. Combining our proof with either the de Finetti theorem or the postselection technique then shows the security of the protocol against general attacks, thereby confirming the long-standing conjecture that Gaussian attacks are optimal asymptotically in the composable security framework. We expect that our parameter estimation procedure, which does not rely on any assumption about the quantum state being measured, will find applications elsewhere, for instance, for the reliable quantification of continuous-variable entanglement in finite-size settings.

[Health privacy in the age of digital networks].

PubMed

Weichert, Thilo

2018-03-01

Digitization in the health sector embodies opportunities and risks. These consist of patient and data confidentiality. Vulnerability of data concerning integrity and availability can lead to financial losses and to damage of the health of data subjects. Those risks must be tackled by privacy or data protection law. For this purpose we have the European Data Protection Regulation as a comprehensive legal framework and a harmonizing bracket.This framework contains regulations on consent, purpose binding and data transfer, on rights of the data subject, technical and organizational measures and procedural arrangements. Recently, codes of conduct and certification schemes have been added as instruments. The frame of privacy law is completed by the law on medical products and information security regulations.Unfortunately, German legislation did not grip the opportunity of the European regulation to modernize, tighten and harmonize national privacy law in the health sector. This led to a lack of clarity, particularly because of the parallel applicability of privacy law and professional law. Central issues - for instance concerning transparency for data subjects, official supervision, analytics and processing for research purposes - remain dysfunctional. The German legislation should adjust those deficits. Corporations and the chambers for health professionals could and should also be active for this concern.

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... prevent completion of the threat assessment). (5) Gender. (6) Country of citizenship. (7) If the applicant... subpart remains valid for five years from the date that TSA issues a Determination of No Security Threat...

Mothers who are securely attached in pregnancy show more attuned infant mirroring at 7 months postpartum

PubMed Central

Kim, Sohye; Fonagy, Peter; Allen, Jon; Martinez, Sheila; Iyengar, Udita; Strathearn, Lane

2014-01-01

This study contrasted two forms of mother-infant mirroring: the mother's imitation of the infant's facial, gestural, or vocal behavior (i.e., “direct mirroring”) and the mother's ostensive verbalization of the infant's internal state, marked as distinct from the infant's experience (i.e., “intention mirroring”). Fifty mothers completed the Adult Attachment Interview during the third trimester of pregnancy. Mothers returned with their infants 7 months postpartum and completed a modified still-face procedure. While direct mirroring did not distinguish between secure and insecure/dismissing mothers, secure mothers were observed to engage in intention mirroring more than twice as frequently as did insecure/dismissing mothers. Infants of the two mother groups also demonstrated differences, with infants of secure mothers directing their attention toward their mothers at a higher frequency than did infants of insecure/dismissing mothers. The findings underscore marked and ostensive verbalization as a distinguishing feature of secure mothers’ well-attuned, affect-mirroring communication with their infants. PMID:25020112

Molecule database framework: a framework for creating database applications with chemical structure search capability

PubMed Central

2013-01-01

Background Research in organic chemistry generates samples of novel chemicals together with their properties and other related data. The involved scientists must be able to store this data and search it by chemical structure. There are commercial solutions for common needs like chemical registration systems or electronic lab notebooks. However for specific requirements of in-house databases and processes no such solutions exist. Another issue is that commercial solutions have the risk of vendor lock-in and may require an expensive license of a proprietary relational database management system. To speed up and simplify the development for applications that require chemical structure search capabilities, I have developed Molecule Database Framework. The framework abstracts the storing and searching of chemical structures into method calls. Therefore software developers do not require extensive knowledge about chemistry and the underlying database cartridge. This decreases application development time. Results Molecule Database Framework is written in Java and I created it by integrating existing free and open-source tools and frameworks. The core functionality includes: • Support for multi-component compounds (mixtures) • Import and export of SD-files • Optional security (authorization) For chemical structure searching Molecule Database Framework leverages the capabilities of the Bingo Cartridge for PostgreSQL and provides type-safe searching, caching, transactions and optional method level security. Molecule Database Framework supports multi-component chemical compounds (mixtures). Furthermore the design of entity classes and the reasoning behind it are explained. By means of a simple web application I describe how the framework could be used. I then benchmarked this example application to create some basic performance expectations for chemical structure searches and import and export of SD-files. Conclusions By using a simple web application it was shown that Molecule Database Framework successfully abstracts chemical structure searches and SD-File import and export to simple method calls. The framework offers good search performance on a standard laptop without any database tuning. This is also due to the fact that chemical structure searches are paged and cached. Molecule Database Framework is available for download on the projects web page on bitbucket: https://bitbucket.org/kienerj/moleculedatabaseframework. PMID:24325762

Molecule database framework: a framework for creating database applications with chemical structure search capability.

PubMed

Kiener, Joos

2013-12-11

Research in organic chemistry generates samples of novel chemicals together with their properties and other related data. The involved scientists must be able to store this data and search it by chemical structure. There are commercial solutions for common needs like chemical registration systems or electronic lab notebooks. However for specific requirements of in-house databases and processes no such solutions exist. Another issue is that commercial solutions have the risk of vendor lock-in and may require an expensive license of a proprietary relational database management system. To speed up and simplify the development for applications that require chemical structure search capabilities, I have developed Molecule Database Framework. The framework abstracts the storing and searching of chemical structures into method calls. Therefore software developers do not require extensive knowledge about chemistry and the underlying database cartridge. This decreases application development time. Molecule Database Framework is written in Java and I created it by integrating existing free and open-source tools and frameworks. The core functionality includes:•Support for multi-component compounds (mixtures)•Import and export of SD-files•Optional security (authorization)For chemical structure searching Molecule Database Framework leverages the capabilities of the Bingo Cartridge for PostgreSQL and provides type-safe searching, caching, transactions and optional method level security. Molecule Database Framework supports multi-component chemical compounds (mixtures).Furthermore the design of entity classes and the reasoning behind it are explained. By means of a simple web application I describe how the framework could be used. I then benchmarked this example application to create some basic performance expectations for chemical structure searches and import and export of SD-files. By using a simple web application it was shown that Molecule Database Framework successfully abstracts chemical structure searches and SD-File import and export to simple method calls. The framework offers good search performance on a standard laptop without any database tuning. This is also due to the fact that chemical structure searches are paged and cached. Molecule Database Framework is available for download on the projects web page on bitbucket: https://bitbucket.org/kienerj/moleculedatabaseframework.

Precision of Fit of Titanium and Cast Implant Frameworks Using a New Matching Formula

PubMed Central

Sierraalta, Marianella; Vivas, Jose L.; Razzoog, Michael E.; Wang, Rui-Feng

2012-01-01

Statement of the Problem. Fit of prosthodontic frameworks is linked to the lifetime survival of dental implants and maintenance of surrounding bone. Purpose. The purpose of this study was to evaluate and compare the precision of fit of milled one-piece Titanium fixed complete denture frameworks to that of conventional cast frameworks. Material and Methods. Fifteen casts fabricated from a single edentulous CAD/CAM surgical guide were separated in two groups and resin patterns simulating the framework for a fixed complete denture developed. Five casts were sent to dental laboratories to invest, cast in a Palladium-Gold alloy and fit the framework. Ten casts had the resin pattern scanned for fabrication of milled bars in Titanium. Using measuring software, positions of implant replicas in the definitive model were recorded. The three dimensional spatial orientation of each implant replica was matched to the implant replica. Results. Results demonstrated the mean vertical gap of the Cast framework was 0.021 (+0.004) mm and 0.012 (0.002) mm determined by fixed and unfixed best-fit matching coordinate system. For Titanium frameworks they were 0.0037 (+0.0028) mm and 0.0024 (+0.0005) mm, respectively. Conclusions. Milled one-piece Titanium fixed complete denture frameworks provided a more accurate precision of fit then traditional cast frameworks. PMID:22550486

Water Resource Management Mechanisms for Intrastate Violent Conflict Resolution: the Capacity Gap and What To Do About It.

NASA Astrophysics Data System (ADS)

Workman, M.; Veilleux, J. C.

2014-12-01

Violent conflict and issues surrounding available water resources are both global problems and are connected. Violent conflict is increasingly intrastate in nature and coupled with increased hydrological variability as a function of climate change, there will be increased pressures on water resource use. The majority of mechanisms designed to secure water resources are often based on the presence of a governance framework or another type of institutional capacity, such as offered through a supra- or sub-national organization like the United Nations or a river basin organization. However, institutional frameworks are not present or loose functionality during violent conflict. Therefore, it will likely be extremely difficult to secure water resources for a significant proportion of populations in Fragile and Conflict Affected States. However, the capacity in Organisation for Economic Co-operation and Development nations for the appropriate interventions to address this problem is reduced by an increasing reluctance to participate in interventionist operations following a decade of expeditionary warfighting mainly in Iraq and Afghanistan, and related defence cuts. Therefore, future interventions in violent conflict and securing water resources may be more indirect in nature. This paper assesses the state of understanding key areas in the present literature and highlights the gap of securing water resources during violent conflict in the absence of institutional capacity. There is a need to close this gap as a matter of urgency by formulating frameworks to assess the lack of institutional oversight / framework for water resources in areas where violent conflict is prevalent; developing inclusive resource management platforms through transparency and reconciliation mechanisms; and developing endogenous confidence-building measures and evaluate how these may be encouraged by exogenous initiatives including those facilitated by the international community. This effort will require the development of collaborations between academic, NGO sectors, and national aid agencies in order to allow the development of the appropriate tools, understanding in a broad range of contexts, and the mechanisms that can be brought to bear to address this increasingly important area.

Modelling Public Security Operations: Evaluation of the Holistic Security Ecosystem (HSE) Proof-of-Concept

DTIC Science & Technology

2012-12-01

base pour construire de telles simulations et pourrait être adaptée à d’autres expériences à un coût relativement bas. Perspectives : Les leçons...systems (such as culture , [ Culture ]). This seven-dimensional framework advocates that systems be viewed from the physical, individual, functional...structural, normative, social, and informational dimensions. The human factors include modelling stress, trust, risk factors, and cultural factors

Selected Tracking and Fusion Applications for the Defence and Security Domain

DTIC Science & Technology

2010-05-01

SUBTITLE Selected Tracking and Fusion Applications for the Defence and Security Domain 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER...characterized, for example, by sensor ranges from less than a meter to hundreds of kilometers, by time scales ranging from less than second to a few...been carried out within the framework of a multinational technology program called MAJIIC (Multi-Sensor Aerospace-Ground Joint ISR Interoperability

Offensive Cybersecurity in the NIST Cybersecurity Framework

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bulyk, Mykhaylo; Evans, Dr. Nathaniel

Government and corporate computer systems are attacked, networks are penetrated by hackers, and enterprises are protected by demilitarized zones. Language that until recently was used to describe security and warfare in military settings has now become common-place in cybersecurity discussions. The concepts of pre-emptive attack, counterattack and offensive defense fit the linguistic cultural thread of security in cyberspace, at least in part due to the taxonomy adopted by cybersecurity as a discipline.

A Standardization Framework for Electronic Government Service Portals

NASA Astrophysics Data System (ADS)

Sarantis, Demetrios; Tsiakaliaris, Christos; Lampathaki, Fenareti; Charalabidis, Yannis

Although most eGovernment interoperability frameworks (eGIFs) cover adequately the technical aspects of developing and supporting the provision of electronic services to citizens and businesses, they do not exclusively address several important areas regarding the organization, presentation, accessibility and security of the content and the electronic services offered through government portals. This chapter extends the scope of existing eGIFs presenting the overall architecture and the basic concepts of the Greek standardization framework for electronic government service portals which, for the first time in Europe, is part of a country's eGovernment framework. The proposed standardization framework includes standards, guidelines and recommendations regarding the design, development and operation of government portals that support the provision of administrative information and services to citizens and businesses. By applying the guidelines of the framework, the design, development and operation of portals in central, regional and municipal government can be systematically addressed resulting in an applicable, sustainable and ever-expanding framework.

17 CFR 260.7a-3 - Number of copies; filing; signatures; binding.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Number of copies; filing; signatures; binding. 260.7a-3 Section 260.7a-3 Commodity and Securities Exchanges SECURITIES AND EXCHANGE... § 260.7a-3 Number of copies; filing; signatures; binding. (a) Three copies of the complete application...

Nuclear Security Objectives of an NMAC System

DOE Office of Scientific and Technical Information (OSTI.GOV)

West, Rebecca Lynn

After completing this module, you should be able to: Describe the role of Nuclear Material Accounting and Control (NMAC) in comprehensive nuclear security at a facility; Describe purpose of NMAC; Identify differences between the use of NMAC for IAEA safeguards and for facility nuclear security; List NMAC elements and measures; and Describe process for resolution of irregularities

20 CFR 404.1287 - Exceptions to the time limitations on assessments-for wages paid prior to 1987.

Code of Federal Regulations, 2010 CFR

2010-04-01

... determination; or (iv) The Social Security Administration has not issued to the State a final audit statement on... assessments-for wages paid prior to 1987. 404.1287 Section 404.1287 Employees' Benefits SOCIAL SECURITY... complete; or (iii) The Social Security Administration is developing a coverage or wage issue which was...

20 CFR 404.1287 - Exceptions to the time limitations on assessments-for wages paid prior to 1987.

Code of Federal Regulations, 2011 CFR

2011-04-01

... determination; or (iv) The Social Security Administration has not issued to the State a final audit statement on... assessments-for wages paid prior to 1987. 404.1287 Section 404.1287 Employees' Benefits SOCIAL SECURITY... complete; or (iii) The Social Security Administration is developing a coverage or wage issue which was...

49 CFR 1511.5 - Imposition of Aviation Security Infrastructure Fees.

Code of Federal Regulations, 2010 CFR

2010-10-01

... completed form to the Transportation Security Administration by May 18, 2002. (e) In the case of a merger, acquisition, corporate restructuring, reorganization, or name change involving an air carrier or foreign air...

Rebuilding northern foodsheds, sustainable food systems, community well-being, and food security.

PubMed

Gerlach, S Craig; Loring, Philip A

2013-01-01

Multiple climatic, environmental and socio-economic pressures have accumulated to the point where they interfere with the ability of remote rural Alaska Native communities to achieve food security with locally harvestable food resources. The harvest of wild foods has been the historical norm, but most Alaska Native villages are transitioning to a cash economy, with increasing reliance on industrially produced, store-bought foods, and with less reliable access to and reliance on wild, country foods. While commercially available market foods provide one measure of food security, the availability and quality of market foods are subject to the vagaries and vulnerabilities of the global food system; access is dependent on one's ability to pay, is limited to what is available on the shelves of small rural stores, and, store-bought foods do not fulfill the important roles that traditional country foods play in rural communities and cultures. Country food access is also constrained by rising prices of fuel and equipment, a federal and state regulatory framework that sometimes hinders rather than helps rural subsistence users who need to access traditional food resources, a regulatory framework that is often not responsive to changes in climate, weather and seasonality, and a shifting knowledge base in younger generations about how to effectively harvest, process and store wild foods. The general objective is to provide a framework for understanding the social, cultural, ecological and political dimensions of rural Alaska Native food security, and to provide information on the current trends in rural Alaska Native food systems. This research is based on our long-term ethnographic, subsistence and food systems work in coastal and interior Alaska. This includes research about the land mammal harvest, the Yukon River and coastal fisheries, community and village gardens, small livestock production and red meat systems that are scaled appropriately to village size and capacity, and food-system intervention strategies designed to rebuild local and rural foodsheds and to restore individual and community health. The contemporary cultural, economic and nutrition transition has severe consequences for the health of people and for the viability of rural communities, and in ways that are not well tracked by the conventional food security methodologies and frameworks. This article expands the discussion of food security and is premised on a holistic model that integrates the social, cultural, ecological, psychological and biomedical aspects of individual and community health. We propose a new direction for food-system design that prioritizes the management of place-based food portfolios above the more conventional management of individual resources, one with a commitment to as much local and regional food production and/or harvest for local and regional consumption as is possible, and to community self-reliance and health for rural Alaska Natives.

Obfuscation Framework Based on Functionally Equivalent Combinatorial Logic Families

DTIC Science & Technology

2008-03-01

of Defense, or the United States Government . AFIT/GCS/ENG/08-12 Obfuscation Framework Based on Functionally Equivalent Combinatorial Logic Families...time, United States policy strongly encourages the sale and transfer of some military equipment to foreign governments and makes it easier for...Proceedings of the International Conference on Availability, Reliability and Security, 2007. 14. McDonald, J. Todd and Alec Yasinsac. “Of unicorns and random

University Knowledge Exchange (KE) Framework: Good Practice in Technology Transfer. Report to the UK Higher Education Sector and HEFCE by the McMillan Group

ERIC Educational Resources Information Center

Higher Education Funding Council for England, 2016

2016-01-01

As part of its commitment to keeping the UK at the leading edge as a global knowledge-based economy, the last Government asked the Higher Education Funding Council for England (HEFCE) in 2014 to develop a knowledge exchange (KE) performance framework that would secure effective practice in universities on key productive elements in the…

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

On effectiveness of network sensor-based defense framework

NASA Astrophysics Data System (ADS)

Zhang, Difan; Zhang, Hanlin; Ge, Linqiang; Yu, Wei; Lu, Chao; Chen, Genshe; Pham, Khanh

2012-06-01

Cyber attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. Defending against cyber attacks calls for the distributed collaborative monitoring, detection, and mitigation. To this end, we develop a network sensor-based defense framework, with the aim of handling network security awareness, mitigation, and prediction. We implement the prototypical system and show its effectiveness on detecting known attacks, such as port-scanning and distributed denial-of-service (DDoS). Based on this framework, we also implement the statistical-based detection and sequential testing-based detection techniques and compare their respective detection performance. The future implementation of defensive algorithms can be provisioned in our proposed framework for combating cyber attacks.

Experimental quantum key distribution with source flaws

NASA Astrophysics Data System (ADS)

Xu, Feihu; Wei, Kejin; Sajeed, Shihan; Kaiser, Sarah; Sun, Shihai; Tang, Zhiyuan; Qian, Li; Makarov, Vadim; Lo, Hoi-Kwong

2015-09-01

Decoy-state quantum key distribution (QKD) is a standard technique in current quantum cryptographic implementations. Unfortunately, existing experiments have two important drawbacks: the state preparation is assumed to be perfect without errors and the employed security proofs do not fully consider the finite-key effects for general attacks. These two drawbacks mean that existing experiments are not guaranteed to be proven to be secure in practice. Here, we perform an experiment that shows secure QKD with imperfect state preparations over long distances and achieves rigorous finite-key security bounds for decoy-state QKD against coherent attacks in the universally composable framework. We quantify the source flaws experimentally and demonstrate a QKD implementation that is tolerant to channel loss despite the source flaws. Our implementation considers more real-world problems than most previous experiments, and our theory can be applied to general discrete-variable QKD systems. These features constitute a step towards secure QKD with imperfect devices.

Welfare, Liberty, and Security for All? U.S. Sex Education Policy and the 1996 Title V Section 510 of the Social Security Act.

PubMed

Lerner, Justin E; Hawkins, Robert L

2016-07-01

When adolescents delay (meaning they wait until after middle school) engaging in sexual intercourse, they use condoms at higher rates and have fewer sexual partners than those who have sex earlier, thus resulting in a lower risk for unintended pregnancies and sexually transmitted infections. The 1996 Section 510 of Title V of the Social Security Act (often referred to as A-H) is a policy that promotes abstinence-only-until-marriage education (AOE) within public schools. Using Stone's (2012) policy analysis framework, this article explores how A-H limits welfare, liberty, and security among adolescents due to the poor empirical outcomes of AOE policy. We recommend incorporating theory-informed comprehensive sex education in addition to theory-informed abstinence education that utilizes Fishbein and Ajzen's (2010) reasoned action model within schools in order to begin to address adolescent welfare, liberty, and security.

An analysis of Indonesia’s information security index: a case study in a public university

NASA Astrophysics Data System (ADS)

Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.

2018-01-01

Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.