The Awareness and Challenges of Cloud Computing Adoption on Tertiary Education in Malaysia

NASA Astrophysics Data System (ADS)

Hazreeni Hamzah, Nor; Mahmud, Maziah; Zukri, Shamsunarnie Mohamed; Yaacob, Wan Fairos Wan; Yacob, Jusoh

2017-09-01

This preliminary study aims to investigate the awareness of the adoption of cloud computing among the academicians in tertiary education in Malaysia. Besides, this study also want to explore the possible challenges faced by the academician while adopting this new technology. The pilot study was done on 40 lecturers in Universiti Teknologi MARA Kampus Kota Bharu (UiTMKB) by using self administered questionnaire. The results found that almost half (40 percent) were not aware on the existing of cloud computing in teaching and learning (T&L) process. The challenges confronting the adoption of cloud computing are data insecurity, data insecurity, unsolicited advertisement, lock-in, reluctance to eliminate staff positions, privacy concerns, reliability challenge, regulatory compliance concerns/user control and institutional culture/resistance to change in technology. This possible challenges can be factorized in two major factors which were security and dependency factor and user control and mentality factor.

Computer-aided Human Centric Cyber Situation Awareness

DTIC Science & Technology

2016-03-20

in Video, IJCAI: International Joint Conf. on Artificial Intelligence . 16-JUL-11, . : , Kun Sun, Sushil Jajodia, Jason Li, Yi Cheng, Wei Tang...Cyber-Security Conference, June 2015. 2. V.S. Subrahmanian, Invited Speaker, Summer School on Business Intelligence and Big Data Analysis, Capri, Italy... Cybersecurity Conference, Yuval Ne’eman Workshop for Science, Technology and Security, Tel Aviv University, the Israeli National Cyber Bureau, Prime

Security Engineering Project - System Aware Cyber Security for an Autonomous Surveillance System On Board an Unmanned Aerial Vehicle

DTIC Science & Technology

2014-01-31

59 Figure 26. Raspberry Pi SBC... Raspberry Pi single compute board (SBC) (see section 3.3.1.2). These snoopers can intercept the serial data, decode the information, and retransmit the...data. The Raspberry Pi contains two serial ports that allow receiving, altering, and retransmitting of serial data. These monitor points will provide

Novel technology for enhanced security and trust in communication networks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz

2011-06-01

A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.

Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services.

PubMed

Pervez, Zeeshan; Ahmad, Mahmood; Khattak, Asad Masood; Lee, Sungyoung; Chung, Tae Choong

2016-01-01

Privacy-aware search of outsourced data ensures relevant data access in the untrusted domain of a public cloud service provider. Subscriber of a public cloud storage service can determine the presence or absence of a particular keyword by submitting search query in the form of a trapdoor. However, these trapdoor-based search queries are limited in functionality and cannot be used to identify secure outsourced data which contains semantically equivalent information. In addition, trapdoor-based methodologies are confined to pre-defined trapdoors and prevent subscribers from searching outsourced data with arbitrarily defined search criteria. To solve the problem of relevant data access, we have proposed an index-based privacy-aware search methodology that ensures semantic retrieval of data from an untrusted domain. This method ensures oblivious execution of a search query and leverages authorized subscribers to model conjunctive search queries without relying on predefined trapdoors. A security analysis of our proposed methodology shows that, in a conspired attack, unauthorized subscribers and untrusted cloud service providers cannot deduce any information that can lead to the potential loss of data privacy. A computational time analysis on commodity hardware demonstrates that our proposed methodology requires moderate computational resources to model a privacy-aware search query and for its oblivious evaluation on a cloud service provider.

Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services

PubMed Central

Pervez, Zeeshan; Ahmad, Mahmood; Khattak, Asad Masood; Lee, Sungyoung; Chung, Tae Choong

2016-01-01

Privacy-aware search of outsourced data ensures relevant data access in the untrusted domain of a public cloud service provider. Subscriber of a public cloud storage service can determine the presence or absence of a particular keyword by submitting search query in the form of a trapdoor. However, these trapdoor-based search queries are limited in functionality and cannot be used to identify secure outsourced data which contains semantically equivalent information. In addition, trapdoor-based methodologies are confined to pre-defined trapdoors and prevent subscribers from searching outsourced data with arbitrarily defined search criteria. To solve the problem of relevant data access, we have proposed an index-based privacy-aware search methodology that ensures semantic retrieval of data from an untrusted domain. This method ensures oblivious execution of a search query and leverages authorized subscribers to model conjunctive search queries without relying on predefined trapdoors. A security analysis of our proposed methodology shows that, in a conspired attack, unauthorized subscribers and untrusted cloud service providers cannot deduce any information that can lead to the potential loss of data privacy. A computational time analysis on commodity hardware demonstrates that our proposed methodology requires moderate computational resources to model a privacy-aware search query and for its oblivious evaluation on a cloud service provider. PMID:27571421

Computer loss experience and predictions

NASA Astrophysics Data System (ADS)

Parker, Donn B.

1996-03-01

The types of losses organizations must anticipate have become more difficult to predict because of the eclectic nature of computers and the data communications and the decrease in news media reporting of computer-related losses as they become commonplace. Total business crime is conjectured to be decreasing in frequency and increasing in loss per case as a result of increasing computer use. Computer crimes are probably increasing, however, as their share of the decreasing business crime rate grows. Ultimately all business crime will involve computers in some way, and we could see a decline of both together. The important information security measures in high-loss business crime generally concern controls over authorized people engaged in unauthorized activities. Such controls include authentication of users, analysis of detailed audit records, unannounced audits, segregation of development and production systems and duties, shielding the viewing of screens, and security awareness and motivation controls in high-value transaction areas. Computer crimes that involve highly publicized intriguing computer misuse methods, such as privacy violations, radio frequency emanations eavesdropping, and computer viruses, have been reported in waves that periodically have saturated the news media during the past 20 years. We must be able to anticipate such highly publicized crimes and reduce the impact and embarrassment they cause. On the basis of our most recent experience, I propose nine new types of computer crime to be aware of: computer larceny (theft and burglary of small computers), automated hacking (use of computer programs to intrude), electronic data interchange fraud (business transaction fraud), Trojan bomb extortion and sabotage (code security inserted into others' systems that can be triggered to cause damage), LANarchy (unknown equipment in use), desktop forgery (computerized forgery and counterfeiting of documents), information anarchy (indiscriminate use of crypto without control), Internet abuse (antisocial use of data communications), and international industrial espionage (governments stealing business secrets). A wide variety of safeguards are necessary to deal with these new crimes. The most powerful controls include (1) carefully controlled use of cryptography and digital signatures with good key management and overriding business and government decryption capability and (2) use of tokens such as smart cards to increase the strength of secret passwords for authentication of computer users. Jewelry-type security for small computers--including registration of serial numbers and security inventorying of equipment, software, and connectivity--will be necessary. Other safeguards include automatic monitoring of computer use and detection of unusual activities, segmentation and filtering of networks, special paper and ink for documents, and reduction of paper documents. Finally, international cooperation of governments to create trusted environments for business is essential.

Security Awareness Bulletin. Number 2-91, September 1991

DTIC Science & Technology

1991-09-01

governments, competitors, In our rapidly changing workplace, computers and those having criminal intent, that uncontrolled access routinely communicate with...same as above; rental fee is slightly higher. Securily A wareness Bulletin 10 Number 2-91 New AIS Requirements in the Defense Industrial Security...original file copy. But remember, check the original for viruses 6. Files grow in size. Infamous to the Nvir, this before locking and relying upon it as a

Performance Analysis of Cyber Security Awareness Delivery Methods

NASA Astrophysics Data System (ADS)

Abawajy, Jemal; Kim, Tai-Hoon

In order to decrease information security threats caused by human-related vulnerabilities, an increased concentration on information security awareness and training is necessary. There are numerous information security awareness training delivery methods. The purpose of this study was to determine what delivery method is most successful in providing security awareness training. We conducted security awareness training using various delivery methods such as text based, game based and a short video presentation with the aim of determining user preference delivery methods. Our study suggests that a combined delvery methods are better than individual secrity awareness delivery method.

Hybrid cloud: bridging of private and public cloud computing

NASA Astrophysics Data System (ADS)

Aryotejo, Guruh; Kristiyanto, Daniel Y.; Mufadhol

2018-05-01

Cloud Computing is quickly emerging as a promising paradigm in the recent years especially for the business sector. In addition, through cloud service providers, cloud computing is widely used by Information Technology (IT) based startup company to grow their business. However, the level of most businesses awareness on data security issues is low, since some Cloud Service Provider (CSP) could decrypt their data. Hybrid Cloud Deployment Model (HCDM) has characteristic as open source, which is one of secure cloud computing model, thus HCDM may solve data security issues. The objective of this study is to design, deploy and evaluate a HCDM as Infrastructure as a Service (IaaS). In the implementation process, Metal as a Service (MAAS) engine was used as a base to build an actual server and node. Followed by installing the vsftpd application, which serves as FTP server. In comparison with HCDM, public cloud was adopted through public cloud interface. As a result, the design and deployment of HCDM was conducted successfully, instead of having good security, HCDM able to transfer data faster than public cloud significantly. To the best of our knowledge, Hybrid Cloud Deployment model is one of secure cloud computing model due to its characteristic as open source. Furthermore, this study will serve as a base for future studies about Hybrid Cloud Deployment model which may relevant for solving big security issues of IT-based startup companies especially in Indonesia.

49 CFR 1552.23 - Security awareness training programs.

Code of Federal Regulations, 2014 CFR

2014-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

49 CFR 1552.23 - Security awareness training programs.

Code of Federal Regulations, 2011 CFR

2011-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

49 CFR 1552.23 - Security awareness training programs.

Code of Federal Regulations, 2013 CFR

2013-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

49 CFR 1552.23 - Security awareness training programs.

Code of Federal Regulations, 2012 CFR

2012-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

49 CFR 1552.23 - Security awareness training programs.

Code of Federal Regulations, 2010 CFR

2010-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

Integrated situational awareness for cyber attack detection, analysis, and mitigation

NASA Astrophysics Data System (ADS)

Cheng, Yi; Sagduyu, Yalin; Deng, Julia; Li, Jason; Liu, Peng

2012-06-01

Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.

Test and Evaluation of Architecture-Aware Compiler Environment

DTIC Science & Technology

2011-11-01

biology, medicine, social sciences , and security applications. Challenges include extremely large graphs (the Facebook friend network has over...Operations with Temporal Binning ....................................................................... 32 4.12 Memory behavior and Energy per...five challenge problems empirically, exploring their scaling properties, computation and datatype needs, memory behavior , and temporal behavior

Utilizing Android and the Cloud Computing Environment to Increase Situational Awareness for a Mobile Distributed Response

DTIC Science & Technology

2012-03-01

by using a common communication technology there is no need to develop a complicated communications plan and generate an ad - hoc communications...DISTRIBUTION CODE A 13. ABSTRACT (maximum 200 words) Maintaining an accurate Common Operational Picture (COP) is a strategic requirement for...TERMS Android Programming, Cloud Computing, Common Operating Picture, Web Programing 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT

Maritime Domain Awareness: The Key to Maritime Security Operational Challenges and Technical Solutions

DTIC Science & Technology

2006-06-01

series with the Philippines, Indonesia, Singapore, Malaysia , Brunei, and the United States. Another example of regional collaboration is the South East...computers to choose from producers such as Sony , Fujitsu, Compaq, Toshiba, Macintosh or a custom-built PC. The selection depends on factors such as

A Survey on Cyber Security awareness among college students in Tamil Nadu

NASA Astrophysics Data System (ADS)

Senthilkumar, K.; Easwaramoorthy, Sathishkumar

2017-11-01

The aim of the study is to analyse the awareness of cyber security on college students in Tamil Nadu by focusing various security threats in the internet. In recent years cybercrime is an enormous challenge in all areas including national security, public safety and personal privacy. To prevent from a victim of cybercrime everyone must know about their own security and safety measures to protect by themselves. A well-structured questionnaire survey method will be applied to analyse the college student’s awareness in the area of cyber security. This survey will be going to conducted in major cities of Tamil Nadu by focusing various security threats like email, virus, phishing, fake advertisement, popup windows and other attacks in the internet. This survey examines the college students’ awareness and the level of awareness about the security issues and some suggestions are set forth to overcome these issues.

A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing.

PubMed

Yu, Si; Gui, Xiaolin; Lin, Jiancai; Tian, Feng; Zhao, Jianqiang; Dai, Min

2014-01-01

Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect of virtual machine (VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use the aggressive conflict of interest relation (ACIR) and aggressive in ally with relation (AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much.

A Security-Awareness Virtual Machine Management Scheme Based on Chinese Wall Policy in Cloud Computing

PubMed Central

Gui, Xiaolin; Lin, Jiancai; Tian, Feng; Zhao, Jianqiang; Dai, Min

2014-01-01

Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect of virtual machine (VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use the aggressive conflict of interest relation (ACIR) and aggressive in ally with relation (AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much. PMID:24688434

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

The Impact of Information Richness on Information Security Awareness Training Effectiveness

ERIC Educational Resources Information Center

Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

2009-01-01

In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

PubMed

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

Impact of Security Awareness Programs on End-User Security Behavior: A Quantitative Study of Federal Workers

ERIC Educational Resources Information Center

Smith, Gwendolynn T.

2012-01-01

The increasing dependence on technology presented more vulnerability to security breaches of information and the need to assess security awareness levels in federal organizations, as well as other organizations. Increased headlines of security breaches of federal employees' security actions prompted this study. The research study reviewed the…

The security of patient identifiable information in doctors' homes.

PubMed

McLean, Iain; Anderson, C Mary

2004-08-01

Ethically and legally doctors bear a responsibility to ensure the security of patient identifiable information in their possession. Many doctors, especially those in forensic medicine, hold paper or computerised medical records at home. This survey was conducted to assess the level of security for these records and awareness of the issues. Fifty-six forensic physicians (30 male, 26 female) answered a questionnaire. Eighty-nine percent used a computer to write patient notes and reports, but only 26 of these were on the Data Protection Register, and only 24 password-protected their files. Few doctors took steps to protect data on old computers they had stopped using. Of those responding, 88% held paper records at home but only of these had lockable filing cabinets. Burglar alarms were fitted in 77% of homes, yet 36% of homes had been burgled. No participants had written instructions for disposal of records and reports after their death. Older participants were more likely to have been burgled, yet less likely to have antiviral software than their younger counterparts. Participants expressed the need for information, education and training in data security.

Hybrid-Aware Model for Senior Wellness Service in Smart Home.

PubMed

Jung, Yuchae

2017-05-22

Smart home technology with situation-awareness is important for seniors to improve safety and security. With the development of context-aware computing, wearable sensor technology, and ubiquitous computing, it is easier for seniors to manage their health problem in smart home environment. For monitoring senior activity in smart home, wearable, and motion sensors-such as respiration rate (RR), electrocardiography (ECG), body temperature, and blood pressure (BP)-were used for monitoring movements of seniors. For context-awareness, environmental sensors-such as gas, fire, smoke, dust, temperature, and light sensors-were used for senior location data collection. Based on senior activity, senior health status can be classified into positive and negative. Based on senior location and time, senior safety is classified into safe and emergency. In this paper, we propose a hybrid inspection service middleware for monitoring elderly health risk based on senior activity and location. This hybrid-aware model for the detection of abnormal status of seniors has four steps as follows: (1) data collection from biosensors and environmental sensors; (2) monitoring senior location and time of stay in each location using environmental sensors; (3) monitoring senior activity using biometric data; finally, (4) expectation-maximization based decision-making step recommending proper treatment based on a senior health risk ratio.

Hybrid-Aware Model for Senior Wellness Service in Smart Home

PubMed Central

Jung, Yuchae

2017-01-01

Smart home technology with situation-awareness is important for seniors to improve safety and security. With the development of context-aware computing, wearable sensor technology, and ubiquitous computing, it is easier for seniors to manage their health problem in smart home environment. For monitoring senior activity in smart home, wearable, and motion sensors—such as respiration rate (RR), electrocardiography (ECG), body temperature, and blood pressure (BP)—were used for monitoring movements of seniors. For context-awareness, environmental sensors—such as gas, fire, smoke, dust, temperature, and light sensors—were used for senior location data collection. Based on senior activity, senior health status can be classified into positive and negative. Based on senior location and time, senior safety is classified into safe and emergency. In this paper, we propose a hybrid inspection service middleware for monitoring elderly health risk based on senior activity and location. This hybrid-aware model for the detection of abnormal status of seniors has four steps as follows: (1) data collection from biosensors and environmental sensors; (2) monitoring senior location and time of stay in each location using environmental sensors; (3) monitoring senior activity using biometric data; finally, (4) expectation-maximization based decision-making step recommending proper treatment based on a senior health risk ratio. PMID:28531157

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

SERENITY Aware System Development Process

NASA Astrophysics Data System (ADS)

Serrano, Daniel; Maña, Antonio; Llarena, Rafael; Crespo, Beatriz Gallego-Nicasio; Li, Keqin

Traditionally, security patterns have successfully been used to describe security and dependability. In the SERENITY Project the notion of security and dependability (S&D) pattern has been extended to exact specifications of re-usable security mechanisms for Ambient Intelligence (AmI) systems. These S&D Patterns include information on the security properties satisfied by the solution and on the context conditions to be fulfilled. This chapter presents the development of applications supported by SERENITY. In the context of SERENITY we refer to these applications as Serenity-aware applications. Firstly, this chapter presents the Serenity-aware application design using S&D Artefacts. Secondly, it proposes a Java Application Programming Interface (API) to be used in the application development. And, finally, it introduces the development of an example Serenity-aware application.

Cloud computing for context-aware enhanced m-Health services.

PubMed

Fernandez-Llatas, Carlos; Pileggi, Salvatore F; Ibañez, Gema; Valero, Zoe; Sala, Pilar

2015-01-01

m-Health services are increasing its presence in our lives due to the high penetration of new smartphone devices. This new scenario proposes new challenges in terms of information accessibility that require new paradigms which enable the new applications to access the data in a continuous and ubiquitous way, ensuring the privacy required depending on the kind of data accessed. This paper proposes an architecture based on cloud computing paradigms in order to empower new m-Health applications to enrich their results by providing secure access to user data.

Predictive Anomaly Management for Resilient Virtualized Computing Infrastructures

DTIC Science & Technology

2015-05-27

PREC: Practical Root Exploit Containment for Android Devices, ACM Conference on Data and Application Security and Privacy (CODASPY) . 03-MAR-14...05-OCT-11, . : , Hiep Nguyen, Yongmin Tan, Xiaohui Gu. Propagation-aware Anomaly Localization for Cloud Hosted Distributed Applications , ACM...Workshop on Managing Large-Scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques (SLAML) in conjunction with SOSP

Global Warming, Africa and National Security

DTIC Science & Technology

2008-01-15

African populations. This includes awareness from a global perspective in line with The Army Strategy for the Environment, the UN’s Intergovernmental...2 attention. At the time, computer models did not indicate a significant issue with global warming suggesting only a modest increase of 2°C9...projected climate changes. Current Science The science surrounding climate change and global warming was, until recently, a point of

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Continuous Security and Configuration Monitoring of HPC Clusters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Garcia-Lomeli, H. D.; Bertsch, A. D.; Fox, D. M.

Continuous security and configuration monitoring of information systems has been a time consuming and laborious task for system administrators at the High Performance Computing (HPC) center. Prior to this project, system administrators had to manually check the settings of thousands of nodes, which required a significant number of hours rendering the old process ineffective and inefficient. This paper explains the application of Splunk Enterprise, a software agent, and a reporting tool in the development of a user application interface to track and report on critical system updates and security compliance status of HPC Clusters. In conjunction with other configuration managementmore » systems, the reporting tool is to provide continuous situational awareness to system administrators of the compliance state of information systems. Our approach consisted of the development, testing, and deployment of an agent to collect any arbitrary information across a massively distributed computing center, and organize that information into a human-readable format. Using Splunk Enterprise, this raw data was then gathered into a central repository and indexed for search, analysis, and correlation. Following acquisition and accumulation, the reporting tool generated and presented actionable information by filtering the data according to command line parameters passed at run time. Preliminary data showed results for over six thousand nodes. Further research and expansion of this tool could lead to the development of a series of agents to gather and report critical system parameters. However, in order to make use of the flexibility and resourcefulness of the reporting tool the agent must conform to specifications set forth in this paper. This project has simplified the way system administrators gather, analyze, and report on the configuration and security state of HPC clusters, maintaining ongoing situational awareness. Rather than querying each cluster independently, compliance checking can be managed from one central location.« less

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jim Alves-Foss

2011-08-01

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL providesmore » a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.« less

Complying with the Campus Security Act--1990. Title II--Crime Awareness and Campus Security.

ERIC Educational Resources Information Center

National Association of Student Personnel Administrators, Inc.

This paper offers guidelines to colleges and universities which must comply with requirements of the Student Right-to-Know and Campus Security Act of 1990, specifically Title II, Crime Awareness and Campus Security. An introduction outlines some measures that campuses are urged to adopt such as campus-wide committees to review security policies,…

SPAR: a security- and power-aware routing protocol for wireless ad hoc and sensor networks

NASA Astrophysics Data System (ADS)

Oberoi, Vikram; Chigan, Chunxiao

2005-05-01

Wireless Ad Hoc and Sensor Networks (WAHSNs) are vulnerable to extensive attacks as well as severe resource constraints. To fulfill the security needs, many security enhancements have been proposed. Like wise, from resource constraint perspective, many power aware schemes have been proposed to save the battery power. However, we observe that for the severely resource limited and extremely vulnerable WAHSNs, taking security or power (or any other resource) alone into consideration for protocol design is rather inadequate toward the truly "secure-and-useful" WAHSNs. For example, from resource constraint perspective, we identify one of the potential problems, the Security-Capable-Congestion (SCC) behavior, for the WAHSNs routing protocols where only the security are concerned. On the other hand, the design approach where only scarce resource is concerned, such as many power-aware WAHSNs protocols, leaves security unconsidered and is undesirable to many WAHSNs application scenarios. Motivated by these observations, we propose a co-design approach, where both the high security and effective resource consumption are targeted for WAHSNs protocol design. Specifically, we propose a novel routing protocol, Security- and Power- Aware Routing (SPAR) protocol based on this co-design approach. In SPAR, the routing decisions are made based on both security and power as routing criteria. The idea of the SPAR mechanism is routing protocol independent and therefore can be broadly integrated into any of the existing WAHSNs routing protocols. The simulation results show that SPAR outperforms the WAHSNs routing protocols where security or power alone is considered, significantly. This research finding demonstrates the proposed security- and resource- aware co-design approach is promising towards the truly "secure-and-useful" WAHSNs.

Information Security – Guidance for Manually Completing the Information Security Awareness Training

EPA Pesticide Factsheets

The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

The AIST Managed Cloud Environment

NASA Astrophysics Data System (ADS)

Cook, S.

2016-12-01

ESTO is currently in the process of developing and implementing the AIST Managed Cloud Environment (AMCE) to offer cloud computing services to ESTO-funded PIs to conduct their project research. AIST will provide projects access to a cloud computing framework that incorporates NASA security, technical, and financial standards, on which project can freely store, run, and process data. Currently, many projects led by research groups outside of NASA do not have the awareness of requirements or the resources to implement NASA standards into their research, which limits the likelihood of infusing the work into NASA applications. Offering this environment to PIs will allow them to conduct their project research using the many benefits of cloud computing. In addition to the well-known cost and time savings that it allows, it also provides scalability and flexibility. The AMCE will facilitate infusion and end user access by ensuring standardization and security. This approach will ultimately benefit ESTO, the science community, and the research, allowing the technology developments to have quicker and broader applications.

The AMCE (AIST Managed Cloud Environment)

NASA Astrophysics Data System (ADS)

Cook, S.

2017-12-01

ESTO has developed and implemented the AIST Managed Cloud Environment (AMCE) to offer cloud computing services to SMD-funded PIs to conduct their project research. AIST will provide projects access to a cloud computing framework that incorporates NASA security, technical, and financial standards, on which project can freely store, run, and process data. Currently, many projects led by research groups outside of NASA do not have the awareness of requirements or the resources to implement NASA standards into their research, which limits the likelihood of infusing the work into NASA applications. Offering this environment to PIs allows them to conduct their project research using the many benefits of cloud computing. In addition to the well-known cost and time savings that it allows, it also provides scalability and flexibility. The AMCE facilitates infusion and end user access by ensuring standardization and security. This approach will ultimately benefit ESTO, the science community, and the research, allowing the technology developments to have quicker and broader applications.

Toward a theoretical framework for trustworthy cyber sensing

NASA Astrophysics Data System (ADS)

Xu, Shouhuai

2010-04-01

Cyberspace is an indispensable part of the economy and society, but has been "polluted" with many compromised computers that can be abused to launch further attacks against the others. Since it is likely that there always are compromised computers, it is important to be aware of the (dynamic) cyber security-related situation, which is however challenging because cyberspace is an extremely large-scale complex system. Our project aims to investigate a theoretical framework for trustworthy cyber sensing. With the perspective of treating cyberspace as a large-scale complex system, the core question we aim to address is: What would be a competent theoretical (mathematical and algorithmic) framework for designing, analyzing, deploying, managing, and adapting cyber sensor systems so as to provide trustworthy information or input to the higher layer of cyber situation-awareness management, even in the presence of sophisticated malicious attacks against the cyber sensor systems?

National Concept of Operations for Maritime Domain Awareness

DTIC Science & Technology

2007-12-01

Maritime Domain Awareness (MDA) is the effective understanding of anything associated with the global maritime domain that could impact the security... Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding... Awareness (MDA) is the effective understanding of anything associated with the global maritime domain that could impact the security, safety

Improving Radiation Awareness and Feeling of Personal Security of Non-Radiological Medical Staff by Implementing a Traffic Light System in Computed Tomography.

PubMed

Heilmaier, C; Mayor, A; Zuber, N; Fodor, P; Weishaupt, D

2016-03-01

Non-radiological medical professionals often need to remain in the scanning room during computed tomography (CT) examinations to supervise patients in critical condition. Independent of protective devices, their position significantly influences the radiation dose they receive. The purpose of this study was to assess if a traffic light system indicating areas of different radiation exposure improves non-radiological medical staff's radiation awareness and feeling of personal security. Phantom measurements were performed to define areas of different dose rates and colored stickers were applied on the floor according to a traffic light system: green = lowest, orange = intermediate, and red = highest possible radiation exposure. Non-radiological medical professionals with different years of working experience evaluated the system using a structured questionnaire. Kruskal-Wallis and Spearman's correlation test were applied for statistical analysis. Fifty-six subjects (30 physicians, 26 nursing staff) took part in this prospective study. Overall rating of the system was very good, and almost all professionals tried to stand in the green stickers during the scan. The system significantly increased radiation awareness and feeling of personal protection particularly in staff with ≤ 5 years of working experience (p < 0.05). The majority of non-radiological medical professionals stated that staying in the green stickers and patient care would be compatible. Knowledge of radiation protection was poor in all groups, especially among entry-level employees (p < 0.05). A traffic light system in the CT scanning room indicating areas with lowest, intermediate, and highest possible radiation exposure is much appreciated. It increases radiation awareness, improves the sense of personal radiation protection, and may support endeavors to lower occupational radiation exposure, although the best radiation protection always is to re-main outside the CT room during the scan. • A traffic light system indicating areas with different radiation exposure within the computed tomography scanner room is much appreciated by non-radiological medical staff. • The traffic light system increases non-radiological medical staff's radiation awareness and feeling of personal protection. • Knowledge on radiation protection was poor in non-radiological medical staff, especially in those with few working experience. © Georg Thieme Verlag KG Stuttgart · New York.

Exploring the effectiveness of transit security awareness campaigns in the San Francisco Bay Area.

DOT National Transportation Integrated Search

2010-06-01

Public involvement in alerting officials of suspicious and potentially harmful activity is critical to the overall security of a transit system. As part of an effort to get passengers and the public involved, many transit agencies have security aware...

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

DOE Office of Scientific and Technical Information (OSTI.GOV)

Laughlin, Gary L.

The International, Homeland, and Nuclear Security (IHNS) Program Management Unit (PMU) oversees a broad portfolio of Sandia’s programs in areas ranging from global nuclear security to critical asset protection. We use science and technology, innovative research, and global engagement to counter threats, reduce dangers, and respond to disasters. The PMU draws on the skills of scientists and engineers from across Sandia. Our programs focus on protecting US government installations, safeguarding nuclear weapons and materials, facilitating nonproliferation activities, securing infrastructures, countering chemical and biological dangers, and reducing the risk of terrorist threats. We conduct research in risk and threat analysis, monitoringmore » and detection, decontamination and recovery, and situational awareness. We develop technologies for verifying arms control agreements, neutralizing dangerous materials, detecting intruders, and strengthening resiliency. Our programs use Sandia’s High-Performance Computing resources for predictive modeling and simulation of interdependent systems, for modeling dynamic threats and forecasting adaptive behavior, and for enabling decision support and processing large cyber data streams. In this report, we highlight four advanced computation projects that illustrate the breadth of the IHNS mission space.« less

Final Report: Computer-aided Human Centric Cyber Situation Awareness

DTIC Science & Technology

2016-03-20

logs, OS audit trails, vulnerability reports, and packet dumps ), weeding out the false positives, grouping the related indicators so that different...short time duration of each visual stimulus in an fMRI study, we have designed “network security analysis cards ” that require the subject to...determine whether alerts in the cards indicate malicious events. Two types of visual displays of alerts (i.e., tabular display and node-link display) are

Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W J; Krystosek, P; Smith, J

2002-11-27

With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does notmore » consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these items do not take a lot of work, but require an awareness of the risks involved in not doing them or doing them incorrectly. The security of home networks and communications with company networks can be significantly improved by adding an appropriate software or hardware firewall to the home network and using a protected protocol such as Secure Sockets Layer (SSL), a Virtual Private Network (VPN), or Secure Shell (SSH) for connecting to the company network.« less

The internet worm

NASA Technical Reports Server (NTRS)

Denning, Peter J.

1989-01-01

In November 1988 a worm program invaded several thousand UNIX-operated Sun workstations and VAX computers attached to the Research Internet, seriously disrupting service for several days but damaging no files. An analysis of the work's decompiled code revealed a battery of attacks by a knowledgeable insider, and demonstrated a number of security weaknesses. The attack occurred in an open network, and little can be inferred about the vulnerabilities of closed networks used for critical operations. The attack showed that passwork protection procedures need review and strengthening. It showed that sets of mutually trusting computers need to be carefully controlled. Sharp public reaction crystalized into a demand for user awareness and accountability in a networked world.

Cultural Awareness in Nuclear Security Programs: A Critical Link

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nasser, Al-Sharif Nasser bin; Auda, Jasmine; Bachner, Katherine

Nuclear security programs that offer training and capacity building opportunities to practitioners working in nuclear facilities play a central role in strengthening the global nuclear security architecture. There is often a significant divide, however, between both the development of these programs and their implementation, and between the programs’ intended and actual outcomes. This article argues that this disconnect can often be attributed to an absence of cultural awareness and an inability for internationally-designed programs to effectively resonate with local audiences. Furthermore, the importance of the role of cultural awareness in implementing nuclear security programs will be assessed, and its applicationsmore » in the Jordanian context will be presented.« less

Cultural Awareness in Nuclear Security Programs: A Critical Link

DOE PAGES

Nasser, Al-Sharif Nasser bin; Auda, Jasmine; Bachner, Katherine

2016-11-20

Nuclear security programs that offer training and capacity building opportunities to practitioners working in nuclear facilities play a central role in strengthening the global nuclear security architecture. There is often a significant divide, however, between both the development of these programs and their implementation, and between the programs’ intended and actual outcomes. This article argues that this disconnect can often be attributed to an absence of cultural awareness and an inability for internationally-designed programs to effectively resonate with local audiences. Furthermore, the importance of the role of cultural awareness in implementing nuclear security programs will be assessed, and its applicationsmore » in the Jordanian context will be presented.« less

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

PubMed Central

Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

Protecting location privacy for outsourced spatial data in cloud storage.

PubMed

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

Exploring Effects of Organizational Culture upon Implementation of Information Security Awareness and Training Programs within the Defense Industry Located in the Tennessee Valley Region

ERIC Educational Resources Information Center

Grant, Robert Luther

2017-01-01

Data breaches due to social engineering attacks and employee negligence are on the rise. The only known defense against social engineering attacks and employee negligence is information security awareness and training. However, implementation of awareness and training programs within organizations are lagging in priority. This research used the…

Threats and risks to information security: a practical analysis of free access wireless networks

NASA Astrophysics Data System (ADS)

Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

2017-08-01

Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

Can Cyberloafing and Internet Addiction Affect Organizational Information Security?

PubMed

Hadlington, Lee; Parsons, Kathryn

2017-09-01

Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.

Secure software practices among Malaysian software practitioners: An exploratory study

NASA Astrophysics Data System (ADS)

Mohamed, Shafinah Farvin Packeer; Baharom, Fauziah; Deraman, Aziz; Yahya, Jamaiah; Mohd, Haslina

2016-08-01

Secure software practices is increasingly gaining much importance among software practitioners and researchers due to the rise of computer crimes in the software industry. It has become as one of the determinant factors for producing high quality software. Even though its importance has been revealed, its current practice in the software industry is still scarce, particularly in Malaysia. Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices in the real-world projects. This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collection purpose whilst statistical methods such as frequency, mean, and cross tabulation are used for data analysis. Outcomes from this study reveal that software practitioners are becoming increasingly aware on the importance of secure software practices, however, they lack of appropriate implementation, which could affect the quality of produced software.

NINJA: a noninvasive framework for internal computer security hardening

NASA Astrophysics Data System (ADS)

Allen, Thomas G.; Thomson, Steve

2004-07-01

Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive scans with an adequate framework performed on a daily basis reduce the amount of security work load as well as the timeliness in performing remediation, as verified by the NINJA framework. A vulnerability assessment/auditing architecture based on mobile agent technology is proposed and examined at the end of the article as an enhancement to the current NINJA architecture.

A Study of Security Awareness Information Delivery within the Defense Intelligence Community

ERIC Educational Resources Information Center

Krasley, Paul F.

2011-01-01

Due to limited resources and inconsistent guidance from the U.S. Federal Government, Department of Defense, and multiple environments within the intelligence community, the defense intelligence agencies each developed their own methods to deliver security awareness information. These multiple delivery methods may be providing different levels of…

Fostering E-Mail Security Awareness: The West Point Carronade

ERIC Educational Resources Information Center

Ferguson, Aaron J.

2005-01-01

The United States Military Academy (USMA) at West Point had a problem with some cadets clicking on suspicious attachments and embedded links, significantly affecting network performance and resource availability. West Point information technology leadership needed a way to increase e-mail security awareness in hopes of maintaining a strong…

Organisational Pattern Driven Recovery Mechanisms

NASA Astrophysics Data System (ADS)

Giacomo, Valentina Di; Presenza, Domenico; Riccucci, Carlo

The process of reaction to system failures and security attacks is strongly influenced by its infrastructural, procedural and organisational settings. Analysis of reaction procedures and practices from different domains (Air Traffic Management, Response to Computer Security Incident, Response to emergencies, recovery in Chemical Process Industry) highlight three key requirements for this activity: smooth collaboration and coordination among responders, accurate monitoring and management of resources and ability to adapt pre-established reaction plans to the actual context. The SERENITY Reaction Mechanisms (SRM) is the subsystem of the SERENITY Run-time Framework aimed to provide SERENITY aware AmI settings (i.e. socio-technical systems with highly distributed dynamic services) with functionalities to implement applications specific reaction strategies. The SRM uses SERENITY Organisational S&D Patterns as run-time models to drive these three key functionalities.

A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation.

PubMed

Rahayu, Triana Mugia; Lee, Sang-Gon; Lee, Hoon-Jae

2015-06-26

The commonly unattended and hostile deployments of WSNs and their resource-constrained sensor devices have led to an increasing demand for secure energy-efficient protocols. Routing and data aggregation receive the most attention since they are among the daily network routines. With the awareness of such demand, we found that so far there has been no work that lays out a secure routing protocol as the foundation for a secure data aggregation protocol. We argue that the secure routing role would be rendered useless if the data aggregation scheme built on it is not secure. Conversely, the secure data aggregation protocol needs a secure underlying routing protocol as its foundation in order to be effectively optimal. As an attempt for the solution, we devise an energy-aware protocol based on LEACH and ESPDA that combines secure routing protocol and secure data aggregation protocol. We then evaluate its security effectiveness and its energy-efficiency aspects, knowing that there are always trade-off between both.

A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation

PubMed Central

Rahayu, Triana Mugia; Lee, Sang-Gon; Lee, Hoon-Jae

2015-01-01

The commonly unattended and hostile deployments of WSNs and their resource-constrained sensor devices have led to an increasing demand for secure energy-efficient protocols. Routing and data aggregation receive the most attention since they are among the daily network routines. With the awareness of such demand, we found that so far there has been no work that lays out a secure routing protocol as the foundation for a secure data aggregation protocol. We argue that the secure routing role would be rendered useless if the data aggregation scheme built on it is not secure. Conversely, the secure data aggregation protocol needs a secure underlying routing protocol as its foundation in order to be effectively optimal. As an attempt for the solution, we devise an energy-aware protocol based on LEACH and ESPDA that combines secure routing protocol and secure data aggregation protocol. We then evaluate its security effectiveness and its energy-efficiency aspects, knowing that there are always trade-off between both. PMID:26131669

Understanding the Value of a Computer Emergency Response Capability for Nuclear Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gasper, Peter Donald; Rodriguez, Julio Gallardo

The international nuclear community has a great understanding of the physical security needs relating to the prevention, detection, and response of malicious acts associated with nuclear facilities and radioactive material. International Atomic Energy Agency (IAEA) Nuclear Security Recommendations (INFCIRC_225_Rev 5) outlines specific guidelines and recommendations for implementing and maintaining an organization’s nuclear security posture. An important element for inclusion into supporting revision 5 is the establishment of a “Cyber Emergency Response Team (CERT)” focused on the international communities cybersecurity needs to maintain a comprehensive nuclear security posture. Cybersecurity and the importance of nuclear cybersecurity require that there be a specificmore » focus on developing an International Nuclear CERT (NS-CERT). States establishing contingency plans should have an understanding of the cyber threat landscape and the potential impacts to systems in place to protect and mitigate malicious activities. This paper will outline the necessary components, discuss the relationships needed within the international community, and outline a process by which the NS-CERT identifies, collects, processes, and reports critical information in order to establish situational awareness (SA) and support decision-making« less

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Global Maritime Awareness

DTIC Science & Technology

2009-06-01

to maritime information Mission: Act as a Maritime Awareness Coordinator and data critical to building situational awareness . We are...Maritime Awareness Technical Sub-committee (NMATS) July 2008 Desired Outcome Maritime Information Exchange Vision: Global maritime information ...Global Maritime Situational Awareness I i i i 1 Information Hubs n t at ves: . 2. MSSIS (Maritime Safety & Security Information Systems

The Effectiveness of Information Technology Simulation and Security Awareness Training on U.S Military Personnel in Iraq and Afghanistan

ERIC Educational Resources Information Center

Armstead, Stanley K.

2017-01-01

In today's dynamic military environment, information technology plays a crucial role in the support of mission preparedness and operational readiness. This research examined the effectiveness of information technology security simulation and awareness training on U.S. military personnel in Iraq and Afghanistan. Also, the study analyzed whether…

If it walks like a duck: nanosensor threat assessment

NASA Astrophysics Data System (ADS)

Chachis, George C.

2003-09-01

A convergence of technologies is making deployment of unattended ground nanosensors operationally feasible in terms of energy, communications for both arbitrated and self-organizing distributed, collective behaviors. A number of nano communications technologies are already making network-centric systems possible for MicroElectrical Mechanical (MEM) sensor devices today. Similar technologies may make NanoElectrical Mechanical (NEM) sensor devices operationally feasible a few years from now. Just as organizational behaviors of large numbers of nanodevices can derive strategies from social insects and other group-oriented animals, bio-inspired heuristics for threat assessment provide a conceptual approach for successful integration of nanosensors into unattended smart sensor networks. Biological models such as the organization of social insects or the dynamics of immune systems show promise as biologically-inspired paradigms for protecting nanosensor networks for security scene analysis and battlespace awareness. The paradox of nanosensors is that the smaller the device is the more useful it is but the smaller it is the more vulnerable it is to a variety of threats. In other words simpler means networked nanosensors are more likely to fall prey to a wide-range of attacks including jamming, spoofing, Janisserian recruitment, Pied-Piper distraction, as well as typical attacks computer network security. Thus, unattended sensor technologies call for network architectures that include security and countermeasures to provide reliable scene analysis or battlespace awareness information. Such network centric architectures may well draw upon a variety of bio-inspired approaches to safeguard, validate and make sense of large quantities of information.

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

T2AR: trust-aware ad-hoc routing protocol for MANET.

PubMed

Dhananjayan, Gayathri; Subbiah, Janakiraman

2016-01-01

Secure data transfer against the malicious attacks is an important issue in an infrastructure-less independent network called mobile ad-hoc network (MANET). Trust assurance between MANET nodes is the key parameter in the high-security provision under dynamic topology variations and open wireless constraints. But, the malicious behavior of nodes reduces the trust level of the nodes that leads to an insecure data delivery. The increase in malicious attacks causes the excessive energy consumption that leads to a reduction of network lifetime. The lack of positional information update of the nodes in ad-hoc on-demand vector (AODV) protocol during the connection establishment offers less trust level between the nodes. Hence, the trust rate computation using energy and mobility models and its update are the essential tasks for secure data delivery. This paper proposes a trust-aware ad-hoc routing (T2AR) protocol to improve the trust level between the nodes in MANET. The proposed method modifies the traditional AODV routing protocol with the constraints of trust rate, energy, mobility based malicious behavior prediction. The packet sequence ID matching from the log reports of neighbor nodes determine the trust rate that avoids the malicious report generation. Besides, the direct and indirect trust observation schemes utilization increases the trust level. Besides, the received signal strength indicator utilization determines the trusted node is within the communication range or not. The comparative analysis between the proposed T2AR with the existing methods such as TRUNCMAN, RBT, GR, FBR and DICOTIDS regarding the average end-to-end delay, throughput, false positives, packet delivery ratio shows the effectiveness of T2AR in the secure MANET environment design.

Adversarial Feature Selection Against Evasion Attacks.

PubMed

Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

2016-03-01

Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

Online Safety: Fraud, Security, Phishing, Vishing

MedlinePlus

... Theft Online Safety Privacy Report Scams and Frauds Online Safety Be aware of these scams when you' ... Security and Safety Internet Fraud Phishing and Vishing Online Security and Safety The internet makes many everyday ...

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Minimalism context-aware displays.

PubMed

Cai, Yang

2004-12-01

Despite the rapid development of cyber technologies, today we still have very limited attention and communication bandwidth to process the increasing information flow. The goal of the study is to develop a context-aware filter to match the information load with particular needs and capacities. The functions include bandwidth-resolution trade-off and user context modeling. From the empirical lab studies, it is found that the resolution of images can be reduced in order of magnitude if the viewer knows that he/she is looking for particular features. The adaptive display queue is optimized with real-time operational conditions and user's inquiry history. Instead of measuring operator's behavior directly, ubiquitous computing models are developed to anticipate user's behavior from the operational environment data. A case study of the video stream monitoring for transit security is discussed in the paper. In addition, the author addresses the future direction of coherent human-machine vision systems.

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Suicide Awareness

MedlinePlus

... Resources Resource Request System Contact Us Legal and Security Accessibility Accessibility Tools Disclaimer Privacy Act Statement & Security No Fear Act FOIA Inspector General Audits & Investigative ...

Introduction to This Special Issue on Context-Aware Computing.

ERIC Educational Resources Information Center

Moran, Thomas P.; Dourish, Paul

2001-01-01

Discusses pervasive, or ubiquitous, computing; explains the notion of context; and defines context-aware computing as the key to disperse and enmesh computation into our lives. Considers context awareness in human-computer interaction and describes the broad topic areas of the essays included in this special issue. (LRW)

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

Mobile Tracking and Location Awareness in Disaster Relief and Humanitarian Assistance Situations

DTIC Science & Technology

2012-09-01

establishing mobile ad - hoc networks. Smartphones also have accelerometers that are used to detect any motion by the device. Furthermore, almost every...AVAILABILITY STATEMENT Approved for public release; distribution is unlimited 12b. DISTRIBUTION CODE A 13. ABSTRACT (maximum 200 words...Picture, Situational Awareness 15. NUMBER OF PAGES 55 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY

Final Report: Sensorpedia Phases 1 and 2

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gorman, Bryan L; Resseguie, David R

2010-08-01

Over the past several years, ORNL has been actively involved in research to formalize the engineering principles and best practices behind emerging social media and social networking concepts to solve real-time data sharing problems for national security and defense, public health and safety, environmental and infrastructure awareness, and disaster preparedness and response. Sensorpedia, an ORNL web site, is a practical application of several key social media principles. Dubbed the Wikipedia for sensors, Sensorpedia is currently in limited BETA testing and was selected in 2009 by Federal Computer Week as one of the government s top 10 social networking sites.

Context-aware access control for pervasive access to process-based healthcare systems.

PubMed

Koufi, Vassiliki; Vassilacopoulos, George

2008-01-01

Healthcare is an increasingly collaborative enterprise involving a broad range of healthcare services provided by many individuals and organizations. Grid technology has been widely recognized as a means for integrating disparate computing resources in the healthcare field. Moreover, Grid portal applications can be developed on a wireless and mobile infrastructure to execute healthcare processes which, in turn, can provide remote access to Grid database services. Such an environment provides ubiquitous and pervasive access to integrated healthcare services at the point of care, thus improving healthcare quality. In such environments, the ability to provide an effective access control mechanism that meets the requirement of the least privilege principle is essential. Adherence to the least privilege principle requires continuous adjustments of user permissions in order to adapt to the current situation. This paper presents a context-aware access control mechanism for HDGPortal, a Grid portal application which provides access to workflow-based healthcare processes using wireless Personal Digital Assistants. The proposed mechanism builds upon and enhances security mechanisms provided by the Grid Security Infrastructure. It provides tight, just-in-time permissions so that authorized users get access to specific objects according to the current context. These permissions are subject to continuous adjustments triggered by the changing context. Thus, the risk of compromising information integrity during task executions is reduced.

INL Control System Situational Awareness Technology Annual Report 2012

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gordon Rueff; Bryce Wheeler; Todd Vollmer

The overall goal of this project is to develop an interoperable set of tools to provide a comprehensive, consistent implementation of cyber security and overall situational awareness of control and sensor network implementations. The operation and interoperability of these tools will fill voids in current technological offerings and address issues that remain an impediment to the security of control systems. This report provides an FY 2012 update on the Sophia, Mesh Mapper, Intelligent Cyber Sensor, and Data Fusion projects with respect to the year-two tasks and annual reporting requirements of the INL Control System Situational Awareness Technology report (July 2010).

Effect of Organizational Factors on Information Security Implementations

ERIC Educational Resources Information Center

Perez, Rafael G.

2013-01-01

The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

What is Security? A perspective on achieving security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Atencio, Julian J.

This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

78 FR 61807 - National Cybersecurity Awareness Month, 2013

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-04

... National Cybersecurity Awareness Month, 2013 By the President of the United States of America A... public awareness about cybersecurity, and we recommit to enhancing the security and resilience of our... best practices for cybersecurity, increase information sharing between the Federal Government and...

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

DOE PAGES

Vollmer, Todd; Manic, Milos; Linda, Ondrej

2013-06-01

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfiguremore » in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.« less

Square pegs in round holes: information systems, hospitals and the significance of contextual awareness.

PubMed

Tjora, Aksel Hagen; Scambler, Graham

2009-02-01

The considerable emphasis in the development and implementation of clinical information systems in hospitals internationally seems to have had a limited effect. In particular, the implementation of electronic patient record (EPR) systems has been slower and more difficult than anticipated and with little change in efficiency and security. This paper suggests why this might be the case. Well established research findings within the field of computer supported cooperative work (CSCW--an interdisciplinary research field between informatics and the social sciences) are cited to construct a case for greater awareness of (1) inter- and intra-professional interests, and (2) broader social and health policy contexts. We draw on Gouldner's work [(1957). Cosmopolitans and locals: toward an analysis of latent social roles--I. Administrative Science Quarterly, 2(3), 281-306; (1958). Cosmopolitans and locals: toward an analysis of latent social roles--II. Administrative Science Quarterly, 2 (4), 444-480] on organisational roles to develop a discussion of professional awareness; a pivotal notion is also the interactionist one of the hospital as a 'negotiated order'. Drawing for illustrative purposes on the Norwegian experience (that is, reviewing research on hospital information systems in Norway), we contend that enhanced awareness of the hospital itself as a social system may be a precondition of cost-effective hospital information and communication technologies.

Situation awareness and trust in computer-based procedures in nuclear power plant operations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Throneburg, E. B.; Jones, J. M.

2006-07-01

Situation awareness and trust are two issues that need to be addressed in the design of computer-based procedures for nuclear power plants. Situation awareness, in relation to computer-based procedures, concerns the operators' knowledge of the plant's state while following the procedures. Trust concerns the amount of faith that the operators put into the automated procedures, which can affect situation awareness. This paper first discusses the advantages and disadvantages of computer-based procedures. It then discusses the known aspects of situation awareness and trust as applied to computer-based procedures in nuclear power plants. An outline of a proposed experiment is then presentedmore » that includes methods of measuring situation awareness and trust so that these aspects can be analyzed for further study. (authors)« less

Smashing the Stovepipe: Leveraging the GMSEC Open Architecture and Advanced IT Automation to Rapidly Prototype, Develop and Deploy Next-Generation Multi-Mission Ground Systems

NASA Technical Reports Server (NTRS)

Swenson, Paul

2017-01-01

Satellite/Payload Ground Systems - Typically highly-customized to a specific mission's use cases - Utilize hundreds (or thousands!) of specialized point-to-point interfaces for data flows / file transfers Documentation and tracking of these complex interfaces requires extensive time to develop and extremely high staffing costs Implementation and testing of these interfaces are even more cost-prohibitive, and documentation often lags behind implementation resulting in inconsistencies down the road With expanding threat vectors, IT Security, Information Assurance and Operational Security have become key Ground System architecture drivers New Federal security-related directives are generated on a daily basis, imposing new requirements on current / existing ground systems - These mandated activities and data calls typically carry little or no additional funding for implementation As a result, Ground System Sustaining Engineering groups and Information Technology staff continually struggle to keep up with the rolling tide of security Advancing security concerns and shrinking budgets are pushing these large stove-piped ground systems to begin sharing resources - I.e. Operational / SysAdmin staff, IT security baselines, architecture decisions or even networks / hosting infrastructure Refactoring these existing ground systems into multi-mission assets proves extremely challenging due to what is typically very tight coupling between legacy components As a result, many "Multi-Mission" ops. environments end up simply sharing compute resources and networks due to the difficulty of refactoring into true multi-mission systems Utilizing continuous integration / rapid system deployment technologies in conjunction with an open architecture messaging approach allows System Engineers and Architects to worry less about the low-level details of interfaces between components and configuration of systems GMSEC messaging is inherently designed to support multi-mission requirements, and allows components to aggregate data across multiple homogeneous or heterogeneous satellites or payloads - The highly-successful Goddard Science and Planetary Operations Control Center (SPOCC) utilizes GMSEC as the hub for it's automation and situational awareness capability Shifts focus towards getting GS to a final configuration-managed baseline, as well as multi-mission / big-picture capabilities that help increase situational awareness, promote cross-mission sharing and establish enhanced fleet management capabilities across all levels of the enterprise.

ISBP: Understanding the Security Rule of Users' Information-Sharing Behaviors in Partnership

PubMed Central

Wu, Hongchen; Wang, Xinjun

2016-01-01

The rapid growth of social network data has given rise to high security awareness among users, especially when they exchange and share their personal information. However, because users have different feelings about sharing their information, they are often puzzled about who their partners for exchanging information can be and what information they can share. Is it possible to assist users in forming a partnership network in which they can exchange and share information with little worry? We propose a modified information sharing behavior prediction (ISBP) model that can help in understanding the underlying rules by which users share their information with partners in light of three common aspects: what types of items users are likely to share, what characteristics of users make them likely to share information, and what features of users’ sharing behavior are easy to predict. This model is applied with machine learning techniques in WEKA to predict users’ decisions pertaining to information sharing behavior and form them into trustable partnership networks by learning their features. In the experiment section, by using two real-life datasets consisting of citizens’ sharing behavior, we identify the effect of highly sensitive requests on sharing behavior adjacent to individual variables: the younger participants’ partners are more difficult to predict than those of the older participants, whereas the partners of people who are not computer majors are easier to predict than those of people who are computer majors. Based on these findings, we believe that it is necessary and feasible to offer users personalized suggestions on information sharing decisions, and this is pioneering work that could benefit college researchers focusing on user-centric strategies and website owners who want to collect more user information without raising their privacy awareness or losing their trustworthiness. PMID:26950064

ISBP: Understanding the Security Rule of Users' Information-Sharing Behaviors in Partnership.

PubMed

Wu, Hongchen; Wang, Xinjun

2016-01-01

The rapid growth of social network data has given rise to high security awareness among users, especially when they exchange and share their personal information. However, because users have different feelings about sharing their information, they are often puzzled about who their partners for exchanging information can be and what information they can share. Is it possible to assist users in forming a partnership network in which they can exchange and share information with little worry? We propose a modified information sharing behavior prediction (ISBP) model that can help in understanding the underlying rules by which users share their information with partners in light of three common aspects: what types of items users are likely to share, what characteristics of users make them likely to share information, and what features of users' sharing behavior are easy to predict. This model is applied with machine learning techniques in WEKA to predict users' decisions pertaining to information sharing behavior and form them into trustable partnership networks by learning their features. In the experiment section, by using two real-life datasets consisting of citizens' sharing behavior, we identify the effect of highly sensitive requests on sharing behavior adjacent to individual variables: the younger participants' partners are more difficult to predict than those of the older participants, whereas the partners of people who are not computer majors are easier to predict than those of people who are computer majors. Based on these findings, we believe that it is necessary and feasible to offer users personalized suggestions on information sharing decisions, and this is pioneering work that could benefit college researchers focusing on user-centric strategies and website owners who want to collect more user information without raising their privacy awareness or losing their trustworthiness.

A pedagogical example of second-order arithmetic sequences applied to the construction of computer passwords by upper elementary grade students

NASA Astrophysics Data System (ADS)

Coggins, Porter E.

2015-04-01

The purpose of this paper is (1) to present how general education elementary school age students constructed computer passwords using digital root sums and second-order arithmetic sequences, (2) argue that computer password construction can be used as an engaging introduction to generate interest in elementary school students to study mathematics related to computer science, and (3) share additional mathematical ideas accessible to elementary school students that can be used to create computer passwords. This paper serves to fill a current gap in the literature regarding the integration of mathematical content accessible to upper elementary school students and aspects of computer science in general, and computer password construction in particular. In addition, the protocols presented here can serve as a hook to generate further interest in mathematics and computer science. Students learned to create a random-looking computer password by using biometric measurements of their shoe size, height, and age in months and to create a second-order arithmetic sequence, then converted the resulting numbers into characters that become their computer passwords. This password protocol can be used to introduce students to good computer password habits that can serve a foundation for a life-long awareness of data security. A refinement of the password protocol is also presented.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2011 CFR

2011-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2010 CFR

2010-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...

Social Security Measures for Elderly Population in Delhi, India: Awareness, Utilization and Barriers.

PubMed

Kohli, Charu; Gupta, Kalika; Banerjee, Bratati; Ingle, Gopal Krishna

2017-05-01

World population of elderly is increasing at a fast pace. The number of elderly in India has increased by 54.77% in the last 15 years. A number of social security measures have been taken by Indian government. To assess awareness, utilization and barriers faced while utilizing social security schemes by elderly in a secondary care hospital situated in a rural area in Delhi, India. A cross-sectional study was conducted among 360 individuals aged 60 years and above in a secondary care hospital situated in a rural area in Delhi. A pre-tested, semi-structured schedule prepared in local language was used. Data was analysed using SPSS software (version 17.0). Chi-square test was used to observe any statistical association between categorical variables. The results were considered statistically significant if p-value was less than 0.05. A majority of study subjects were females (54.2%), Hindu (89.7%), married (60.3%) and were not engaged in any occupation (82.8%). Awareness about Indira Gandhi National Old Age Pension Scheme (IGNOAPS) was present among 286 (79.4%) and Annapurna scheme in 193 (53.6%) subjects. Among 223 subjects who were below poverty line, 179 (80.3%) were aware of IGNOAPS; while, 112 (50.2%) were utilizing the scheme. There was no association of awareness with education status, occupation, religion, family type, marital status and caste (p>0.05). Corruption and tedious administrative formalities were major barriers reported. Awareness generation, provision of information on how to approach the concerned authority for utilizing the scheme and ease of administrative procedures should be an integral part of any social security scheme or measure. In the present study, about 79.4% of elderly were aware and 45% of the eligible subjects were utilizing pension scheme. Major barriers reported in utilization of schemes were corruption and tedious administrative procedures.

Social Security Measures for Elderly Population in Delhi, India: Awareness, Utilization and Barriers

PubMed Central

Kohli, Charu; Banerjee, Bratati; Ingle, Gopal Krishna

2017-01-01

Introduction World population of elderly is increasing at a fast pace. The number of elderly in India has increased by 54.77% in the last 15 years. A number of social security measures have been taken by Indian government. Aim To assess awareness, utilization and barriers faced while utilizing social security schemes by elderly in a secondary care hospital situated in a rural area in Delhi, India. Materials and Methods A cross-sectional study was conducted among 360 individuals aged 60 years and above in a secondary care hospital situated in a rural area in Delhi. A pre-tested, semi-structured schedule prepared in local language was used. Data was analysed using SPSS software (version 17.0). Chi-square test was used to observe any statistical association between categorical variables. The results were considered statistically significant if p-value was less than 0.05. Results A majority of study subjects were females (54.2%), Hindu (89.7%), married (60.3%) and were not engaged in any occupation (82.8%). Awareness about Indira Gandhi National Old Age Pension Scheme (IGNOAPS) was present among 286 (79.4%) and Annapurna scheme in 193 (53.6%) subjects. Among 223 subjects who were below poverty line, 179 (80.3%) were aware of IGNOAPS; while, 112 (50.2%) were utilizing the scheme. There was no association of awareness with education status, occupation, religion, family type, marital status and caste (p>0.05). Corruption and tedious administrative formalities were major barriers reported. Conclusion Awareness generation, provision of information on how to approach the concerned authority for utilizing the scheme and ease of administrative procedures should be an integral part of any social security scheme or measure. In the present study, about 79.4% of elderly were aware and 45% of the eligible subjects were utilizing pension scheme. Major barriers reported in utilization of schemes were corruption and tedious administrative procedures. PMID:28658811

A Portable Computer Security Workshop

ERIC Educational Resources Information Center

Wagner, Paul J.; Phillips, Andrew T.

2006-01-01

We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

The Asia-Pacific Maritime Security Strategy: Achieving U.S. National Security Objectives in a Changing Environment

DTIC Science & Technology

2015-07-27

devastated parts of Japan and damaged the Fukushima Daiichi nuclear power station, the U.S. military was able to deploy state-of-the-art maritime...capacity and interagency coordination to help improve their maritime domain awareness . The Department also is working with Indonesia to increase its...Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other

Data security and patient confidentiality: the manager's role.

PubMed

Fisher, F; Madge, B

1996-10-01

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their 'need to know' clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients consent, except in a legally allowable situation, should be a statutory offence.

77 FR 65048 - Privacy Act; System of Records: Personal Property Claims, State-27

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-24

... cyber security awareness training which covers the procedures for handling Sensitive but Unclassified... Property Claims. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Department of State, SA-3, Suite... which can include information such as names, birthdates, social security numbers (SSNs), employee IDs...

Assessing staff attitudes towards information security in a European healthcare establishment.

PubMed

Furnell, S M; Gaunt, P N; Holben, R F; Sanders, P W; Stockel, C T; Warren, M J

1996-01-01

Information security is now recognized as an important consideration in modern healthcare establishments (HCEs), with a variety of guidelines and standards currently available to enable the environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. This paper establishes that the staff culture of the organization is of particular importance in determining the level and types of security that will be accepted. This culture will be based upon staff awareness of and attitudes towards security and it is, therefore, important to have a clear idea of what these attitudes are. To this end, two surveys have been conducted within a reference environment to establish the attitudes of general users and technical staff, allowing the results to be fed back to HCE management to enable security policy to be appropriately defined. These results indicated that, although the establishment had participated in a European healthcare security initiative, staff attitudes and awareness were still weak in some areas.

Context aware adaptive security service model

NASA Astrophysics Data System (ADS)

Tunia, Marcin A.

2015-09-01

Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

How Attitude toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention

ERIC Educational Resources Information Center

Johnson, David P.

2017-01-01

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human…

Critical Infrastructure Protection and Federal Statutory Authority for the Departments of Homeland Security and Defense to Perform Two Key Tasks

DTIC Science & Technology

2017-04-13

Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law , no person shall be...policy, and law . The research question is whether the Departments of Homeland Security (DHS) and Defense (DOD) have federal statutory authority to... law ); Department of Homeland Security; Department of Defense; establish standards; physical protection and security; national security 16. SECURITY

Using Cryptography to Improve Conjunction Analysis

NASA Astrophysics Data System (ADS)

Hemenway, B.; Welser, B.; Baiocchi, D.

2012-09-01

Coordination of operations between satellite operators is becoming increasingly important to prevent collisions. Unfortunately, this coordination is often handicapped by a lack of trust. Coordination and cooperation between satellite operators can take many forms, however, one specific area where cooperation between operators would yield significant benefits is in the computation of conjunction analyses. Passively collected orbital are of generally of too low fidelity to be of use in conjunction analyses. Each operator, however, maintains high fidelity data about their own satellites. These high fidelity data are significantly more valuable in calculating conjunction analyses than the lower-fidelity data. If operators were to share their high fidelity data overall space situational awareness could be improved. At present, many operators do not share data and as a consequence space situational awareness suffers. Restrictive data sharing policies are primarily motivated by privacy concerns on the part of the satellite operators, as each operator is reluctant or unwilling to share data that might compromise its political or commercial interests. In order to perform the necessary conjunction analyses while still maintaining the privacy of their own data, a few operators have entered data sharing agreements. These operators provide their private data to a trusted outside party, who then performs the conjunction analyses and reports the results to the operators. These types of agreements are not an ideal solution as they require a degree of trust between the parties, and the cost of employing the trusted party can be large. In this work, we present and analyze cryptographic tools that would allow satellite operators to securely calculate conjunction analyses without the help of a trusted outside party, while provably maintaining the privacy of their own orbital information. For example, recent advances in cryptographic protocols, specifically in the area of secure Multiparty Computation (MPC) have the potential to allow satellite operators to perform the necessary conjunction analyses without the need to reveal their orbital information to anyone. This talk will describe how MPC works, and how we propose to use it to facilitate secure information sharing between satellite operators.

Demonstration of a Novel Synchrophasor-based Situational Awareness System: Wide Area Power System Visualization, On-line Event Replay and Early Warning of Grid Problems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rosso, A.

Since the large North Eastern power system blackout on August 14, 2003, U.S. electric utilities have spent lot of effort on preventing power system cascading outages. Two of the main causes of the August 14, 2003 blackout were inadequate situational awareness and inadequate operator training In addition to the enhancements of the infrastructure of the interconnected power systems, more research and development of advanced power system applications are required for improving the wide-area security monitoring, operation and planning in order to prevent large- scale cascading outages of interconnected power systems. It is critically important for improving the wide-area situation awarenessmore » of the operators or operational engineers and regional reliability coordinators of large interconnected systems. With the installation of large number of phasor measurement units (PMU) and the related communication infrastructure, it will be possible to improve the operators’ situation awareness and to quickly identify the sequence of events during a large system disturbance for the post-event analysis using the real-time or historical synchrophasor data. The purpose of this project was to develop and demonstrate a novel synchrophasor-based comprehensive situational awareness system for control centers of power transmission systems. The developed system named WASA (Wide Area Situation Awareness) is intended to improve situational awareness at control centers of the power system operators and regional reliability coordinators. It consists of following main software modules: • Wide-area visualizations of real-time frequency, voltage, and phase angle measurements and their contour displays for security monitoring. • Online detection and location of a major event (location, time, size, and type, such as generator or line outage). • Near-real-time event replay (in seconds) after a major event occurs. • Early warning of potential wide-area stability problems. The system has been deployed and demonstrated at the Tennessee Valley Authority (TVA) and ISO New England system using real-time synchrophasor data from openPDC. Apart from the software product, the outcome of this project consists of a set of technical reports and papers describing the mathematical foundations and computational approaches of different tools and modules, implementation issues and considerations, lessons learned, and the results of lidation processes.« less

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice.

PubMed

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-06-15

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.

49 CFR 1552.21 - Scope and definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.21 Scope and definitions. (a) Scope. This subpart applies to flight schools that provide instruction under 49 U.S.C. Subtitle VII, Part A, in the operation of aircraft or aircraft simulators, and to...

49 CFR 1552.21 - Scope and definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.21 Scope and definitions. (a) Scope. This subpart applies to flight schools that provide instruction under 49 U.S.C. Subtitle VII, Part A, in the operation of aircraft or aircraft simulators, and to...

49 CFR 1552.21 - Scope and definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.21 Scope and definitions. (a) Scope. This subpart applies to flight schools that provide instruction under 49 U.S.C. Subtitle VII, Part A, in the operation of aircraft or aircraft simulators, and to...

49 CFR 1552.21 - Scope and definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.21 Scope and definitions. (a) Scope. This subpart applies to flight schools that provide instruction under 49 U.S.C. Subtitle VII, Part A, in the operation of aircraft or aircraft simulators, and to...

49 CFR 1552.21 - Scope and definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.21 Scope and definitions. (a) Scope. This subpart applies to flight schools that provide instruction under 49 U.S.C. Subtitle VII, Part A, in the operation of aircraft or aircraft simulators, and to...

National Aeronautics and Space Administration's (NASA) Automated Information Security Handbook

NASA Technical Reports Server (NTRS)

Roback, E.

1991-01-01

The NASA Automated Information Security Handbook provides NASA's overall approach to automated information systems security including discussions of such aspects as: program goals and objectives, assignment of responsibilities, risk assessment, foreign national access, contingency planning and disaster recovery, awareness training, procurement, certification, planning, and special considerations for microcomputers.

Using SysML to model complex systems for security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cano, Lester Arturo

2010-08-01

As security systems integrate more Information Technology the design of these systems has tended to become more complex. Some of the most difficult issues in designing Complex Security Systems (CSS) are: Capturing Requirements: Defining Hardware Interfaces: Defining Software Interfaces: Integrating Technologies: Radio Systems: Voice Over IP Systems: Situational Awareness Systems.

Preparing Information Systems (IS) Graduates to Meet the Challenges of Global IT Security: Some Suggestions

ERIC Educational Resources Information Center

Sauls, Jeff; Gudigantala, Naveen

2013-01-01

Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are investing heavily in IT resources to keep up with the challenges of managing their IT security and…

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Mobile Device Security: Perspectives of Future Healthcare Workers

PubMed Central

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority. PMID:28566992

Mobile Device Security: Perspectives of Future Healthcare Workers.

PubMed

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Combining elements of information fusion and knowledge-based systems to support situation analysis

NASA Astrophysics Data System (ADS)

Roy, Jean

2006-04-01

Situation awareness has emerged as an important concept in military and public security environments. Situation analysis is defined as a process, the examination of a situation, its elements, and their relations, to provide and maintain a product, i.e., a state of situation awareness for the decision maker(s). It is well established that information fusion, defined as the process of utilizing one or more information sources over time to assemble a representation of aspects of interest in an environment, is a key enabler to meeting the demanding requirements of situation analysis. However, although information fusion is important, developing and adopting a knowledge-centric view of situation analysis should provide a more holistic perspective of this process. This is based on the notion that awareness ultimately has to do with having knowledge of something. Moreover, not all of the situation elements and relationships of interest are directly observable. Those aspects of interest that cannot be observed must be inferred, i.e., derived as a conclusion from facts or premises, or by reasoning from evidence. This paper discusses aspects of knowledge, and how it can be acquired from experts, formally represented and stored in knowledge bases to be exploited by computer programs, and validated. Knowledge engineering is reviewed, with emphasis given to cognitive and ontological engineering. Facets of reasoning are discussed, along with inferencing methods that can be used in computer applications. Finally, combining elements of information fusion and knowledge-based systems, an overall approach and framework for the building of situation analysis support systems is presented.

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

17 CFR 240.17g-4 - Prevention of misuse of material nonpublic information.

Code of Federal Regulations, 2010 CFR

2010-04-01

... otherwise benefiting from any transaction in securities or money market instruments when the person is aware... services that affects the securities or money market instruments; and (3) The inappropriate dissemination...

Addressing the Economic Security Issues Facing Same-Sex Couples.

ERIC Educational Resources Information Center

Dolan, Elizabeth M.; Stum, Marlene S.; Rupured, Michael

1999-01-01

Provides educators and researchers with an awareness of the financial security issues faced by same-sex couples and offers suggestions for incorporating the discussion of these ideas into existing curricula and research. (Author/JOW)

Uncertainty and Risk Management in Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Li, Jason; Ou, Xinming; Rajagopalan, Raj

Handling cyber threats unavoidably needs to deal with both uncertain and imprecise information. What we can observe as potential malicious activities can seldom give us 100% confidence on important questions we care about, e.g. what machines are compromised and what damage has been incurred. In security planning, we need information on how likely a vulnerability can lead to a successful compromise to better balance security and functionality, performance, and ease of use. These information are at best qualitative and are often vague and imprecise. In cyber situational awareness, we have to rely on such imperfect information to detect real attacks and to prevent an attack from happening through appropriate risk management. This chapter surveys existing technologies in handling uncertainty and risk management in cyber situational awareness.

SEED: A Suite of Instructional Laboratories for Computer Security Education

ERIC Educational Resources Information Center

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

Integrating Programming Language and Operating System Information Security Mechanisms

DTIC Science & Technology

2016-08-31

suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

Developing the security culture at the SEISMED Reference Centres.

PubMed

Fowler, J

1996-01-01

The paper gives a brief summary of the SEISMED project and the particular role played by the Reference Centres. Details are given of the hardware and application systems in use in the Royal Hospitals (NHS) Trust (RHT), one of the SEISMED Reference Centres. It proposes, without verification, a definition of a Security Culture based on three criteria. These are suggested to be the "Awareness" the "Acceptance" and the "Actions" of the management and staff to improve Information Systems Security throughout the RHT. The way that "Awareness" was increased is shown by the specific initiatives commenced as a result of a CRAMM Risk Analysis and the management and staff training programmes. The specific initiatives mentioned include, an Information Systems Security Policy, a contingency and disaster recovery plan, improvements in the physical protection of equipment and changes to the method of access control. The "Acceptance" by the staff of these measures is considered and the success or failure of "Developing A Security Culture" examined. The role of SEISMED in this process is assessed.

The Handbook for Campus Safety and Security Reporting. 2016 Edition

ERIC Educational Resources Information Center

US Department of Education, 2016

2016-01-01

Campus security and safety is an important feature of postsecondary education. The Department of Education is committed to assisting schools in providing students nationwide a safe environment in which to learn and to keep students, parents and employees well informed about campus security. These goals were advanced by the Crime Awareness and…

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

a Cloud-Based Architecture for Smart Video Surveillance

NASA Astrophysics Data System (ADS)

Valentín, L.; Serrano, S. A.; Oves García, R.; Andrade, A.; Palacios-Alonso, M. A.; Sucar, L. Enrique

2017-09-01

Turning a city into a smart city has attracted considerable attention. A smart city can be seen as a city that uses digital technology not only to improve the quality of people's life, but also, to have a positive impact in the environment and, at the same time, offer efficient and easy-to-use services. A fundamental aspect to be considered in a smart city is people's safety and welfare, therefore, having a good security system becomes a necessity, because it allows us to detect and identify potential risk situations, and then take appropriate decisions to help people or even prevent criminal acts. In this paper we present an architecture for automated video surveillance based on the cloud computing schema capable of acquiring a video stream from a set of cameras connected to the network, process that information, detect, label and highlight security-relevant events automatically, store the information and provide situational awareness in order to minimize response time to take the appropriate action.

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice

PubMed Central

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-01-01

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities. PMID:27314358

Activity Learning as a Foundation for Security Monitoring in Smart Homes.

PubMed

Dahmen, Jessamyn; Thomas, Brian L; Cook, Diane J; Wang, Xiaobo

2017-03-31

Smart environment technology has matured to the point where it is regularly used in everyday homes as well as research labs. With this maturation of the technology, we can consider using smart homes as a practical mechanism for improving home security. In this paper, we introduce an activity-aware approach to security monitoring and threat detection in smart homes. We describe our approach using the CASAS smart home framework and activity learning algorithms. By monitoring for activity-based anomalies we can detect possible threats and take appropriate action. We evaluate our proposed method using data collected in CASAS smart homes and demonstrate the partnership between activity-aware smart homes and biometric devices in the context of the CASAS on-campus smart apartment testbed.

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

Assessing the Need for an On-Line Educational Module for Volunteer Leaders on Bio-Security in Washington State 4-H Livestock Projects

ERIC Educational Resources Information Center

Stevenson, Jill L.; Moore, Dale A.; Newman, Jerry; Schmidt, Janet L.; Smith, Sarah M.; Smith, Jean; Kerr, Susan; Wallace, Michael; BoyEs, Pat

2011-01-01

4-H livestock projects present disease transmission risks that can be reduced by the use of bio-security practices. The responsibility of teaching bio-security to youth belongs primarily to volunteer leaders, who may not be aware of the importance of these practices. A needs assessment for an online educational module about bio-security revealed…

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

Learner Centric in M-Learning: Integration of Security, Dependability and Trust

ERIC Educational Resources Information Center

Mahalingam, Sheila; Abdollah, Faizal Mohd; Sahib, Shahrin

2014-01-01

The paper focus on learner centric attributes in a m-learning environment encounters the security measurements. In order to build up a systematic threat and countermeasure for protecting the learners as well as providing awareness and satisfaction in utilizing the mobile learning system, a security model need to be overhauled. The brief literature…

39 CFR 267.3 - Responsibility.

Code of Federal Regulations, 2013 CFR

2013-07-01

... UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.3... custodians are responsible for insuring that information security standards and procedures are followed and that all relevant employees participate in the information security awareness programs. [40 FR 45726...

39 CFR 267.3 - Responsibility.

Code of Federal Regulations, 2012 CFR

2012-07-01

... UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.3... custodians are responsible for insuring that information security standards and procedures are followed and that all relevant employees participate in the information security awareness programs. [40 FR 45726...

39 CFR 267.3 - Responsibility.

Code of Federal Regulations, 2011 CFR

2011-07-01

... UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.3... custodians are responsible for insuring that information security standards and procedures are followed and that all relevant employees participate in the information security awareness programs. [40 FR 45726...

39 CFR 267.3 - Responsibility.

Code of Federal Regulations, 2014 CFR

2014-07-01

... UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.3... custodians are responsible for insuring that information security standards and procedures are followed and that all relevant employees participate in the information security awareness programs. [40 FR 45726...

39 CFR 267.3 - Responsibility.

Code of Federal Regulations, 2010 CFR

2010-07-01

... UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.3... custodians are responsible for insuring that information security standards and procedures are followed and that all relevant employees participate in the information security awareness programs. [40 FR 45726...

33 CFR 150.602 - What occupational awareness training is required?

Code of Federal Regulations, 2011 CFR

2011-07-01

... safety and health, the implementation of an approved, port-specific safety and environmental management... HOMELAND SECURITY (CONTINUED) DEEPWATER PORTS DEEPWATER PORTS: OPERATIONS Workplace Safety and Health Safety and Health (general) § 150.602 What occupational awareness training is required? (a) Each...

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Data-Aware Retrodiction for Asynchronous Harmonic Measurement in a Cyber-Physical Energy System.

PubMed

Liu, Youda; Wang, Xue; Liu, Yanchi; Cui, Sujin

2016-08-18

Cyber-physical energy systems provide a networked solution for safety, reliability and efficiency problems in smart grids. On the demand side, the secure and trustworthy energy supply requires real-time supervising and online power quality assessing. Harmonics measurement is necessary in power quality evaluation. However, under the large-scale distributed metering architecture, harmonic measurement faces the out-of-sequence measurement (OOSM) problem, which is the result of latencies in sensing or the communication process and brings deviations in data fusion. This paper depicts a distributed measurement network for large-scale asynchronous harmonic analysis and exploits a nonlinear autoregressive model with exogenous inputs (NARX) network to reorder the out-of-sequence measuring data. The NARX network gets the characteristics of the electrical harmonics from practical data rather than the kinematic equations. Thus, the data-aware network approximates the behavior of the practical electrical parameter with real-time data and improves the retrodiction accuracy. Theoretical analysis demonstrates that the data-aware method maintains a reasonable consumption of computing resources. Experiments on a practical testbed of a cyber-physical system are implemented, and harmonic measurement and analysis accuracy are adopted to evaluate the measuring mechanism under a distributed metering network. Results demonstrate an improvement of the harmonics analysis precision and validate the asynchronous measuring method in cyber-physical energy systems.

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

ISCR FY2005 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keyes, D E; McGraw, J R

2006-02-02

Large-scale scientific computation and all of the disciplines that support and help validate it have been placed at the focus of Lawrence Livermore National Laboratory (LLNL) by the Advanced Simulation and Computing (ASC) program of the National Nuclear Security Administration (NNSA) and the Scientific Discovery through Advanced Computing (SciDAC) initiative of the Office of Science of the Department of Energy (DOE). The maturation of simulation as a fundamental tool of scientific and engineering research is underscored in the President's Information Technology Advisory Committee (PITAC) June 2005 finding that ''computational science has become critical to scientific leadership, economic competitiveness, and nationalmore » security''. LLNL operates several of the world's most powerful computers--including today's single most powerful--and has undertaken some of the largest and most compute-intensive simulations ever performed, most notably the molecular dynamics simulation that sustained more than 100 Teraflop/s and won the 2005 Gordon Bell Prize. Ultrascale simulation has been identified as one of the highest priorities in DOE's facilities planning for the next two decades. However, computers at architectural extremes are notoriously difficult to use in an efficient manner. Furthermore, each successful terascale simulation only points out the need for much better ways of interacting with the resulting avalanche of data. Advances in scientific computing research have, therefore, never been more vital to the core missions of LLNL than at present. Computational science is evolving so rapidly along every one of its research fronts that to remain on the leading edge, LLNL must engage researchers at many academic centers of excellence. In FY 2005, the Institute for Scientific Computing Research (ISCR) served as one of LLNL's main bridges to the academic community with a program of collaborative subcontracts, visiting faculty, student internships, workshops, and an active seminar series. The ISCR identifies researchers from the academic community for computer science and computational science collaborations with LLNL and hosts them for both brief and extended visits with the aim of encouraging long-term academic research agendas that address LLNL research priorities. Through these collaborations, ideas and software flow in both directions, and LLNL cultivates its future workforce. The Institute strives to be LLNL's ''eyes and ears'' in the computer and information sciences, keeping the Laboratory aware of and connected to important external advances. It also attempts to be the ''hands and feet'' that carry those advances into the Laboratory and incorporate them into practice. ISCR research participants are integrated into LLNL's Computing Applications and Research (CAR) Department, especially into its Center for Applied Scientific Computing (CASC). In turn, these organizations address computational challenges arising throughout the rest of the Laboratory. Administratively, the ISCR flourishes under LLNL's University Relations Program (URP). Together with the other four institutes of the URP, the ISCR navigates a course that allows LLNL to benefit from academic exchanges while preserving national security. While it is difficult to operate an academic-like research enterprise within the context of a national security laboratory, the results declare the challenges well met and worth the continued effort. The pages of this annual report summarize the activities of the faculty members, postdoctoral researchers, students, and guests from industry and other laboratories who participated in LLNL's computational mission under the auspices of the ISCR during FY 2005.« less

A Novel Approach for Creating Activity-Aware Applications in a Hospital Environment

NASA Astrophysics Data System (ADS)

Bardram, Jakob E.

Context-aware and activity-aware computing has been proposed as a way to adapt the computer to the user’s ongoing activity. However, deductively moving from physical context - like location - to establishing human activity has proved difficult. This paper proposes a novel approach to activity-aware computing. Instead of inferring activities, this approach enables the user to explicitly model their activity, and then use sensor-based events to create, manage, and use these computational activities adjusted to a specific context. This approach was crafted through a user-centered design process in collaboration with a hospital department. We propose three strategies for activity-awareness: context-based activity matching, context-based activity creation, and context-based activity adaptation. We present the implementation of these strategies and present an experimental evaluation of them. The experiments demonstrate that rather than considering context as information, context can be a relational property that links ’real-world activities’ with their ’computational activities’.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2012 CFR

2012-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning... management; and management and implementation level training in system/application life cycle management...

Efficient testing methodologies for microcameras in a gigapixel imaging system

NASA Astrophysics Data System (ADS)

Youn, Seo Ho; Marks, Daniel L.; McLaughlin, Paul O.; Brady, David J.; Kim, Jungsang

2013-04-01

Multiscale parallel imaging--based on a monocentric optical design--promises revolutionary advances in diverse imaging applications by enabling high resolution, real-time image capture over a wide field-of-view (FOV), including sport broadcast, wide-field microscopy, astronomy, and security surveillance. Recently demonstrated AWARE-2 is a gigapixel camera consisting of an objective lens and 98 microcameras spherically arranged to capture an image over FOV of 120° by 50°, using computational image processing to form a composite image of 0.96 gigapixels. Since microcameras are capable of individually adjusting exposure, gain, and focus, true parallel imaging is achieved with a high dynamic range. From the integration perspective, manufacturing and verifying consistent quality of microcameras is a key to successful realization of AWARE cameras. We have developed an efficient testing methodology that utilizes a precisely fabricated dot grid chart as a calibration target to extract critical optical properties such as optical distortion, veiling glare index, and modulation transfer function to validate imaging performance of microcameras. This approach utilizes an AWARE objective lens simulator which mimics the actual objective lens but operates with a short object distance, suitable for a laboratory environment. Here we describe the principles of the methodologies developed for AWARE microcameras and discuss the experimental results with our prototype microcameras. Reference Brady, D. J., Gehm, M. E., Stack, R. A., Marks, D. L., Kittle, D. S., Golish, D. R., Vera, E. M., and Feller, S. D., "Multiscale gigapixel photography," Nature 486, 386--389 (2012).

A Wearable Context-Aware ECG Monitoring System Integrated with Built-in Kinematic Sensors of the Smartphone.

PubMed

Miao, Fen; Cheng, Yayu; He, Yi; He, Qingyun; Li, Ye

2015-05-19

Continuously monitoring the ECG signals over hours combined with activity status is very important for preventing cardiovascular diseases. A traditional ECG holter is often inconvenient to carry because it has many electrodes attached to the chest and because it is heavy. This work proposes a wearable, low power context-aware ECG monitoring system integrated built-in kinetic sensors of the smartphone with a self-designed ECG sensor. The wearable ECG sensor is comprised of a fully integrated analog front-end (AFE), a commercial micro control unit (MCU), a secure digital (SD) card, and a Bluetooth module. The whole sensor is very small with a size of only 58 × 50 × 10 mm for wearable monitoring application due to the AFE design, and the total power dissipation in a full round of ECG acquisition is only 12.5 mW. With the help of built-in kinetic sensors of the smartphone, the proposed system can compute and recognize user's physical activity, and thus provide context-aware information for the continuous ECG monitoring. The experimental results demonstrated the performance of proposed system in improving diagnosis accuracy for arrhythmias and identifying the most common abnormal ECG patterns in different activities. In conclusion, we provide a wearable, accurate and energy-efficient system for long-term and context-aware ECG monitoring without any extra cost on kinetic sensor design but with the help of the widespread smartphone.

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

33 CFR 150.602 - What occupational awareness training is required?

Code of Federal Regulations, 2013 CFR

2013-07-01

... HOMELAND SECURITY (CONTINUED) DEEPWATER PORTS DEEPWATER PORTS: OPERATIONS Workplace Safety and Health Safety and Health (general) § 150.602 What occupational awareness training is required? (a) Each deepwater port operator must ensure that all deepwater port personnel are provided with information and...

Activity Learning as a Foundation for Security Monitoring in Smart Homes

PubMed Central

Dahmen, Jessamyn; Thomas, Brian L.; Cook, Diane J.; Wang, Xiaobo

2017-01-01

Smart environment technology has matured to the point where it is regularly used in everyday homes as well as research labs. With this maturation of the technology, we can consider using smart homes as a practical mechanism for improving home security. In this paper, we introduce an activity-aware approach to security monitoring and threat detection in smart homes. We describe our approach using the CASAS smart home framework and activity learning algorithms. By monitoring for activity-based anomalies we can detect possible threats and take appropriate action. We evaluate our proposed method using data collected in CASAS smart homes and demonstrate the partnership between activity-aware smart homes and biometric devices in the context of the CASAS on-campus smart apartment testbed. PMID:28362342

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Information Assurance and Cyber Defence (Assurance de l’information et cyberdefense)

DTIC Science & Technology

2010-11-01

project is that knowledge exchange in a timely fashion is highly significant. Authentication and Authorisation of Users and Services in Federated...Detection, Protection and Countermeasures; • Security Models and Architectures; • Security Policies, Evaluation, Authorisation and Access Control; and...Evaluation, Authorisation and Access Control • Network and Information Security Awareness The topics for the symposium had been established

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Cross-Layer Damage Assessment for Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Liu, Peng; Jia, Xiaoqi; Zhang, Shengzhi; Xiong, Xi; Jhi, Yoon-Chan; Bai, Kun; Li, Jason

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

ISCR Annual Report: Fical Year 2004

DOE Office of Scientific and Technical Information (OSTI.GOV)

McGraw, J R

2005-03-03

Large-scale scientific computation and all of the disciplines that support and help to validate it have been placed at the focus of Lawrence Livermore National Laboratory (LLNL) by the Advanced Simulation and Computing (ASC) program of the National Nuclear Security Administration (NNSA) and the Scientific Discovery through Advanced Computing (SciDAC) initiative of the Office of Science of the Department of Energy (DOE). The maturation of computational simulation as a tool of scientific and engineering research is underscored in the November 2004 statement of the Secretary of Energy that, ''high performance computing is the backbone of the nation's science and technologymore » enterprise''. LLNL operates several of the world's most powerful computers--including today's single most powerful--and has undertaken some of the largest and most compute-intensive simulations ever performed. Ultrascale simulation has been identified as one of the highest priorities in DOE's facilities planning for the next two decades. However, computers at architectural extremes are notoriously difficult to use efficiently. Furthermore, each successful terascale simulation only points out the need for much better ways of interacting with the resulting avalanche of data. Advances in scientific computing research have, therefore, never been more vital to LLNL's core missions than at present. Computational science is evolving so rapidly along every one of its research fronts that to remain on the leading edge, LLNL must engage researchers at many academic centers of excellence. In Fiscal Year 2004, the Institute for Scientific Computing Research (ISCR) served as one of LLNL's main bridges to the academic community with a program of collaborative subcontracts, visiting faculty, student internships, workshops, and an active seminar series. The ISCR identifies researchers from the academic community for computer science and computational science collaborations with LLNL and hosts them for short- and long-term visits with the aim of encouraging long-term academic research agendas that address LLNL's research priorities. Through such collaborations, ideas and software flow in both directions, and LLNL cultivates its future workforce. The Institute strives to be LLNL's ''eyes and ears'' in the computer and information sciences, keeping the Laboratory aware of and connected to important external advances. It also attempts to be the ''feet and hands'' that carry those advances into the Laboratory and incorporates them into practice. ISCR research participants are integrated into LLNL's Computing and Applied Research (CAR) Department, especially into its Center for Applied Scientific Computing (CASC). In turn, these organizations address computational challenges arising throughout the rest of the Laboratory. Administratively, the ISCR flourishes under LLNL's University Relations Program (URP). Together with the other five institutes of the URP, it navigates a course that allows LLNL to benefit from academic exchanges while preserving national security. While it is difficult to operate an academic-like research enterprise within the context of a national security laboratory, the results declare the challenges well met and worth the continued effort.« less

Network Access Control List Situation Awareness

ERIC Educational Resources Information Center

Reifers, Andrew

2010-01-01

Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

Battlefield awareness computers: the engine of battlefield digitization

NASA Astrophysics Data System (ADS)

Ho, Jackson; Chamseddine, Ahmad

1997-06-01

To modernize the army for the 21st century, the U.S. Army Digitization Office (ADO) initiated in 1995 the Force XXI Battle Command Brigade-and-Below (FBCB2) Applique program which became a centerpiece in the U.S. Army's master plan to win future information wars. The Applique team led by TRW fielded a 'tactical Internet' for Brigade and below command to demonstrate the advantages of 'shared situation awareness' and battlefield digitization in advanced war-fighting experiments (AWE) to be conducted in March 1997 at the Army's National Training Center in California. Computing Devices is designated the primary hardware developer for the militarized version of the battlefield awareness computers. The first generation of militarized battlefield awareness computer, designated as the V3 computer, was an integration of off-the-shelf components developed to meet the agressive delivery requirements of the Task Force XXI AWE. The design efficiency and cost effectiveness of the computer hardware were secondary in importance to delivery deadlines imposed by the March 1997 AWE. However, declining defense budgets will impose cost constraints on the Force XXI production hardware that can only be met by rigorous value engineering to further improve design optimization for battlefield awareness without compromising the level of reliability the military has come to expect in modern military hardened vetronics. To answer the Army's needs for a more cost effective computing solution, Computing Devices developed a second generation 'combat ready' battlefield awareness computer, designated the V3+, which is designed specifically to meet the upcoming demands of Force XXI (FBCB2) and beyond. The primary design objective is to achieve a technologically superior design, value engineered to strike an optimal balance between reliability, life cycle cost, and procurement cost. Recognizing that the diverse digitization demands of Force XXI cannot be adequately met by any one computer hardware solution, Computing Devices is planning to develop a notebook sized military computer designed for space limited vehicle-mounted applications, as well as a high-performance portable workstation equipped with a 19', full color, ultra-high resolution and high brightness active matrix liquid crystal display (AMLCD) targeting the command posts and tactical operations centers (TOC) applications. Together with the wearable computers Computing Devices developed at the Minneapolis facility for dismounted soldiers, Computing Devices will have a complete suite of interoperable battlefield awareness computers spanning the entire spectrum of battle digitization operating environments. Although this paper's primary focus is on a second generation 'combat ready' battlefield awareness computer or the V3+, this paper also briefly discusses the extension of the V3+ architecture to address the needs of the embedded and command post applications.3080

Software Security Knowledge: Training

DTIC Science & Technology

2011-05-01

eliminating those erro~rs. It can be found at http:ffcwe.mitre.org/top25. Any programmer who writes C’Ode \\r-Vith~out betng aware of those proble ~ms a·nd...time on security. Ultimately, these reasons stem from an underlying problem in the software market . B~cause software is essentially a black·box, it is...security of software and start to effect change in the software market . Nevertheless, we still frequently get pushback when we advocate for security

Method of Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

NASA Technical Reports Server (NTRS)

Baras, John S. (Inventor); Roy-Chowdhury, Ayan (Inventor)

2014-01-01

A method and apparatus utilizes Layered IPSEC (LES) protocol as an alternative to IPSEC for network-layer security including a modification to the Internet Key Exchange protocol. For application-level security of web browsing with acceptable end-to-end delay, the Dual-mode SSL protocol (DSSL) is used instead of SSL. The LES and DSSL protocols achieve desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly.

Security Assistance: DOD’s Ongoing Reforms Address Some Challenges, but Additional Information Is Needed to Further Enhance Program Management

DTIC Science & Technology

2012-11-01

Abbreviations BPC building partner capacity DOD Department of Defense DSCA Defense Security Cooperation Agency EFTS Enhanced Freight Tracking System...SCOs are ready to receive a planned delivery. For both FMS and pseudo-FMS processes, DOD uses the Enhanced Freight Tracking System ( EFTS ), a secure...providing data for this system. The Security Assistance Management Manual recommends that SCOs use the EFTS to maintain awareness of incoming shipments

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Computer Literacy: Course Description [and] Computer Awareness: Module Syllabus.

ERIC Educational Resources Information Center

Kirkwood Community Coll., Cedar Rapids, IA.

This course description outlines an independent-study computer awareness course for community college faculty that uses videotapes, computer-assisted instruction, and individual study modules. The outline includes the rationale for the course and the media to be used; time required to complete the course; the goals of the course; the topics…

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will... conditions under which SSA will disclose Social Security benefit data to OPM via direct computer link. OPM...

75 FR 70342 - Privacy Act; System of Records: Equal Employment Opportunity Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-17

... users are given cyber security awareness training which covers the procedures for handling Sensitive but.... State-09 SYSTEM NAME: Equal Employment Opportunity Records. SECURITY CLASSIFICATION: Unclassified... apply to the Equal Employment Opportunity Records, State-09. DISCLOSURE TO CONSUMER REPORTING AGENCIES...

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

Software Development Life Cycle Security Issues

NASA Astrophysics Data System (ADS)

Kaur, Daljit; Kaur, Parminder

2011-12-01

Security is now-a-days one of the major problems because of many reasons. Security is now-a-days one of the major problems because of many reasons. The main cause is that software can't withstand security attacks because of vulnerabilities in it which are caused by defective specifications design and implementation. We have conducted a survey asking software developers, project managers and other people in software development about their security awareness and implementation in Software Development Life Cycle (SDLC). The survey was open to participation for three weeks and this paper explains the survey results.

Status of Social Engineering Awareness in Business Organizations and Colleges/Universities

ERIC Educational Resources Information Center

Hauser, Deanna Mae

2017-01-01

Social engineers manipulate individuals into divulging confidential information or compromising personal or organizational security. The purpose of this qualitative case study was to examine the potential lack of social engineering awareness that affects employees at companies in southeastern Michigan. The research method consisted of interviews…

Measurement Invariance of the Mindful Attention Awareness Scale across Adult Attachment Style

ERIC Educational Resources Information Center

Cordon, Shari L.; Finney, Sara J.

2008-01-01

In this study, the authors examine the measurement invariance of the Mindful Attention Awareness Scale (MAAS) across adult attachment style. A 1-factor model and measurement invariance was supported across groups. As predicted, latent mean differences showed that securely attached individuals reported significantly more mindfulness than did…

Polytopol computing for multi-core and distributed systems

NASA Astrophysics Data System (ADS)

Spaanenburg, Henk; Spaanenburg, Lambert; Ranefors, Johan

2009-05-01

Multi-core computing provides new challenges to software engineering. The paper addresses such issues in the general setting of polytopol computing, that takes multi-core problems in such widely differing areas as ambient intelligence sensor networks and cloud computing into account. It argues that the essence lies in a suitable allocation of free moving tasks. Where hardware is ubiquitous and pervasive, the network is virtualized into a connection of software snippets judiciously injected to such hardware that a system function looks as one again. The concept of polytopol computing provides a further formalization in terms of the partitioning of labor between collector and sensor nodes. Collectors provide functions such as a knowledge integrator, awareness collector, situation displayer/reporter, communicator of clues and an inquiry-interface provider. Sensors provide functions such as anomaly detection (only communicating singularities, not continuous observation), they are generally powered or self-powered, amorphous (not on a grid) with generation-and-attrition, field re-programmable, and sensor plug-and-play-able. Together the collector and the sensor are part of the skeleton injector mechanism, added to every node, and give the network the ability to organize itself into some of many topologies. Finally we will discuss a number of applications and indicate how a multi-core architecture supports the security aspects of the skeleton injector.

Uncertainty Aware Structural Topology Optimization Via a Stochastic Reduced Order Model Approach

NASA Technical Reports Server (NTRS)

Aguilo, Miguel A.; Warner, James E.

2017-01-01

This work presents a stochastic reduced order modeling strategy for the quantification and propagation of uncertainties in topology optimization. Uncertainty aware optimization problems can be computationally complex due to the substantial number of model evaluations that are necessary to accurately quantify and propagate uncertainties. This computational complexity is greatly magnified if a high-fidelity, physics-based numerical model is used for the topology optimization calculations. Stochastic reduced order model (SROM) methods are applied here to effectively 1) alleviate the prohibitive computational cost associated with an uncertainty aware topology optimization problem; and 2) quantify and propagate the inherent uncertainties due to design imperfections. A generic SROM framework that transforms the uncertainty aware, stochastic topology optimization problem into a deterministic optimization problem that relies only on independent calls to a deterministic numerical model is presented. This approach facilitates the use of existing optimization and modeling tools to accurately solve the uncertainty aware topology optimization problems in a fraction of the computational demand required by Monte Carlo methods. Finally, an example in structural topology optimization is presented to demonstrate the effectiveness of the proposed uncertainty aware structural topology optimization approach.

Automated Theorem Proving in High-Quality Software Design

NASA Technical Reports Server (NTRS)

Schumann, Johann; Swanson, Keith (Technical Monitor)

2001-01-01

The amount and complexity of software developed during the last few years has increased tremendously. In particular, programs are being used more and more in embedded systems (from car-brakes to plant-control). Many of these applications are safety-relevant, i.e. a malfunction of hardware or software can cause severe damage or loss. Tremendous risks are typically present in the area of aviation, (nuclear) power plants or (chemical) plant control. Here, even small problems can lead to thousands of casualties and huge financial losses. Large financial risks also exist when computer systems are used in the area of telecommunication (telephone, electronic commerce) or space exploration. Computer applications in this area are not only subject to safety considerations, but also security issues are important. All these systems must be designed and developed to guarantee high quality with respect to safety and security. Even in an industrial setting which is (or at least should be) aware of the high requirements in Software Engineering, many incidents occur. For example, the Warshaw Airbus crash, was caused by an incomplete requirements specification. Uncontrolled reuse of an Ariane 4 software module was the reason for the Ariane 5 disaster. Some recent incidents in the telecommunication area, like illegal "cloning" of smart-cards of D2GSM handies, or the extraction of (secret) passwords from German T-online users show that also in this area serious flaws can happen. Due to the inherent complexity of computer systems, most authors claim that only a rigorous application of formal methods in all stages of the software life cycle can ensure high quality of the software and lead to real safe and secure systems. In this paper, we will have a look, in how far automated theorem proving can contribute to a more widespread application of formal methods and their tools, and what automated theorem provers (ATPs) must provide in order to be useful.

Awareness-Enabled Coordination

DTIC Science & Technology

2006-04-01

contextualization, policy, team coordination. 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT UNCLASSIFIED 18. SECURITY ...CLASSIFICATION OF THIS PAGE 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT OF ABSTRACT UNCLASSIFIED UNCLASSIFIED UL NSN 7540-01-280... netowrk . Federal Austin FBI DHS CBP BobMary Carol John Alice 1 5 Texas NJ 3 4 1 2 3 4 Xavier Yanni 5 6 2 1 2 4 3 Policy & resource flow n Policies

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

A Context-Aware Ubiquitous Learning Approach for Providing Instant Learning Support in Personal Computer Assembly Activities

ERIC Educational Resources Information Center

Hsu, Ching-Kun; Hwang, Gwo-Jen

2014-01-01

Personal computer assembly courses have been recognized as being essential in helping students understand computer structure as well as the functionality of each computer component. In this study, a context-aware ubiquitous learning approach is proposed for providing instant assistance to individual students in the learning activity of a…

The GENIUS Grid Portal and robot certificates: a new tool for e-Science

PubMed Central

Barbera, Roberto; Donvito, Giacinto; Falzone, Alberto; La Rocca, Giuseppe; Milanesi, Luciano; Maggi, Giorgio Pietro; Vicario, Saverio

2009-01-01

Background Grid technology is the computing model which allows users to share a wide pletora of distributed computational resources regardless of their geographical location. Up to now, the high security policy requested in order to access distributed computing resources has been a rather big limiting factor when trying to broaden the usage of Grids into a wide community of users. Grid security is indeed based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedure to get and manage those certificates is unfortunately not straightforward. A first step to make Grids more appealing for new users has recently been achieved with the adoption of robot certificates. Methods Robot certificates have recently been introduced to perform automated tasks on Grids on behalf of users. They are extremely useful for instance to automate grid service monitoring, data processing production, distributed data collection systems. Basically these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server. Robot certificates can be installed on a smart card and used behind a portal by everyone interested in running the related applications in a Grid environment using a user-friendly graphic interface. In this work, the GENIUS Grid Portal, powered by EnginFrame, has been extended in order to support the new authentication based on the adoption of these robot certificates. Results The work carried out and reported in this manuscript is particularly relevant for all users who are not familiar with personal digital certificates and the technical aspects of the Grid Security Infrastructure (GSI). The valuable benefits introduced by robot certificates in e-Science can so be extended to users belonging to several scientific domains, providing an asset in raising Grid awareness to a wide number of potential users. Conclusion The adoption of Grid portals extended with robot certificates, can really contribute to creating transparent access to computational resources of Grid Infrastructures, enhancing the spread of this new paradigm in researchers' working life to address new global scientific challenges. The evaluated solution can of course be extended to other portals, applications and scientific communities. PMID:19534747

The GENIUS Grid Portal and robot certificates: a new tool for e-Science.

PubMed

Barbera, Roberto; Donvito, Giacinto; Falzone, Alberto; La Rocca, Giuseppe; Milanesi, Luciano; Maggi, Giorgio Pietro; Vicario, Saverio

2009-06-16

Grid technology is the computing model which allows users to share a wide pletora of distributed computational resources regardless of their geographical location. Up to now, the high security policy requested in order to access distributed computing resources has been a rather big limiting factor when trying to broaden the usage of Grids into a wide community of users. Grid security is indeed based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedure to get and manage those certificates is unfortunately not straightforward. A first step to make Grids more appealing for new users has recently been achieved with the adoption of robot certificates. Robot certificates have recently been introduced to perform automated tasks on Grids on behalf of users. They are extremely useful for instance to automate grid service monitoring, data processing production, distributed data collection systems. Basically these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server. Robot certificates can be installed on a smart card and used behind a portal by everyone interested in running the related applications in a Grid environment using a user-friendly graphic interface. In this work, the GENIUS Grid Portal, powered by EnginFrame, has been extended in order to support the new authentication based on the adoption of these robot certificates. The work carried out and reported in this manuscript is particularly relevant for all users who are not familiar with personal digital certificates and the technical aspects of the Grid Security Infrastructure (GSI). The valuable benefits introduced by robot certificates in e-Science can so be extended to users belonging to several scientific domains, providing an asset in raising Grid awareness to a wide number of potential users. The adoption of Grid portals extended with robot certificates, can really contribute to creating transparent access to computational resources of Grid Infrastructures, enhancing the spread of this new paradigm in researchers' working life to address new global scientific challenges. The evaluated solution can of course be extended to other portals, applications and scientific communities.

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

An RFID-Based Smart Structure for the Supply Chain: Resilient Scanning Proofs and Ownership Transfer with Positive Secrecy Capacity Channels.

PubMed

Burmester, Mike; Munilla, Jorge; Ortiz, Andrés; Caballero-Gil, Pino

2017-07-04

The National Strategy for Global Supply Chain Security published in 2012 by the White House identifies two primary goals for strengthening global supply chains: first, to promote the efficient and secure movement of goods, and second to foster a resilient supply chain. The Internet of Things (IoT), and in particular Radio Frequency Identification (RFID) technology, can be used to realize these goals. For product identification, tracking and real-time awareness, RFID tags are attached to goods. As tagged goods move along the supply chain from the suppliers to the manufacturers, and then on to the retailers until eventually they reach the customers, two major security challenges can be identified: (I) to protect the shipment of goods that are controlled by potentially untrusted carriers; and (II) to secure the transfer of ownership at each stage of the chain. For the former, grouping proofs in which the tags of the scanned goods generate a proof of "simulatenous" presence can be employed, while for the latter, ownership transfer protocols (OTP) are used. This paper describes enhanced security solutions for both challenges. We first extend earlier work on grouping proofs and group codes to capture resilient group scanning with untrusted readers; then, we describe a modified version of a recently published OTP based on channels with positive secrecy capacity adapted to be implemented on common RFID systems in the supply chain. The proposed solutions take into account the limitations of low cost tags employed in the supply chain, which are only required to generate pseudorandom numbers and compute one-way hash functions.

Spot Rare Occurrences More Frequently by Lessening Inattentional Blindness

DTIC Science & Technology

2013-04-29

with weapon slip through airport security , not hearing a siren when driving conditions are complicated by fog, or not seeing explosives on a truck...awareness of potential actual threats has been implemented in airport security for several years. The effectiveness of this Threat Image Projection

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

6 CFR 13.27 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Computation of time. 13.27 Section 13.27 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.27 Computation of time. (a) In computing any period of time under this part or in an order issued...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Increasing Elementary School Teachers' Awareness of Gender Inequity in Student Computer Usage

ERIC Educational Resources Information Center

Luongo, Nicole

2012-01-01

This study was designed to increase gender equity awareness in elementary school teachers with respect to student computer and technology usage. Using professional development methods with a group of teachers, the writer attempted to help them become more aware of gender bias in technology instruction. An analysis of the data revealed that…

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

Developing Ministerial Collaborative Planning Capacity

DTIC Science & Technology

2012-03-14

1204, Arlington, VA 22202- 4302. Respondents should be aware that notwithstanding any other provision of law , no person shall be subject to any...to build capacity and legitimacy within a host nation’s security sector. Providing a safe and secure environment founded on the rule of law is the...6 Vision: A highly efficient ministry capable of providing security and stability for all components of society, applying the rule of law and

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

76 FR 58531 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Flight...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-21

... Aliens and Other Designated Individuals; Security Awareness Training for Flight School Employees AGENCY... checks for all aliens and other designated individuals seeking flight instruction (``candidates'') from... OMB Control Number 1652-0021, Flight Training for Aliens and Other Designated Individuals; Security...

Risky Business: Students and Smartphones

ERIC Educational Resources Information Center

Jones, Beth H.; Chin, Amita Goyal; Aiken, Peter

2014-01-01

The increase in smartphone adoption has been no less than astounding. Unfortunately, the explosive growth has been accompanied by a rash of security problems. A contributing factor to the growing security problem is a lack of education, training, and awareness. In addition, "bring your own device" (BYOD) policies often leave security…

The Handbook for Campus Crime Reporting

ERIC Educational Resources Information Center

Ward, Diane; Lee, Janice

2005-01-01

Campus security and safety are important issues in postsecondary education today. Providing students nationwide with a safe environment in which to learn and keeping students, parents and employees well informed about campus security are goals that have been voiced by many groups. These goals were advanced by the Crime Awareness and Campus…

EVALUATION OF WATER MONITORING INSTRUMENTATION AT EPA'S WATER AWARENESS TECHNOLOGY EVALUATION RESEARCH SECURITY CENTER

EPA Science Inventory

The safety and security of distribution systems has come under reassessment in the past year. Several chemical and biological agents have been identified that might constitute a credible threat against water supply systems. There have also been a few reported threats against wate...

Parents and Educators [Tip Card

ERIC Educational Resources Information Center

US Department of Homeland Security, 2011

2011-01-01

Stop.Think.Connect. is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. The Campaign's main objective is to help individuals become more aware of growing cyber threats and arm them with the tools to protect themselves, their families,…

Grades 9-12 Student Tip Card

ERIC Educational Resources Information Center

US Department of Homeland Security, 2005

2005-01-01

Stop.Think.Connect. is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. The Campaign's main objective is to help individuals become more aware of growing cyber threats and arm them with the tools to protect themselves, their families,…

Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work

DOE Office of Scientific and Technical Information (OSTI.GOV)

Malviya, Ashish; Fink, Glenn A.; Sego, Landon H.

Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge in turn could lead to better preparation of cyber defenders in both military and civilian settings. We conducted proof of concept experimentation to collect data during the Pacific-rim Regional Collegiate Cyber Defense Competition (PRCCDC) and analyzed it to study the behavior of cyber defenders. We propose that situational awareness predicts performance of cyber security professionals, and in this paper we focus onmore » our collection and analysis of competition data to determine whether it supports our hypothesis. In addition to normal cyber data, we collected situational awareness and workload data and compared it against the performance of cyber defenders as indicated by their competition score. We conclude that there is a weak correlation between our measure of situational awareness and performance that we hope to exploit in further studies.« less

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Student Ability, Confidence, and Attitudes Toward Incorporating a Computer into a Patient Interview.

PubMed

Ray, Sarah; Valdovinos, Katie

2015-05-25

To improve pharmacy students' ability to effectively incorporate a computer into a simulated patient encounter and to improve their awareness of barriers and attitudes towards and their confidence in using a computer during simulated patient encounters. Students completed a survey that assessed their awareness of, confidence in, and attitudes towards computer use during simulated patient encounters. Students were evaluated with a rubric on their ability to incorporate a computer into a simulated patient encounter. Students were resurveyed and reevaluated after instruction. Students improved in their ability to effectively incorporate computer usage into a simulated patient encounter. They also became more aware of and improved their attitudes toward barriers regarding such usage and gained more confidence in their ability to use a computer during simulated patient encounters. Instruction can improve pharmacy students' ability to incorporate a computer into simulated patient encounters. This skill is critical to developing efficiency while maintaining rapport with patients.

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

Visualization Tools for Teaching Computer Security

ERIC Educational Resources Information Center

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

Data-Aware Retrodiction for Asynchronous Harmonic Measurement in a Cyber-Physical Energy System

PubMed Central

Liu, Youda; Wang, Xue; Liu, Yanchi; Cui, Sujin

2016-01-01

Cyber-physical energy systems provide a networked solution for safety, reliability and efficiency problems in smart grids. On the demand side, the secure and trustworthy energy supply requires real-time supervising and online power quality assessing. Harmonics measurement is necessary in power quality evaluation. However, under the large-scale distributed metering architecture, harmonic measurement faces the out-of-sequence measurement (OOSM) problem, which is the result of latencies in sensing or the communication process and brings deviations in data fusion. This paper depicts a distributed measurement network for large-scale asynchronous harmonic analysis and exploits a nonlinear autoregressive model with exogenous inputs (NARX) network to reorder the out-of-sequence measuring data. The NARX network gets the characteristics of the electrical harmonics from practical data rather than the kinematic equations. Thus, the data-aware network approximates the behavior of the practical electrical parameter with real-time data and improves the retrodiction accuracy. Theoretical analysis demonstrates that the data-aware method maintains a reasonable consumption of computing resources. Experiments on a practical testbed of a cyber-physical system are implemented, and harmonic measurement and analysis accuracy are adopted to evaluate the measuring mechanism under a distributed metering network. Results demonstrate an improvement of the harmonics analysis precision and validate the asynchronous measuring method in cyber-physical energy systems. PMID:27548171

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Security Enhancement Mechanism Based on Contextual Authentication and Role Analysis for 2G-RFID Systems

PubMed Central

Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

2011-01-01

The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system. PMID:22163983

Security enhancement mechanism based on contextual authentication and role analysis for 2G-RFID systems.

PubMed

Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

2011-01-01

The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system.

Smart learning services based on smart cloud computing.

PubMed

Kim, Svetlana; Song, Su-Mi; Yoon, Yong-Ik

2011-01-01

Context-aware technologies can make e-learning services smarter and more efficient since context-aware services are based on the user's behavior. To add those technologies into existing e-learning services, a service architecture model is needed to transform the existing e-learning environment, which is situation-aware, into the environment that understands context as well. The context-awareness in e-learning may include the awareness of user profile and terminal context. In this paper, we propose a new notion of service that provides context-awareness to smart learning content in a cloud computing environment. We suggest the elastic four smarts (E4S)--smart pull, smart prospect, smart content, and smart push--concept to the cloud services so smart learning services are possible. The E4S focuses on meeting the users' needs by collecting and analyzing users' behavior, prospecting future services, building corresponding contents, and delivering the contents through cloud computing environment. Users' behavior can be collected through mobile devices such as smart phones that have built-in sensors. As results, the proposed smart e-learning model in cloud computing environment provides personalized and customized learning services to its users.

Smart Learning Services Based on Smart Cloud Computing

PubMed Central

Kim, Svetlana; Song, Su-Mi; Yoon, Yong-Ik

2011-01-01

Context-aware technologies can make e-learning services smarter and more efficient since context-aware services are based on the user’s behavior. To add those technologies into existing e-learning services, a service architecture model is needed to transform the existing e-learning environment, which is situation-aware, into the environment that understands context as well. The context-awareness in e-learning may include the awareness of user profile and terminal context. In this paper, we propose a new notion of service that provides context-awareness to smart learning content in a cloud computing environment. We suggest the elastic four smarts (E4S)—smart pull, smart prospect, smart content, and smart push—concept to the cloud services so smart learning services are possible. The E4S focuses on meeting the users’ needs by collecting and analyzing users’ behavior, prospecting future services, building corresponding contents, and delivering the contents through cloud computing environment. Users’ behavior can be collected through mobile devices such as smart phones that have built-in sensors. As results, the proposed smart e-learning model in cloud computing environment provides personalized and customized learning services to its users. PMID:22164048

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

NASA Astrophysics Data System (ADS)

Fleischmann, Kenneth R.

The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

A Distributed Energy-Aware Trust Management System for Secure Routing in Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Stelios, Yannis; Papayanoulas, Nikos; Trakadas, Panagiotis; Maniatis, Sotiris; Leligou, Helen C.; Zahariadis, Theodore

Wireless sensor networks are inherently vulnerable to security attacks, due to their wireless operation. The situation is further aggravated because they operate in an infrastructure-less environment, which mandates the cooperation among nodes for all networking tasks, including routing, i.e. all nodes act as “routers”, forwarding the packets generated by their neighbours in their way to the sink node. This implies that malicious nodes (denying their cooperation) can significantly affect the network operation. Trust management schemes provide a powerful tool for the detection of unexpected node behaviours (either faulty or malicious). Once misbehaving nodes are detected, their neighbours can use this information to avoid cooperating with them either for data forwarding, data aggregation or any other cooperative function. We propose a secure routing solution based on a novel distributed trust management system, which allows for fast detection of a wide set of attacks and also incorporates energy awareness.

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

4-6 Computer Awareness. Interim Guide.

ERIC Educational Resources Information Center

Manitoba Dept. of Education, Winnipeg. Computer Services Branch.

This guide was developed to assist teachers in achieving goals related to the development of computer awareness in students in grades 4-6 in the Canadian province of Manitoba. An overview of the program describes a set of basic concepts, skills, and attitudes relating to computer technology, and provides information on activities that can be used…

Using Computer-Aided Instruction to Support the Systematic Practice of Phonological Skills in Beginning Readers

ERIC Educational Resources Information Center

Wild, Mary

2009-01-01

The paper reports the results of a randomised control trial investigating the use of computer-aided instruction (CAI) for practising phonological awareness skills with beginning readers. Two intervention groups followed the same phonological awareness programme: one group undertook practice exercises using a computer and the other group undertook…

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0006] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

Challenges and Security in Cloud Computing

NASA Astrophysics Data System (ADS)

Chang, Hyokyung; Choi, Euiin

People who live in this world want to solve any problems as they happen then. An IT technology called Ubiquitous computing should help the situations easier and we call a technology which makes it even better and powerful cloud computing. Cloud computing, however, is at the stage of the beginning to implement and use and it faces a lot of challenges in technical matters and security issues. This paper looks at the cloud computing security.

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists

PubMed Central

Kramer, Daniel B.; Foo Kune, Denis; Auto de Medeiros, Julio; Yan, Chen; Xu, Wenyuan; Crawford, Thomas; Fu, Kevin

2017-01-01

Abstract Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high‐profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk‐based analysis of security concerns that supports ongoing discussions with patients about their medical devices. PMID:28512774

Improving Situation Awareness with the Android Team Awareness Kit (ATAK)

DTIC Science & Technology

2015-04-01

fluid user experience and enhanced data sharing. 19 6.2.2 Esri Esri is a US-based company that sells geospatial information systems and data services...field, Situational Awareness (SA) needs to be conveyed in a de- centralized manner to the users at the edge of the network as well as at operations...that ATAK has built-in, and the ways it is being used by a variety of military, homeland security, and law enforcement users . Keywords: situational

Improving Situational Awareness for First Responders via Mobile Computing

NASA Technical Reports Server (NTRS)

Betts, Bradley J.; Mah, Robert W.; Papasin, Richard; Del Mundo, Rommel; McIntosh, Dawn M.; Jorgensen, Charles

2005-01-01

This project looks to improve first responder situational awareness using tools and techniques of mobile computing. The prototype system combines wireless communication, real-time location determination, digital imaging, and three-dimensional graphics. Responder locations are tracked in an outdoor environment via GPS and uploaded to a central server via GPRS or an 802.11 network. Responders can also wirelessly share digital images and text reports, both with other responders and with the incident commander. A pre-built three dimensional graphics model of a particular emergency scene is used to visualize responder and report locations. Responders have a choice of information end points, ranging from programmable cellular phones to tablet computers. The system also employs location-aware computing to make responders aware of particular hazards as they approach them. The prototype was developed in conjunction with the NASA Ames Disaster Assistance and Rescue Team and has undergone field testing during responder exercise at NASA Ames.

Improving Situational Awareness for First Responders via Mobile Computing

NASA Technical Reports Server (NTRS)

Betts, Bradley J.; Mah, Robert W.; Papasin, Richard; Del Mundo, Rommel; McIntosh, Dawn M.; Jorgensen, Charles

2006-01-01

This project looks to improve first responder incident command, and an appropriately managed flow of situational awareness using mobile computing techniques. The prototype system combines wireless communication, real-time location determination, digital imaging, and three-dimensional graphics. Responder locations are tracked in an outdoor environment via GPS and uploaded to a central server via GPRS or an 802. II network. Responders can also wireless share digital images and text reports, both with other responders and with the incident commander. A pre-built three dimensional graphics model of the emergency scene is used to visualize responder and report locations. Responders have a choice of information end points, ranging from programmable cellular phones to tablet computers. The system also employs location-aware computing to make responders aware of particular hazards as they approach them. The prototype was developed in conjunction with the NASA Ames Disaster Assistance and Rescue Team and has undergone field testing during responder exercises at NASA Ames.

20 CFR 229.65 - Initial reduction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... wage (see § 225.2 of this chapter) used to compute the DIB O/M under the Social Security Act rules... that exceed the maximum used in computing social security benefits) for the 5 consecutive years after... earnings that exceed the maximum used in computing social security benefits) for the year of highest...

A Computational Model and Multi-Agent Simulation for Information Assurance

DTIC Science & Technology

2002-06-01

Podell , Information Security: an Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, 1994. Brinkley, D. L. and Schell, R...R., “What is There to Worry About? An Introduction to the Computer Security Problem,” ed. Abrams and Jajodia and Podell , Information Security: an

Potential uses of a wireless network in physical security systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Witzke, Edward L.

2010-07-01

Many possible applications requiring or benefiting from a wireless network are available for bolstering physical security and awareness at high security installations or facilities. These enhancements are not always straightforward and may require careful analysis, selection, tuning, and implementation of wireless technologies. In this paper, an introduction to wireless networks and the task of enhancing physical security is first given. Next, numerous applications of a wireless network are brought forth. The technical issues that arise when using a wireless network to support these applications are then discussed. Finally, a summary is presented.

Security Risks and Protection in Online Learning: A Survey

ERIC Educational Resources Information Center

Chen, Yong; He, Wu

2013-01-01

This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

Database Systems and Oracle: Experiences and Lessons Learned

ERIC Educational Resources Information Center

Dunn, Deborah

2005-01-01

In a tight job market, IT professionals with database experience are likely to be in great demand. Companies need database personnel who can help improve access to and security of data. The events of September 11 have increased business' awareness of the need for database security, backup, and recovery procedures. It is our responsibility to…

Distributed intrusion detection system based on grid security model

NASA Astrophysics Data System (ADS)

Su, Jie; Liu, Yahui

2008-03-01

Grid computing has developed rapidly with the development of network technology and it can solve the problem of large-scale complex computing by sharing large-scale computing resource. In grid environment, we can realize a distributed and load balance intrusion detection system. This paper first discusses the security mechanism in grid computing and the function of PKI/CA in the grid security system, then gives the application of grid computing character in the distributed intrusion detection system (IDS) based on Artificial Immune System. Finally, it gives a distributed intrusion detection system based on grid security system that can reduce the processing delay and assure the detection rates.

A Lightweight Protocol for Secure Video Streaming

PubMed Central

Morkevicius, Nerijus; Bagdonas, Kazimieras

2018-01-01

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing “Fog Node-End Device” layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard. PMID:29757988

A Lightweight Protocol for Secure Video Streaming.

PubMed

Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

2018-05-14

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Cyber physical systems based on cloud computing and internet of things for energy efficiency

NASA Astrophysics Data System (ADS)

Suciu, George; Butca, Cristina; Suciu, Victor; Cretu, Alexandru; Fratu, Octavian

2016-12-01

Cyber Physical Systems (CPS) and energy efficiency play a major role in the context of industry expansion. Management practices for improving efficiency in the field of energy consumption became a priority of many major industries who are inefficient in terms of exploitation costs. The effort of adopting energy management means in an organization is quite challenging due to the lack of resources and expertise. One major problem consists in the lack of knowledge for energy management and practices. This paper aims to present authors' concept in creating a Cyber Physical Energy System (CPES) that will change organizations' way of consuming energy, by making them aware of their use. The presented concept will consider the security of the whole system and the easy integration with the existing electric network infrastructure.

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Amelie: A Recombinant Computing Framework for Ambient Awareness

NASA Astrophysics Data System (ADS)

Metaxas, Georgios; Markopoulos, Panos; Aarts, Emile

This paper presents Amelie, a service oriented framework that supports the implementation of awareness systems. Amelie adopts the tenets of Recombinant computing to address an important non-functional requirement for Ambient Intelligence software, namely the heterogeneous combination of services and components. Amelie is founded upon FN-AAR an abstract model of Awareness Systems which enables the immediate expression and implementation of socially salient requirements, such as symmetry and social translucence. We discuss the framework and show how system behaviours can be specified using the Awareness Mark-up Language AML.

Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Milos Manic; Miles McQueen

Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenariosmore » is demonstrated on several control system network topologies.« less

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

QuEST for malware type-classification

NASA Astrophysics Data System (ADS)

Vaughan, Sandra L.; Mills, Robert F.; Grimaila, Michael R.; Peterson, Gilbert L.; Oxley, Mark E.; Dube, Thomas E.; Rogers, Steven K.

2015-05-01

Current cyber-related security and safety risks are unprecedented, due in no small part to information overload and skilled cyber-analyst shortages. Advances in decision support and Situation Awareness (SA) tools are required to support analysts in risk mitigation. Inspired by human intelligence, research in Artificial Intelligence (AI) and Computational Intelligence (CI) have provided successful engineering solutions in complex domains including cyber. Current AI approaches aggregate large volumes of data to infer the general from the particular, i.e. inductive reasoning (pattern-matching) and generally cannot infer answers not previously programmed. Whereas humans, rarely able to reason over large volumes of data, have successfully reached the top of the food chain by inferring situations from partial or even partially incorrect information, i.e. abductive reasoning (pattern-completion); generating a hypothetical explanation of observations. In order to achieve an engineering advantage in computational decision support and SA we leverage recent research in human consciousness, the role consciousness plays in decision making, modeling the units of subjective experience which generate consciousness, qualia. This paper introduces a novel computational implementation of a Cognitive Modeling Architecture (CMA) which incorporates concepts of consciousness. We apply our model to the malware type-classification task. The underlying methodology and theories are generalizable to many domains.

Computing design principles for robotic telescopes

NASA Astrophysics Data System (ADS)

Bowman, Mark K.; Ford, Martyn J.; Lett, Robert D. J.; McKay, Derek J.; Mücke-Herzberg, Dorothy; Norbury, Martin A.

2002-12-01

Telescopes capable of making observing decisions independent of human supervision have become a reality in the 21st century. These new telescopes are likely to replace automated systems as the telescopes of choice. A fully robotic implementation offers not only reduced operating costs, but also significant gains in scientific output over automated or remotely operated systems. The design goals are to maximise the telescope operating time and minimise the cost of diagnosis and repair. However, the demands of a robotic telescope greatly exceed those of its remotely operated counterpart, and the design of the computing system is key to its operational performance. This paper outlines the challenges facing the designer of these computing systems, and describes some of the principles of design which may be applied. Issues considered include automatic control and efficiency, system awareness, robustness and reliability, access, security and safety, as well as ease-of-use and maintenance. These requirements cannot be considered simply within the context of the application software. Hence, this paper takes into account operating system, hardware and environmental issues. Consideration is also given to accommodating different levels of manual control within robotic telescopes, as well as methods of accessing and overriding the system in the event of failure.

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

A Semantic Based Policy Management Framework for Cloud Computing Environments

ERIC Educational Resources Information Center

Takabi, Hassan

2013-01-01

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access…

A Service-oriented Approach towards Context-aware Mobile Learning Management Systems

DTIC Science & Technology

2010-07-01

towards a pervasive university. Keywords-context-aware computing, service-oriented archi- tecture, mobile computing, elearning , learn management sys- tem I...usage of device- specific features provide support for various ubiquitous and pervasive eLearning scenarios [2][3]. By knowing where the user currently...data from the mobile device towards a context-aware mobile LMS. II. BASIC CONCEPTS For a better understanding of the presented eLearning sce- narios

An RFID-Based Smart Structure for the Supply Chain: Resilient Scanning Proofs and Ownership Transfer with Positive Secrecy Capacity Channels †

PubMed Central

Ortiz, Andrés

2017-01-01

The National Strategy for Global Supply Chain Security published in 2012 by the White House identifies two primary goals for strengthening global supply chains: first, to promote the efficient and secure movement of goods, and second to foster a resilient supply chain. The Internet of Things (IoT), and in particular Radio Frequency Identification (RFID) technology, can be used to realize these goals. For product identification, tracking and real-time awareness, RFID tags are attached to goods. As tagged goods move along the supply chain from the suppliers to the manufacturers, and then on to the retailers until eventually they reach the customers, two major security challenges can be identified: (I) to protect the shipment of goods that are controlled by potentially untrusted carriers; and (II) to secure the transfer of ownership at each stage of the chain. For the former, grouping proofs in which the tags of the scanned goods generate a proof of “simulatenous” presence can be employed, while for the latter, ownership transfer protocols (OTP) are used. This paper describes enhanced security solutions for both challenges. We first extend earlier work on grouping proofs and group codes to capture resilient group scanning with untrusted readers; then, we describe a modified version of a recently published OTP based on channels with positive secrecy capacity adapted to be implemented on common RFID systems in the supply chain. The proposed solutions take into account the limitations of low cost tags employed in the supply chain, which are only required to generate pseudorandom numbers and compute one-way hash functions. PMID:28677637

Computer Security: the Achilles’ Heel of the Electronic Air Force?

DTIC Science & Technology

2013-02-01

commercials not enough. In the Pentagon a General Electric system called “GCOS” provided classified (secret) com- putation for the Air Staff and others...necessary computer function. January–February 2013 Air & Space Power Journal | 169 Historical Highlight Government designers not perfect. After the Pentagon ...laboratory computer to evaluate Multics as a potential multilevel secure computer for the Pentagon . Although it had the best security design of any system

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

Application of the JDL data fusion process model for cyber security

NASA Astrophysics Data System (ADS)

Giacobe, Nicklaus A.

2010-04-01

A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

Computer Security: The Human Element.

ERIC Educational Resources Information Center

Guynes, Carl S.; Vanacek, Michael T.

1981-01-01

The security and effectiveness of a computer system are dependent on the personnel involved. Improved personnel and organizational procedures can significantly reduce the potential for computer fraud. (Author/MLF)

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

.../index.html/ . Agenda: --Cloud Computing Implementations --Health IT --OpenID --Pending Cyber Security... will be available for the public and media. --OpenID --Cloud Computing Implementations --Security...

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

Embedding Secure Coding Instruction into the IDE: Complementing Early and Intermediate CS Courses with ESIDE

ERIC Educational Resources Information Center

Whitney, Michael; Lipford, Heather Richter; Chu, Bill; Thomas, Tyler

2018-01-01

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

Context-awareness in ubiquitous computing and the mobile devices

NASA Astrophysics Data System (ADS)

Akçit, Nuhcan; Tomur, Emrah; Karslıoǧlu, Mahmut Onur

2015-06-01

Mobile device use has vastly increased in the last few years. Many people use many mobile devices in their daily lives. Context-aware computing is the main feature of pervasive and ubiquitous computing. Context awareness is also an important topic that becomes more available with ubiquitous computing. As the sensors increase, the data collected via mobile device sensors and sensor networks do not have much value because of the difficulty in analysis and understanding the data. Context-aware computing helps us store contextual information and use or search it by mobile devices when we want to see or analyze it. Contextual data can be made more meaningful by context-aware processing. There are different types of data and context information that must be considered. By combining spatial and contextual data, we obtain more meaningful data based on the entities. Contextual data is any information that can be used to characterize the situation of the entity. The entity is a person, place, or object considered relevant to the interaction between the user and an application, including the users and the applications. Using contextual data and good integration to mobile devices adds great value to this data, and combining these with our other data sets will allow us to obtain more useful information and analysis.

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2010 CFR

2010-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2014 CFR

2014-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2012 CFR

2012-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2013 CFR

2013-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2011 CFR

2011-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

Situational Awareness from a Low-Cost Camera System

NASA Technical Reports Server (NTRS)

Freudinger, Lawrence C.; Ward, David; Lesage, John

2010-01-01

A method gathers scene information from a low-cost camera system. Existing surveillance systems using sufficient cameras for continuous coverage of a large field necessarily generate enormous amounts of raw data. Digitizing and channeling that data to a central computer and processing it in real time is difficult when using low-cost, commercially available components. A newly developed system is located on a combined power and data wire to form a string-of-lights camera system. Each camera is accessible through this network interface using standard TCP/IP networking protocols. The cameras more closely resemble cell-phone cameras than traditional security camera systems. Processing capabilities are built directly onto the camera backplane, which helps maintain a low cost. The low power requirements of each camera allow the creation of a single imaging system comprising over 100 cameras. Each camera has built-in processing capabilities to detect events and cooperatively share this information with neighboring cameras. The location of the event is reported to the host computer in Cartesian coordinates computed from data correlation across multiple cameras. In this way, events in the field of view can present low-bandwidth information to the host rather than high-bandwidth bitmap data constantly being generated by the cameras. This approach offers greater flexibility than conventional systems, without compromising performance through using many small, low-cost cameras with overlapping fields of view. This means significant increased viewing without ignoring surveillance areas, which can occur when pan, tilt, and zoom cameras look away. Additionally, due to the sharing of a single cable for power and data, the installation costs are lower. The technology is targeted toward 3D scene extraction and automatic target tracking for military and commercial applications. Security systems and environmental/ vehicular monitoring systems are also potential applications.

A Formal Specification and Verification Method for the Prevention of Denial of Service in Ada Services

DTIC Science & Technology

1988-03-01

Mechanism; Computer Security. 16. PRICE CODE 17. SECURITY CLASSIFICATION IS. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. UMrrATION OF ABSTRACT...denial of service. This paper assumes that the reader is a computer science or engineering professional working in the area of formal specification and...recovery from such events as deadlocks and crashes can be accounted for in the computation of the waiting time for each service in the service hierarchy

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Cognitive Computing for Security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Debenedictis, Erik; Rothganger, Fredrick; Aimone, James Bradley

Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Information Assurance as a System of Systems in the Submarine Force

DTIC Science & Technology

2013-09-01

cause and effect on overall ship mission and vulnerabilities . Organizational governance must raise the level of awareness as to network security...understand the cause and effect on overall ship mission and vulnerabilities . Organizational governance must raise the level of awareness as to network...Table 2. Assessment Scale– Vulnerability Severity (After NIST 800–30 Rev1 2012, F-2

Awareness Information with Speech and Sound

NASA Astrophysics Data System (ADS)

Kainulainen, Anssi; Turunen, Markku; Hakulinen, Jaakko

In modern work environments, people have many tasks, collaborate with other people and use various equipment and services. Staying aware of other people, processes and situations in work environments is important. We naturally use our hearing to maintain this awareness; hearing other people talk let us know they are present, sounds of people walking, typing, etc. help us stay aware of overall situation almost without conscious effort. Such awareness can also be supported by technology; information can be presented with varying levels of subtlety ranging from loud warning signals to subtle cues, such as the sound of a hard drive indicating activity in a computer. Creating a computer system that supports our awareness of coworkers and overall situation in the workplace can increase our productivity and make the workplace a more social and enjoyable place.

Geographical Database Integrity Validation

NASA Technical Reports Server (NTRS)

Jacobs, Derya; Kauffman, Paul; Blackstock, Dexter

2000-01-01

Airport Safety Modeling Data (ASMD) was developed at the request of a 1997 White House Conference on Aviation Safety and Security. Politicians, military personnel, commercial aircraft manufacturers and the airline industry attended the conference. The objective of the conference was to study the airline industry and make recommendations to improve safety and security. One of the topics discussed at the conference was the loss of situational awareness by aircraft pilots. Loss of situational awareness occurs when a pilot loses his geographic position during flight and can result in crashes into terrain and obstacles. It was recognized at the conference that aviation safety could be improved by reducing the loss of situational awareness. The conference advised that a system be placed in the airplane cockpit that would provide pilots with a visual representation of the terrain around airports. The system would prevent airline crashes during times of inclement weather and loss of situational awareness. The system must be based on accurate data that represents terrain around airports. The Department of Defense and the National Imagery and Mapping Agency (NIMA) released ASMD to be used for the development of a visual system for aircraft pilots. ASMD was constructed from NIMA digital terrain elevation data (DTED).

Enhancing Security by System-Level Virtualization in Cloud Computing Environments

NASA Astrophysics Data System (ADS)

Sun, Dawei; Chang, Guiran; Tan, Chunguang; Wang, Xingwei

Many trends are opening up the era of cloud computing, which will reshape the IT industry. Virtualization techniques have become an indispensable ingredient for almost all cloud computing system. By the virtual environments, cloud provider is able to run varieties of operating systems as needed by each cloud user. Virtualization can improve reliability, security, and availability of applications by using consolidation, isolation, and fault tolerance. In addition, it is possible to balance the workloads by using live migration techniques. In this paper, the definition of cloud computing is given; and then the service and deployment models are introduced. An analysis of security issues and challenges in implementation of cloud computing is identified. Moreover, a system-level virtualization case is established to enhance the security of cloud computing environments.

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Willingness of older adults to share data and privacy concerns after exposure to unobtrusive in-home monitoring.

PubMed

Boise, Linda; Wild, Katherine; Mattek, Nora; Ruhl, Mary; Dodge, Hiroko H; Kaye, Jeffrey

2013-01-01

Older adult participants in the Intelligent Systems for Assessment of Aging Changes study (ISAAC) carried out by the Oregon Center for Aging and Technology (ORCATECH) were surveyed regarding their attitudes about unobtrusive home monitoring and computer use at baseline and after one year (n=119). The survey was part of a longitudinal study using in-home sensor technology to detect cognitive changes and other health problems. Our primary objective was to measure willingness to share health or activity data with one's doctor or family members and concerns about privacy or security of monitoring over one year of study participation. Differences in attitudes of participants with Mild Cognitive Impairment (MCI) compared to those with normal cognition were also examined. A high proportion (over 72%) of participants reported acceptance of in-home and computer monitoring and willingness to have data shared with their doctor or family members. However, a majority (60%) reported concerns related to privacy or security; these concerns increased after one year of participation. Few differences between participants with MCI and those with normal cognition were identified. Findings suggest that involvement in this unobtrusive in-home monitoring study may have raised awareness about the potential privacy risks of technology. Still, results show high acceptance, stable over time, of sharing information from monitoring systems with family members and doctors. Our findings have important implications for the deployment of technologies among older adults in research studies as well as in the general community.

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

The Naval Postgraduate School SECURE ARCHIVAL STORAGE SYSTEM. Part II. Segment and Process Management Implementation.

DTIC Science & Technology

1981-03-01

Research Instructor of Computer Scienr-. Reviewed by: Released by: WILLIAM M. TOLLES Department puter Science Dean of Research 4c t SECURITY...Lyle A. Cox, Roger R. Schell, and Sonja L. Perdue 9. PERFORMING ORGANIZATION NAME ANO ADDRESS 10. PROGRAM ELEMENT. PROJECT. TASK AREA A WORK UNIT... Computer Networks, Operating Systems, Computer Security 20. AftUrCT (Cnthm, w v re eae old* It n..*p and idm 0 F W blk ..m.m.o’) ",A_;he security

Private quantum computation: an introduction to blind quantum computing and related protocols

NASA Astrophysics Data System (ADS)

Fitzsimons, Joseph F.

2017-06-01

Quantum technologies hold the promise of not only faster algorithmic processing of data, via quantum computation, but also of more secure communications, in the form of quantum cryptography. In recent years, a number of protocols have emerged which seek to marry these concepts for the purpose of securing computation rather than communication. These protocols address the task of securely delegating quantum computation to an untrusted device while maintaining the privacy, and in some instances the integrity, of the computation. We present a review of the progress to date in this emerging area.

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

77 FR 65215 - In the Matter of Licensee Identified in Attachment 1 and all Other Persons Who Obtain Safeguards...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-25

... a computing environment that has adequate computer security controls in place to prevent... NRC intends to issue a security Order to this Licensee in the near future. The Order will require compliance with specific Additional Security Measures to enhance the security for certain radioactive...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Computer applications for the hospital security department--buying or developing a shift log reporting system.

PubMed

Gruber, T

1996-01-01

The author presents guidelines to help a security department select a computer system to track security activities--whether it's a commercial software product, an in-house developed program, or a do-it-yourself designed system. Computerized security activity reporting, he believes, is effective and beneficial.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

DOT National Transportation Integrated Search

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

Motivating Contributions for Home Computer Security

ERIC Educational Resources Information Center

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

Proposal for founding mistrustful quantum cryptography on coin tossing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian; Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZ,

2003-07-01

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process, or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multiparty computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signaling constraints into account. The best that can be hoped for, in general, aremore » quantum protocols which are computationally secure against quantum attack. Here a method is described for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin-tossing protocol. No security proof is attempted, but reasons are sketched why these protocols might resist quantum computational attack.« less

Ergonomics in the computer workstation.

PubMed

Karoney, M J; Mburu, S K; Ndegwa, D W; Nyaichowa, A G; Odera, E B

2010-09-01

Awareness of effects of long term use of computer and application of ergonomics in the computer workstation is important for preventing musculoskeletal disorders, eyestrain and psychosocial effects. To determine the awareness of physical and psychological effects of prolonged computer usage and application of ergonomicsin the workstation. One hundred and eighty one people were interviewed from tertiary educational institutions, telecommunications and media houses within Nairobi, Kenya. Descriptive cross sectional study. Majority (89.8%) of the respondents felt that prolonged computer use had an adverse effect on their health, with only 12.4% having received formal training on the same. Assessment of their workstations revealed the most applied ergonomic measure as feet placement on the floor: 100% (181) followed by correct monitor placement with 94.4% (171) fulfilling the requirements. The least applied ergonomic measures were non reflecting wall paint: 5% (9) and adjustable desk 9.9% (18). There is awareness among computer users on the effects of prolonged computer use but there is limited application of ergonomic measures.

Privacy and security issues in teleradiology.

PubMed

White, Peter

2004-10-01

Teleradiology is now well established within healthcare in the USA, but ethico-legal concepts surrounding this innovation remain unclear. New legislation, the Health Insurance Portability and Accountability Act, as well as ethical guidelines and common law demonstrate the importance being placed on security of electronic data and the protection of patients' personal data. Radiologists need to be aware of the security, privacy, and confidentiality issues which relate to teleradiology, so that they can safeguard not only their own interests but also the best interests of their patients.

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

Network gateway security method for enterprise Grid: a literature review

NASA Astrophysics Data System (ADS)

Sujarwo, A.; Tan, J.

2017-03-01

The computational Grid has brought big computational resources closer to scientists. It enables people to do a large computational job anytime and anywhere without any physical border anymore. However, the massive and spread of computer participants either as user or computational provider arise problems in security. The challenge is on how the security system, especially the one which filters data in the gateway could works in flexibility depends on the registered Grid participants. This paper surveys what people have done to approach this challenge, in order to find the better and new method for enterprise Grid. The findings of this paper is the dynamically controlled enterprise firewall to secure the Grid resources from unwanted connections with a new firewall controlling method and components.

A Test-Bed of Secure Mobile Cloud Computing for Military Applications

DTIC Science & Technology

2016-09-13

searching databases. This kind of applications is a typical example of mobile cloud computing (MCC). MCC has lots of applications in the military...Release; Distribution Unlimited UU UU UU UU 13-09-2016 1-Aug-2014 31-Jul-2016 Final Report: A Test-bed of Secure Mobile Cloud Computing for Military...Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-2211 Test-bed, Mobile Cloud Computing , Security, Military Applications REPORT

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

Case Study: Creation of a Degree Program in Computer Security. White Paper.

ERIC Educational Resources Information Center

Belon, Barbara; Wright, Marie

This paper reports on research into the field of computer security, and undergraduate degrees offered in that field. Research described in the paper reveals only one computer security program at the associate's degree level in the entire country. That program, at Texas State Technical College in Waco, is a 71-credit-hour program leading to an…

Towards an integrated defense system for cyber security situation awareness experiment

NASA Astrophysics Data System (ADS)

Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

2015-05-01

In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

Understanding Mobile Apps

MedlinePlus

... share personal information let your kids spend real money — even if the app is free include ads link to social media What’s more, ... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making ... Security "Free" Security Scans Computer Security Disposing of Old Computers ...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

A Trusted Portable Computing Device

NASA Astrophysics Data System (ADS)

Ming-wei, Fang; Jun-jun, Wu; Peng-fei, Yu; Xin-fang, Zhang

A trusted portable computing device and its security mechanism were presented to solve the security issues, such as the attack of virus and Trojan horse, the lost and stolen of storage device, in mobile office. It used smart card to build a trusted portable security base, virtualization to create a secure virtual execution environment, two-factor authentication mechanism to identify legitimate users, and dynamic encryption to protect data privacy. The security environment described in this paper is characteristic of portability, security and reliability. It can meet the security requirement of mobile office.

SARANA: language, compiler and run-time system support for spatially aware and resource-aware mobile computing.

PubMed

Hari, Pradip; Ko, Kevin; Koukoumidis, Emmanouil; Kremer, Ulrich; Martonosi, Margaret; Ottoni, Desiree; Peh, Li-Shiuan; Zhang, Pei

2008-10-28

Increasingly, spatial awareness plays a central role in many distributed and mobile computing applications. Spatially aware applications rely on information about the geographical position of compute devices and their supported services in order to support novel functionality. While many spatial application drivers already exist in mobile and distributed computing, very little systems research has explored how best to program these applications, to express their spatial and temporal constraints, and to allow efficient implementations on highly dynamic real-world platforms. This paper proposes the SARANA system architecture, which includes language and run-time system support for spatially aware and resource-aware applications. SARANA allows users to express spatial regions of interest, as well as trade-offs between quality of result (QoR), latency and cost. The goal is to produce applications that use resources efficiently and that can be run on diverse resource-constrained platforms ranging from laptops to personal digital assistants and to smart phones. SARANA's run-time system manages QoR and cost trade-offs dynamically by tracking resource availability and locations, brokering usage/pricing agreements and migrating programs to nodes accordingly. A resource cost model permeates the SARANA system layers, permitting users to express their resource needs and QoR expectations in units that make sense to them. Although we are still early in the system development, initial versions have been demonstrated on a nine-node system prototype.

Faculty Roles, Responsibilities, and Involvement in Campus Safety Initiatives as Perceived by Faculty and Administrators: A Case Study at a Large State University

ERIC Educational Resources Information Center

Rollings, Meda Janeen

2010-01-01

The study addressed the problem of campus safety and the extent to which faculty and administrators are aware of institutional security policies. Further, the research compared perceptions of administrators and faculty regarding faculty awareness of and involvement in campus safety policy initiatives. The research sought to determine if the…

Network Adaptability from WMD Disruption and Cascading Failures

DTIC Science & Technology

2016-04-01

Figure 1(b) shows a typical timeline before and after an attack with an example of average offered and requested bandwidth utilization. Telecom ...and security of our nation. Telecom networks and the Internet were originally designed to provide end-to-end communications which can survive failures...technology transfer The techniques developed for WMD-aware reprovisioning are also applicable for any disaster-aware provisioning on telecom

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

ERIC Educational Resources Information Center

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

The Enterprise 2.0 Concept: Challenges on Data and Information Security

NASA Astrophysics Data System (ADS)

Silva, Ana; Moreira, Fernando; Varajão, João

The Web 2.0 wave has "hit" businesses all over the world, with companies taking advantage of the 2.0 concept and new applications stimulating collaboration between employees, and also with external partners (suppliers, contractors, universities, R&D organizations and others). However, the use of Web 2.0 applications inside organizations has created additional security challenges, especially regarding data and information security. Companies need to be aware of these risks when deploying the 2.0 concept and take a proactive approach on security. In this paper are identified and discussed some of the challenges and risks of the use of Web 2.0 tools, namely when it comes to securing companies' intellectual property.

Medico legal issues.

PubMed

Mackenzie, Geraldine; Carter, Hugh

2010-01-01

This chapter gives an educational overview of: * An awareness of the legal issues involved in health informatics * The need for the privacy and security of the patient record * The legal consequences of a breach of the security of the patient record * The concept of privacy law and what precautions ought to be taken to minimize legal liability for a breach of privacy and/or confidentiality.

The FBI's Library Awareness Program: National Security vs Government Intrusion into American Libraries [and] The KGB and the Library Target.

ERIC Educational Resources Information Center

Information Reports and Bibliographies, 1988

1988-01-01

Presents statements made to the House Judiciary Subcommittee on Civil and Constitutional Rights by representatives of the Federal Bureau of Investigation and the library community concerning the surveillance of library users' reading habits as a national security measure. An FBI study on the extent of Soviet intelligence service's utilization of…

Assessing the Impact of Security Behavior on the Awareness of Open-Source Intelligence: A Quantitative Study of IT Knowledge Workers

ERIC Educational Resources Information Center

Daniels, Daniel B., III

2014-01-01

There is a lack of literature linking end-user behavior to the availability of open-source intelligence (OSINT). Most OSINT literature has been focused on the use and assessment of open-source intelligence, not the proliferation of personally or organizationally identifiable information (PII/OII). Additionally, information security studies have…

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of Standards and Technology, Computer Security Division, Information Technology Laboratory, National... standards are available from the National Institute of Standards and Technology, Computer Security Division... 140-2, Security Requirements for Cryptographic Modules, May 25, 2001, as amended by Change Notices 2...

Interactive Synthesis of Code Level Security Rules

DTIC Science & Technology

2017-04-01

Interactive Synthesis of Code-Level Security Rules A Thesis Presented by Leo St. Amour to The Department of Computer Science in partial fulfillment...of the requirements for the degree of Master of Science in Computer Science Northeastern University Boston, Massachusetts April 2017 DISTRIBUTION...Abstract of the Thesis Interactive Synthesis of Code-Level Security Rules by Leo St. Amour Master of Science in Computer Science Northeastern University

A Virtual Hosting Environment for Distributed Online Gaming

NASA Astrophysics Data System (ADS)

Brossard, David; Prieto Martinez, Juan Luis

With enterprise boundaries becoming fuzzier, it’s become clear that businesses need to share resources, expose services, and interact in many different ways. In order to achieve such a distribution in a dynamic, flexible, and secure way, we have designed and implemented a virtual hosting environment (VHE) which aims at integrating business services across enterprise boundaries and virtualising the ICT environment within which these services operate in order to exploit economies of scale for the businesses as well as achieve shorter concept-to-market time scales. To illustrate the relevance of the VHE, we have applied it to the online gaming world. Online gaming is an early adopter of distributed computing and more than 30% of gaming developer companies, being aware of the shift, are focusing on developing high performance platforms for the new online trend.

Adolescents, Health Education, and Computers: The Body Awareness Resource Network (BARN).

ERIC Educational Resources Information Center

Bosworth, Kris; And Others

1983-01-01

The Body Awareness Resource Network (BARN) is a computer-based system designed as a confidential, nonjudgmental source of health information for adolescents. Topics include alcohol and other drugs, diet and activity, family communication, human sexuality, smoking, and stress management; programs are available for high school and middle school…

PERKAM: Personalized Knowledge Awareness Map for Computer Supported Ubiquitous Learning

ERIC Educational Resources Information Center

El-Bishouty, Moushir M.; Ogata, Hiroaki; Yano, Yoneo

2007-01-01

This paper introduces a ubiquitous computing environment in order to support the learners while doing tasks; this environment is called PERKAM (PERsonalized Knowledge Awareness Map). PERKAM allows the learners to share knowledge, interact, collaborate, and exchange individual experiences. It utilizes the RFID ubiquities technology to detect the…

Development and Demonstration of a Security Core Component

DOE Office of Scientific and Technical Information (OSTI.GOV)

Turke, Andy

In recent years, the convergence of a number of trends has resulted in Cyber Security becoming a much greater concern for electric utilities. A short list of these trends includes: · Industrial Control Systems (ICSs) have evolved from depending on proprietary hardware and operating software toward using standard off-the-shelf hardware and operating software. This has meant that these ICSs can no longer depend on “security through obscurity. · Similarly, these same systems have evolved toward using standard communications protocols, further reducing their ability to rely upon obscurity. · The rise of the Internet and the accompanying demand for more datamore » about virtually everything has resulted in formerly isolated ICSs becoming at least partially accessible via Internet-connected networks. · “Cyber crime” has become commonplace, whether it be for industrial espionage, reconnaissance for a possible cyber attack, theft, or because some individual or group “has something to prove.” Electric utility system operators are experts at running the power grid. The reality is, especially at small and mid-sized utilities, these SCADA operators will by default be “on the front line” if and when a cyber attack occurs against their systems. These people are not computer software, networking, or cyber security experts, so they are ill-equipped to deal with a cyber security incident. Cyber Security Manager (CSM) was conceived, designed, and built so that it can be configured to know what a utility’s SCADA/EMS/DMS system looks like under normal conditions. To do this, CSM monitors log messages from any device that uses the syslog standard. It can also monitor a variety of statistics from the computers that make up the SCADA/EMS/DMS: outputs from host-based security tools, intrusion detection systems, SCADA alarms, and real-time SCADA values – even results from a SIEM (Security Information and Event Management) system. When the system deviates from “normal,” CSM can alert the operator in language that they understand that an incident may be occurring, provide actionable intelligence, and informing them what actions to take. These alarms may be viewed on CSM’s built-in user interface, sent to a SCADA alarm list, or communicated via email, phone, pager, or SMS message. In recognition of the fact that “real world” training for cyber security events is impractical, CSM has a built-in Operator Training Simulator capability. This can be used stand alone to create simulated event scenarios for training purposes. It may also be used in conjunction with the recipient’s SCADA/EMS/DMS Operator Training Simulator. In addition to providing cyber security situational awareness for electric utility operators, CSM also provides tools for analysts and support personnel; in fact, the majority of user interface displays are designed for use in analyzing current and past security events. CSM keeps security-related information in long-term storage, as well as writing any decisions it makes to a (syslog) log for use forensic or other post-event analysis.« less

Norm-Aware Socio-Technical Systems

NASA Astrophysics Data System (ADS)

Savarimuthu, Bastin Tony Roy; Ghose, Aditya

The following sections are included: * Introduction * The Need for Norm-Aware Systems * Norms in human societies * Why should software systems be norm-aware? * Case Studies of Norm-Aware Socio-Technical Systems * Human-computer interactions * Virtual environments and multi-player online games * Extracting norms from big data and software repositories * Norms and Sustainability * Sustainability and green ICT * Norm awareness through software systems * Where To, From Here? * Conclusions

Secure distributed genome analysis for GWAS and sequence comparison computation.

PubMed

Zhang, Yihua; Blanton, Marina; Almashaqbeh, Ghada

2015-01-01

The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice.

Secure distributed genome analysis for GWAS and sequence comparison computation

PubMed Central

2015-01-01

Background The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. Methods In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. Results We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. Conclusions This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice. PMID:26733307

Context Aware Middleware Architectures: Survey and Challenges

PubMed Central

Li, Xin; Eckert, Martina; Martinez, José-Fernán; Rubio, Gregorio

2015-01-01

Context aware applications, which can adapt their behaviors to changing environments, are attracting more and more attention. To simplify the complexity of developing applications, context aware middleware, which introduces context awareness into the traditional middleware, is highlighted to provide a homogeneous interface involving generic context management solutions. This paper provides a survey of state-of-the-art context aware middleware architectures proposed during the period from 2009 through 2015. First, a preliminary background, such as the principles of context, context awareness, context modelling, and context reasoning, is provided for a comprehensive understanding of context aware middleware. On this basis, an overview of eleven carefully selected middleware architectures is presented and their main features explained. Then, thorough comparisons and analysis of the presented middleware architectures are performed based on technical parameters including architectural style, context abstraction, context reasoning, scalability, fault tolerance, interoperability, service discovery, storage, security & privacy, context awareness level, and cloud-based big data analytics. The analysis shows that there is actually no context aware middleware architecture that complies with all requirements. Finally, challenges are pointed out as open issues for future work. PMID:26307988

Non-developmental item computer systems and the malicious software threat

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

Securing the Data Storage and Processing in Cloud Computing Environment

ERIC Educational Resources Information Center

Owens, Rodney

2013-01-01

Organizations increasingly utilize cloud computing architectures to reduce costs and energy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth…

Computer Virus Bibliography, 1988-1989.

ERIC Educational Resources Information Center

Bologna, Jack, Comp.

This bibliography lists 14 books, 154 journal articles, 34 newspaper articles, and 3 research papers published during 1988-1989 on the subject of computer viruses, software protection and 'cures', virus hackers, and other related issues. Some of the sources listed include Computers and Security, Computer Security Digest, PC Week, Time, the New…

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

Awareness of disaster reduction frameworks and risk perception of natural disaster: a questionnaire survey among Philippine and Indonesian health care personnel and public health students.

PubMed

Usuzawa, Motoki; O Telan, Elizabeth; Kawano, Razel; S Dizon, Carmela; Alisjahbana, Bachti; Ashino, Yugo; Egawa, Shinichi; Fukumoto, Manabu; Izumi, Takako; Ono, Yuichi; Hattori, Toshio

2014-05-01

As the impacts of natural disasters have grown more severe, the importance of education for disaster medicine gains greater recognition. We launched a project to establish an international educational program for disaster medicine. In the present study, we surveyed medical personnel and medical/public health students in the Philippines (n = 45) and Indonesia (n = 67) for their awareness of the international frameworks related to disaster medicine: the Human Security (securing individual life and health), the Sphere Project (international humanitarian response), and the Hyogo Framework for Action 2005-2015 (international strategy for disaster reduction). In both countries, more than 50% responders were aware of human security, but only 2 to 12% were aware of the latter two. The survey also contained questions about the preferred subjects in prospective educational program, and risk perception on disaster and disaster-related infections. In the Philippines, significant disasters were geophysical (31.0%), hydrological (33.3%), or meteorological (24.8%), whereas in Indonesia, geophysical (63.0%) and hydrological (25.3%) were significant. Moreover, in the Philippines, leptospirosis (27.1%), dengue (18.6%), diarrhea (15.3%), and cholera (10.2%) were recognized common disaster-related infections. In Indonesia, diarrhea (22.0%) and respiratory infection (20.3%) are major disaster-related infections. Water-related infections were the major ones in both countries, but the profiles of risk perception were different (Pearson's chi-square test, p = 1.469e-05). The responders tended to overestimate the risk of low probability and high consequence such as geophysical disaster. These results are helpful for the development of a postgraduate course for disaster medicine in Asia Pacific countries.

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

Design Principles and Guidelines for Security

DTIC Science & Technology

2007-11-21

Padula , Secure Computer Systems: Unified Exposition and Multics Interpretation. Electronic Systems Division, USAF. ESD-TR-75-306, MTR-2997 Rev.1...Hanscom AFB, MA. March 1976 [7] David Elliott Bell. “Looking Back at the Bell-La Padula Model,” Proc. Annual Computer Security Applications Conference

20 CFR 225.15 - Overall Minimum PIA.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security Act based on combined railroad and social security earnings. The Overall Minimum PIA is used in computing the social security overall minimum guaranty amount. The overall minimum guaranty rate annuity... INSURANCE AMOUNT DETERMINATIONS PIA's Used in Computing Employee, Spouse and Divorced Spouse Annuities § 225...

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

NASA Astrophysics Data System (ADS)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

National Computer Security Conference Proceedings (11th): A Postscript: Computer Security--Into the Future, 17-20 October 1988

DTIC Science & Technology

1988-10-20

The LOCK project , from its very beginnings as an implementation study for the Provably Secure Operating System in 1979...to the security field, can study to gain insight into the evaluation process. The project has developed an innovative format for the DTLS and FTLS...management tern becomes available, the Al Secure DBMS will be system (DBMS) that is currently being developed un- ported to it . der the Advanced

Validity and reliability of food security measures.

PubMed

Cafiero, Carlo; Melgar-Quiñonez, Hugo R; Ballard, Terri J; Kepple, Anne W

2014-12-01

This paper reviews some of the existing food security indicators, discussing the validity of the underlying concept and the expected reliability of measures under reasonably feasible conditions. The main objective of the paper is to raise awareness on existing trade-offs between different qualities of possible food security measurement tools that must be taken into account when such tools are proposed for practical application, especially for use within an international monitoring framework. The hope is to provide a timely, useful contribution to the process leading to the definition of a food security goal and the associated monitoring framework within the post-2015 Development Agenda. © 2014 New York Academy of Sciences.

A Video Game for Cyber Security Training and Awareness

DTIC Science & Technology

2006-01-01

potentially mundane. Video games have been proposed as an engaging training vehicle (Prenski, 2001). Here we describe a video game-like tool called Cyber- CIEGE...formation assurance, and information assurance technolo- gists with little background in video games . Early focus was on establishing a language that... video games or adventure games appear more inclined to explorethe game, sometimes proceeding beyond the simple aware- ness scenarios into more

Multinational Experiment 7. Outcome 3 - Cyber Domain Objective 3.4: Cyber Situational Awareness Standard Operating Procedure

DTIC Science & Technology

2012-12-01

and activity coordination (for example, SOC management ). 10. In Reference D the information sharing framework represents a hub & node model in... management , vulnerabilities, critical assets, threats, impacts on operations etc. UNCLASSIFIED UNCLASSIFIED 6 PART 3 - CYBER SITUATIONAL AWARENESS...limit the effect of cyber incidents. 23. Tasks of the SOC include: • System maintenance and management including applying the directed security

MNE7 Access to the Global Commons Outcome 3 Cyber Domain. Objective 3.5 Cyber Situational Awareness. Concept of Employment for Cyber Situational Awareness Within the Global Commons Version 1.0

DTIC Science & Technology

2013-02-25

such as authentication , protocols, and ‘signature’ management exist but the imposition of such techniques must be balan 15p the legal requirements...gulation, mation face onflicting pressures to keep this data secure and yet allow access by authorised users. in the sharing network should be

Peripheral Social Awareness Information in Collaborative Work.

ERIC Educational Resources Information Center

Spring, Michael B.; Vathanophas, Vichita

2003-01-01

Discusses being aware of other members of a team in a collaborative environment and reports on a study that examined group performance on a task that was computer mediated with and without awareness information. Examines how an awareness tool impacts the quality of a collaborative work effort and the communications between group members.…

A principled approach to the measurement of situation awareness in commercial aviation

NASA Technical Reports Server (NTRS)

Tenney, Yvette J.; Adams, Marilyn Jager; Pew, Richard W.; Huggins, A. W. F.; Rogers, William H.

1992-01-01

The issue of how to support situation awareness among crews of modern commercial aircraft is becoming especially important with the introduction of automation in the form of sophisticated flight management computers and expert systems designed to assist the crew. In this paper, cognitive theories are discussed that have relevance for the definition and measurement of situation awareness. These theories suggest that comprehension of the flow of events is an active process that is limited by the modularity of attention and memory constraints, but can be enhanced by expert knowledge and strategies. Three implications of this perspective for assessing and improving situation awareness are considered: (1) Scenario variations are proposed that tax awareness by placing demands on attention; (2) Experimental tasks and probes are described for assessing the cognitive processes that underlie situation awareness; and (3) The use of computer-based human performance models to augment the measures of situation awareness derived from performance data is explored. Finally, two potential example applications of the proposed assessment techniques are described, one concerning spatial awareness using wide field of view displays and the other emphasizing fault management in aircraft systems.

Conceptual Architecture for Obtaining Cyber Situational Awareness

DTIC Science & Technology

2014-06-01

1-893723-17-8. [10] SKYBOX SECURITY. Developer´s Guide. Skybox View. Manual.Version 11. 2010. [11] SCALABLE Network. EXata communications...E. Understanding command and control. Washington, D.C.: CCRP Publication Series, 2006. 255 p. ISBN 1-893723-17-8. • [10] SKYBOX SECURITY. Developer...s Guide. Skybox View. Manual.Version 11. 2010. • [11] SCALABLE Network. EXata communications simulation platform. Available: <http://www.scalable

Automated, Certified Program-rewriting for Software Security Enforcement

DTIC Science & Technology

2012-03-05

VLC ), pages 257-260, Oak Brook, Illinois, Oc- tober 2010. [14] Aditi A. Patwardhan. Security-aware program visualization for analyz- ing in-lined...January 2010. [17] Meera Sridhar and Kevin W. Hamlen. Flexible in-lined reference moni- tor certification: Challenges and future directions. In...pages 55-60, Austin, Texas, January 2011. [18] Bhavani Thuraisingham and Kevin W. Hamlen. Challenges and future directions of software technology

Education for Global Leadership: The Importance of International Studies and Foreign Language Education for U.S. Economic and National Security

ERIC Educational Resources Information Center

Committee for Economic Development, 2006

2006-01-01

To confront the twenty-first century challenges to our economy and national security, our education system must be strengthened to increase the foreign language skills and cultural awareness of our students. America's continued global leadership will depend on our students' abilities to interact with the world community both inside and outside our…

Shared Awareness in Times of Crisis: A Framework for Collaboration

DTIC Science & Technology

2011-06-01

also affords a “ dashboard ” perspective allowing for centralization of resources. The U.S. Army’s Knowledge Online portal is one example of a single...labor, energy, materials, information, cash and technology into outputs of higher value • Organization’s values (criteria that managers and...follows: Challenges - Disabilities Inter-Organizational Cross-Organizational Privacy and Security high security (portal) blocks information flow Trust

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

Self-Aware Computing

DTIC Science & Technology

2009-06-01

to floating point , to multi-level logic. 2 Overview Self-aware computation can be distinguished from existing computational models which are...systems have advanced to the point that the time is ripe to realize such a system. To illustrate, let us examine each of the key aspects of self...servers for each service, there are no single points of failure in the system. If an OS or user core has a failure, one of several introspection cores

Report: EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0847, September 21, 2012.Our review of the security posture and in-place environmental controls of EPA’s Radiation and Indoor Environments National Laboratory computer room disclosed an array of security and environmental control deficiencies.

Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and securitymore » vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.« less

Common Capabilities for Trust and Security in Service Oriented Infrastructures

NASA Astrophysics Data System (ADS)

Brossard, David; Colombo, Maurizio

In order to achieve agility of the enterprise and shorter concept-to-market timescales for new services, IT and communication providers and their customers increasingly use technologies and concepts which come together under the banner of the Service Oriented Infrastructure (SOI) approach. In this paper we focus on the challenges relating to SOI security. The solutions presented cover the following areas: i) identity federation, ii) distributed usage & access management, and iii) context-aware secure messaging, routing & transformation. We use a scenario from the collaborative engineering space to illustrate the challenges and the solutions.

Exploring Students' Language Awareness through Intercultural Communication in Computer-Supported Collaborative Learning

ERIC Educational Resources Information Center

Yang, Yu-Fen

2013-01-01

Students seldom think about language unless they are instructed to do so or are made to do so during learning activities. To arouse students' awareness while learning English for Specific Purposes (ESP), this study formed a computer-supported collaborative learning (CSCL) community to engage teachers and students from different domains and…

Blind Quantum Signature with Blind Quantum Computation

NASA Astrophysics Data System (ADS)

Li, Wei; Shi, Ronghua; Guo, Ying

2017-04-01

Blind quantum computation allows a client without quantum abilities to interact with a quantum server to perform a unconditional secure computing protocol, while protecting client's privacy. Motivated by confidentiality of blind quantum computation, a blind quantum signature scheme is designed with laconic structure. Different from the traditional signature schemes, the signing and verifying operations are performed through measurement-based quantum computation. Inputs of blind quantum computation are securely controlled with multi-qubit entangled states. The unique signature of the transmitted message is generated by the signer without leaking information in imperfect channels. Whereas, the receiver can verify the validity of the signature using the quantum matching algorithm. The security is guaranteed by entanglement of quantum system for blind quantum computation. It provides a potential practical application for e-commerce in the cloud computing and first-generation quantum computation.

Computers Launch Faster, Better Job Matching

ERIC Educational Resources Information Center

Stevenson, Gloria

1976-01-01

Employment Security Automation Project (ESAP), a five-year program sponsored by the Employment and Training Administration, features an innovative computer-assisted job matching system and instantaneous computer-assisted service for unemployment insurance claimants. ESAP will also consolidate existing automated employment security systems to…

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption

PubMed Central

2015-01-01

Background The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. Methods We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. Results The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Conclusions Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics. PMID:26733391

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption.

PubMed

Zhang, Yuchen; Dai, Wenrui; Jiang, Xiaoqian; Xiong, Hongkai; Wang, Shuang

2015-01-01

The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics.

Portable appliance security apparatus

NASA Technical Reports Server (NTRS)

Kerley, J. J. (Inventor)

1981-01-01

An apparatus for securing a small computer, or other portable appliance, against theft is described. It is comprised of a case having an open back through which the computer is installed or removed. Guide members in the form of slots are formed in a rear portion of opposite walls of the case for receiving a back plate to cover the opening and thereby secure the computer within the case. An opening formed in the top wall of the case exposes the keyboard and display of the computer. The back plate is locked in the closed position by a key-operated plug type lock. The lock is attached to one end of a hold down cable, the opposite end thereof being secured to a desk top or other stationary object. Thus, the lock simultaneously secures the back plate to the case and retains the case to the stationary object.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

76 FR 5973 - Privacy Act of 1974; Notice; Publication of the Systems of Records Managed by the Commodity...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-02

...: Paper records are stored in file folders, binders, computer files (eLaw) and computer disks. Electronic records, including computer files, are stored on the Commission's network and other electronic media as... physical security measures. Technical security measures within CFTC include restrictions on computer access...

75 FR 53005 - Privacy Act of 1974, as amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-30

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as amended; Notice of Computer Matching Program...

78 FR 34678 - Privacy Act of 1974, as Amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer Matching Program...

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

New security infrastructure model for distributed computing systems

NASA Astrophysics Data System (ADS)

Dubenskaya, J.; Kryukov, A.; Demichev, A.; Prikhodko, N.

2016-02-01

At the paper we propose a new approach to setting up a user-friendly and yet secure authentication and authorization procedure in a distributed computing system. The security concept of the most heterogeneous distributed computing systems is based on the public key infrastructure along with proxy certificates which are used for rights delegation. In practice a contradiction between the limited lifetime of the proxy certificates and the unpredictable time of the request processing is a big issue for the end users of the system. We propose to use unlimited in time hashes which are individual for each request instead of proxy certificate. Our approach allows to avoid using of the proxy certificates. Thus the security infrastructure of distributed computing system becomes easier for development, support and use.

Plan for Reducing Unnecessary use of Social Security Numbers

EPA Pesticide Factsheets

Recognizing that training and awareness are critical to protecting agency Personally Identifiable Information (PII), the EPA is developing online training for privacy contacts in its programs and regions.

Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines

ERIC Educational Resources Information Center

Waguespack, Leslie J.

2014-01-01

With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…

76 FR 30150 - Establishment of a New System of Records for Personal Information Collected by the Environmental...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... the entire information system with respect to computer security, prohibition and detection of any.... Safeguards: --Computer-stored information is protected in accordance with the Agency's security requirements..., loaner car agreement, cash incentives agreement (includes social security number for mandatory tax...

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Birds of a Feather: Supporting Secure Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Braswell III, H V

2006-04-24

Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management,more » PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.« less

Secure public cloud platform for medical images sharing.

PubMed

Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

2015-01-01

Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

Individual and work-related risk factors for musculoskeletal pain: a cross-sectional study among Estonian computer users.

PubMed

Oha, Kristel; Animägi, Liina; Pääsuke, Mati; Coggon, David; Merisalu, Eda

2014-05-28

Occupational use of computers has increased rapidly over recent decades, and has been linked with various musculoskeletal disorders, which are now the most commonly diagnosed occupational diseases in Estonia. The aim of this study was to assess the prevalence of musculoskeletal pain (MSP) by anatomical region during the past 12 months and to investigate its association with personal characteristics and work-related risk factors among Estonian office workers using computers. In a cross-sectional survey, the questionnaires were sent to the 415 computer users. Data were collected by self-administered questionnaire from 202 computer users at two universities in Estonia. The questionnaire asked about MSP at different anatomical sites, and potential individual and work related risk factors. Associations with risk factors were assessed by logistic regression. Most respondents (77%) reported MSP in at least one anatomical region during the past 12 months. Most prevalent was pain in the neck (51%), followed by low back pain (42%), wrist/hand pain (35%) and shoulder pain (30%). Older age, right-handedness, not currently smoking, emotional exhaustion, belief that musculoskeletal problems are commonly caused by work, and low job security were the statistically significant risk factors for MSP in different anatomical sites. A high prevalence of MSP in the neck, low back, wrist/arm and shoulder was observed among Estonian computer users. Psychosocial risk factors were broadly consistent with those reported from elsewhere. While computer users should be aware of ergonomic techniques that can make their work easier and more comfortable, presenting computer use as a serious health hazard may modify health beliefs in a way that is unhelpful.

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

Computer simulation of functioning of elements of security systems

NASA Astrophysics Data System (ADS)

Godovykh, A. V.; Stepanov, B. P.; Sheveleva, A. A.

2017-01-01

The article is devoted to issues of development of the informational complex for simulation of functioning of the security system elements. The complex is described from the point of view of main objectives, a design concept and an interrelation of main elements. The proposed conception of the computer simulation provides an opportunity to simulate processes of security system work for training security staff during normal and emergency operation.

Expressing the sense of the House of Representatives with respect to supporting the goals and ideals of the seventh annual National Cybersecurity Awareness Month and supporting the efforts of the Department of Homeland Security to raise awareness of cyber threats and enhance cybersecurity in the United States.

THOMAS, 111th Congress

Rep. Clarke, Yvette D. [D-NY-11

2010-09-29

House - 11/01/2010 Referred to the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

A secure file manager for UNIX

DOE Office of Scientific and Technical Information (OSTI.GOV)

DeVries, R.G.

1990-12-31

The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure filemore » manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.« less

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

A Dedicated Computational Platform for Cellular Monte Carlo T-CAD Software Tools

DTIC Science & Technology

2015-07-14

computer that establishes an encrypted Virtual Private Network ( OpenVPN [44]) based on the Secure Socket Layer (SSL) paradigm. Each user is given a...security certificate for each device used to connect to the computing nodes. Stable OpenVPN clients are available for Linux, Microsoft Windows, Apple OSX...platform is granted by an encrypted connection base on the Secure Socket Layer (SSL) protocol, and implemented in the OpenVPN Virtual Personal Network

Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication

DTIC Science & Technology

2017-05-22

Proceedings of the International Conference on Security and Management (SAM 󈧇) In Proceedings of the 2014 ACM SIGSAC Conference on Computer and...Communications Security (CCS ’14) In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’10) In Proceedings of the 3rd Symposium...on Usable Privacy and Security (SOUPS ’07) In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’12) In Proceedings of

76 FR 52353 - Assumption Buster Workshop: “Current Implementations of Cloud Computing Indicate a New Approach...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-22

... explored in this series is cloud computing. The workshop on this topic will be held in Gaithersburg, MD on October 21, 2011. Assertion: ``Current implementations of cloud computing indicate a new approach to security'' Implementations of cloud computing have provided new ways of thinking about how to secure data...

76 FR 43278 - Privacy Act; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-20

... computer (PC). The Security Management Officer's office remains locked when not in use. RETENTION AND... records to include names, addresses, social security numbers, service computation dates, leave usage data... that resides on a desktop computer. RETRIEVABILITY: Records maintained in file folders are indexed and...

78 FR 15730 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... 1974; Computer Matching Program AGENCY: U.S. Citizenship and Immigration Services, Department of... Matching Program between the Department of Homeland Security, U.S. Citizenship and Immigration Services and... computer matching program between the Department of Homeland Security, U.S. Citizenship and Immigration...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2012 CFR

2012-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2010 CFR

2010-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2013 CFR

2013-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2011 CFR

2011-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2014 CFR

2014-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0007] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

DNA EMP Awareness Course Notes. Supplement to Third Edition.

DTIC Science & Technology

1978-07-31

UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE (When Data Entered) REPORT DOCUMENTATION PAGE READ INSTRUCTIONS BEFORE COMPLETING FORM I REPORT...the environment through system design and testing. FORM 143 E,,N F’NOV 65 IS OBSOLETE DD JAN73 1473 EDITION OF UNCLASSIFIED SECURITY CLASSIFICATION OF...fields generated tems mission and deployment factors by the prompt gammas. Other forms of EMP, where these environments should be con- such as

Caught in the Middle at the U.S.-Canadian Border

DTIC Science & Technology

2013-03-01

Ibid., 486–88. 85 World Trade Law , “Canada―United States Free Trade Agreement: Preamble,” (n.d.), http://www.worldtradelaw.net/ nafta /cusfta.pdf...Maritime Domain Awareness MDOT Michigan Department of Transportation MiSN Michigan Security Network MSOC Marine Security Operation Center NAFTA ...brother, Kevin, and in- laws , Bill and Susie Leining, have given throughout the years. I am especially grateful to my parents, Craig and Phyllis

Water dependency and water exploitation at global scale as indicators of water security

NASA Astrophysics Data System (ADS)

De Roo, A. P. J.; Beck, H.; Burek, P.; Bernard, B.

2015-12-01

A water dependency index has been developed indicating the dependency of water consumption from upstream sources of water, sometimes across (multiple) national border. This index is calculated at global scale using the 0.1 global LISFLOOD hydrological modelling system forced by WFDEI meteorological data for the timeframe 1979-2012. The global LISFLOOD model simulates the most important hydrological processes, as well as water abstraction and consumption from various sectors, and flood routing, at daily scale, with sub-timesteps for routing and subgrid parameterization related to elevation and landuse. The model contains also options for water allocation, to allow preferences of water use for particular sectors in water scarce periods. LISFLOOD is also used for the Global Flood Awareness System (GloFAS), the European Flood Awareness System (EFAS), continental scale climate change impact studies on floods and droughts. The water dependency indicator is calculated on a monthly basis, and various annual and multiannual indicators are derived from it. In this study, the indicator will be compared against water security areas known from other studies. Other indicators calculated are the Water Exploitation Index (WEI+), which is a commonly use water security indicator in Europe, and freshwater resources per capita indicators at regional, national and river basin scale. Several climate scnearios are run to indicate future trends in water security.

Attitudes, perceptions and awareness concerning quaternary prevention among family doctors working in the Social Security System, Peru: a cross-sectional descriptive study.

PubMed

Cuba Fuentes, María Sofía; Zegarra Zamalloa, Carlos Orlando; Reichert, Sonja; Gill, Dawn

2016-04-27

Quaternary Prevention is defined as the action taken to identify patients at risk of overtreatment, to protect them from additional medical treatments, and to suggest interventions that are ethically acceptable. Many countries and organizations have joined in the efforts to practice quaternary prevention. These countries started a campaign called Choosing Wisely that implements recommendations in order to avoid harming patients. To determine the attitudes, perceptions and awareness towards Quaternary Prevention and the practice of “Choosing Wisely Canada Recommendations” among family doctors working in the Social Security System in Peru. A questionnaire was developed after reviewing the literature and contacting experts in the field and was sent by email to all 64 family physicians in the Social Security System (Essalud) in Lima Peru. Responses were received from 40 participants. The response rate was 64%. Approximately 95% reported that they understand the concept of quaternary prevention. Agreement with all the recommendations was 90% or higher. In most of the recommendations the applicability was more than 80%. The most important barriers perceived for the practice of Quaternary Prevention were patients’ expectations (33%). There are positive perceptions towards Quaternary Preventions and Choosing Wisely recommendations in the family doctors of social security in Lima Peru.

Department of Defense High Performance Computing Modernization Program. 2008 Annual Report

DTIC Science & Technology

2009-04-01

place to another on the network. Without it, a computer could only talk to itself - no email, no web browsing, and no iTunes . Most of the Internet...Your SecurID Card ), Ken Renard Secure Wireless, Rob Scott and Stephen Bowman Securing Today’s Networks, Rich Whittney, Juniper Networks, Federal

Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

ERIC Educational Resources Information Center

Telecommunications Policy Research Conference, Inc., Washington, DC.

In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

ERIC Educational Resources Information Center

Foltz, C. Bryan; Renwick, Janet S.

2011-01-01

The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Tools for Administration of a UNIX-Based Network

NASA Technical Reports Server (NTRS)

LeClaire, Stephen; Farrar, Edward

2004-01-01

Several computer programs have been developed to enable efficient administration of a large, heterogeneous, UNIX-based computing and communication network that includes a variety of computers connected to a variety of subnetworks. One program provides secure software tools for administrators to create, modify, lock, and delete accounts of specific users. This program also provides tools for users to change their UNIX passwords and log-in shells. These tools check for errors. Another program comprises a client and a server component that, together, provide a secure mechanism to create, modify, and query quota levels on a network file system (NFS) mounted by use of the VERITAS File SystemJ software. The client software resides on an internal secure computer with a secure Web interface; one can gain access to the client software from any authorized computer capable of running web-browser software. The server software resides on a UNIX computer configured with the VERITAS software system. Directories where VERITAS quotas are applied are NFS-mounted. Another program is a Web-based, client/server Internet Protocol (IP) address tool that facilitates maintenance lookup of information about IP addresses for a network of computers.

A New Approach to Understanding Information Assurance

NASA Astrophysics Data System (ADS)

Blyth, Andrew; Williams, Colin; Bryant, Ian; Mattinson, Harvey

The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include Non-Repudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modern use of computing has generated. Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

Sensor data security level estimation scheme for wireless sensor networks.

PubMed

Ramos, Alex; Filho, Raimir Holanda

2015-01-19

Due to their increasing dissemination, wireless sensor networks (WSNs) have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL) that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE), a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates.

Sensor Data Security Level Estimation Scheme for Wireless Sensor Networks

PubMed Central

Ramos, Alex; Filho, Raimir Holanda

2015-01-01

Due to their increasing dissemination, wireless sensor networks (WSNs) have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL) that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE), a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates. PMID:25608215

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Cybersecurity Public Awareness Act of 2013

THOMAS, 113th Congress

Sen. Whitehouse, Sheldon [D-RI

2013-10-31

Senate - 10/31/2013 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

On detection and visualization techniques for cyber security situation awareness

NASA Astrophysics Data System (ADS)

Yu, Wei; Wei, Shixiao; Shen, Dan; Blowers, Misty; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe; Zhang, Hanlin; Lu, Chao

2013-05-01

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

Theoretical Interpretation of the Fluorescence Spectra of Toluene and P- Cresol

DTIC Science & Technology

1994-07-01

NUMBER OF PAGES Toluene Geometrica 25 p-Cresol Fluorescence Is. PRICE CODE Spectra 17. SECURITY CLASSIFICATION 13. SECURITY CLASSIFICATION 19...State Frequencies of Toluene ................ 19 6 Computed and exp" Ground State Frequencies of p-Cresol ............... 20 7 Correction Factors for...Computed Ground State Vibrational Frequencies ....... 21 8 Computed and Corrected Excited State Frequencies of Toluene ............. 22 9 Computed and

An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

ERIC Educational Resources Information Center

Bergart, Jeffrey G.; And Others

This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

17 CFR 171.4 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 171.4 Section 171.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... computing any period of time prescribed by these rules or allowed by the Commission, the day of the act...

17 CFR 12.5 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 12.5 Section 12.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... general. In computing any period of time prescribed by these rules or allowed by the Commission, the...

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

75 FR 68396 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

78 FR 16564 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0073] Privacy Act of 1974, as Amended...

78 FR 12127 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... 1310 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0007] Privacy Act of 1974, as Amended...

75 FR 51154 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... 1310 AGENCY: Social Security Administration (SSA) ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0035] Privacy Act of 1974, as Amended...

78 FR 69926 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0059] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

76 FR 21091 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0022] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

Simulation of Attacks for Security in Wireless Sensor Network.

PubMed

Diaz, Alvaro; Sanchez, Pablo

2016-11-18

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node's software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Video-Based Eye Tracking to Detect the Attention Shift: A Computer Classroom Context-Aware System

ERIC Educational Resources Information Center

Kuo, Yung-Lung; Lee, Jiann-Shu; Hsieh, Min-Chai

2014-01-01

Eye and head movements evoked in response to obvious visual attention shifts. However, there has been little progress on the causes of absent-mindedness so far. The paper proposes an attention awareness system that captures the conditions regarding the interaction of eye gaze and head pose under various attentional switching in computer classroom.…

Intelligent Context-Aware and Adaptive Interface for Mobile LBS

PubMed Central

Liu, Yanhong

2015-01-01

Context-aware user interface plays an important role in many human-computer Interaction tasks of location based services. Although spatial models for context-aware systems have been studied extensively, how to locate specific spatial information for users is still not well resolved, which is important in the mobile environment where location based services users are impeded by device limitations. Better context-aware human-computer interaction models of mobile location based services are needed not just to predict performance outcomes, such as whether people will be able to find the information needed to complete a human-computer interaction task, but to understand human processes that interact in spatial query, which will in turn inform the detailed design of better user interfaces in mobile location based services. In this study, a context-aware adaptive model for mobile location based services interface is proposed, which contains three major sections: purpose, adjustment, and adaptation. Based on this model we try to describe the process of user operation and interface adaptation clearly through the dynamic interaction between users and the interface. Then we show how the model applies users' demands in a complicated environment and suggested the feasibility by the experimental results. PMID:26457077

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Securing Secrets and Managing Trust in Modern Computing Applications

ERIC Educational Resources Information Center

Sayler, Andy

2016-01-01

The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control…

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

Security Meets Real-World Computing. Building Digital Libraries

ERIC Educational Resources Information Center

Huwe, Terence K.

2005-01-01

The author of this column describes several instances in which secure data on computers were compromised. In each of these instances, a different route was involved in gaining access to the secure data--one by office-based theft, one by hacking, and one by burglary. Is is proposed that the most difficult factor to guarantee in the protection of…

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

ERIC Educational Resources Information Center

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

Technologies for distributed defense

NASA Astrophysics Data System (ADS)

Seiders, Barbara; Rybka, Anthony

2002-07-01

For Americans, the nature of warfare changed on September 11, 2001. Our national security henceforth will require distributed defense. One extreme of distributed defense is represented by fully deployed military troops responding to a threat from a hostile nation state. At the other extreme is a country of 'citizen soldiers', with families and communities securing their common defense through heightened awareness, engagement as good neighbors, and local support of and cooperation with local law enforcement, emergency and health care providers. Technologies - for information exploitation, biological agent detection, health care surveillance, and security - will be critical to ensuring success in distributed defense.

A Multi-Temporal Context-Aware System for Competences Management

ERIC Educational Resources Information Center

Rosa, João H.; Barbosa, Jorge L.; Kich, Marcos; Brito, Lucas

2015-01-01

The evolution of computing technology and wireless networks has contributed to the miniaturization of mobile devices and their increase in power, providing services anywhere and anytime. In this scenario, applications have considered the user's contexts to make decisions (Context Awareness). Context-aware applications have enabled new…

Database Design Methodology and Database Management System for Computer-Aided Structural Design Optimization.

DTIC Science & Technology

1984-12-01

52242 Prepared for the AIR FORCE OFFICE OF SCIENTIFIC RESEARCH Under Grant No. AFOSR 82-0322 December 1984 ~ " ’w Unclassified SECURITY CLASSIFICATION4...OF THIS PAGE REPORT DOCUMENTATION PAGE is REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS Unclassified None 20 SECURITY CLASSIFICATION...designer .and computer- are 20 DIiRIBUTION/AVAILABI LIT Y 0P ABSTR4ACT 21 ABSTRACT SECURITY CLASSIFICA1ONr UNCLASSIFIED/UNLIMITED SAME AS APT OTIC USERS

Joint the Center for Applied Scientific Computing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gamblin, Todd; Bremer, Timo; Van Essen, Brian

The Center for Applied Scientific Computing serves as Livermore Lab’s window to the broader computer science, computational physics, applied mathematics, and data science research communities. In collaboration with academic, industrial, and other government laboratory partners, we conduct world-class scientific research and development on problems critical to national security. CASC applies the power of high-performance computing and the efficiency of modern computational methods to the realms of stockpile stewardship, cyber and energy security, and knowledge discovery for intelligence applications.

Validating a Method for Enhanced Communications and Situational Awareness at the Incident Command Level

DTIC Science & Technology

2006-03-01

operations, and other applications for the MITOC that are beneficial to national security. It will illustrate how the concept was validated by the...of the potential impact on funding, a concern was noted in discussion among members of the National Emergency Management Association (NEMA) in their...This concept of a “virtual” Homeland Security-focused National Laboratory was comprised of the combined resources of the public and private

Secure and QoS-Managed Information Exchange Between Enterprise and Constrained Environments

DTIC Science & Technology

2014-01-01

systems and enterprise services during mission operation can enable greater situational awareness and empowerment for the tactical user . For example...April 01, 2007. [17] Robbins, D., Unmanned Aircraft Operational Integration using MITRE’s Cursor on Target, The Edge, Volume 10, Number 2, MITRE...appropriate level of security protection and quality of service (QoS) for the tactical users is one possibility. Such an approach is not cost ef

The Electronic Intrusion Threat to National Security and Emergency Preparedness (NS/EP) Telecommunications. An Awareness Document

DTIC Science & Technology

1999-03-01

Responsibilities, a national security emergency is “any occurrence, including natural disaster, military attack, technological emergency, or other...in information systems increase in Russia, “the growing role of information- technology warfare is rapidly lowering the barrier between war and peace...waging war. As one Russian military theorist stated, “it is necessary to place paramount importance on technological indicators of new weapons, which are

The New Wild West: Military Support in Border Security Operations

DTIC Science & Technology

2012-06-08

military service members from being used to enforce the laws of the United States unless expressly authorized by the United States Constitution or the...cartels constitute a significant threat to United States national security that cannot be defeated or deterred by law enforcement methods alone in order...Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law , no person shall be subject to any penalty for

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-04-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-01-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

Hospital security: strengthening the weakest link--forensic patients.

PubMed

Lashley, Joel

2008-01-01

In this article, reprinted with permission from CorrectionsOne.com, the online resource for the Corrections community, the author focuses on the responsibility of the hospital, its security department, and its healthcare staff when a forensic prisoner is brought in for treatment. Hospitals are responsible for all of their patients, he says, and as such, have every right to ask how much of a danger a given patient presents to their facility, and whether they should insist on a higher level of security. To avoid the tragic occurrences which have all to often taken place when forensic prisoners try to escape, hospitals should require their own security department to liaison with all agencies that maintain custody of patients inside their facility in order to assess any related security risks--and offer appropriate support. Even unarmed healthcare security personnel need to receive training in weapons retention and control, and all healthcare staff should be versed in tactical awareness.

Protecting genomic data analytics in the cloud: state of the art and opportunities.

PubMed

Tang, Haixu; Jiang, Xiaoqian; Wang, Xiaofeng; Wang, Shuang; Sofia, Heidi; Fox, Dov; Lauter, Kristin; Malin, Bradley; Telenti, Amalio; Xiong, Li; Ohno-Machado, Lucila

2016-10-13

The outsourcing of genomic data into public cloud computing settings raises concerns over privacy and security. Significant advancements in secure computation methods have emerged over the past several years, but such techniques need to be rigorously evaluated for their ability to support the analysis of human genomic data in an efficient and cost-effective manner. With respect to public cloud environments, there are concerns about the inadvertent exposure of human genomic data to unauthorized users. In analyses involving multiple institutions, there is additional concern about data being used beyond agreed research scope and being prcoessed in untrused computational environments, which may not satisfy institutional policies. To systematically investigate these issues, the NIH-funded National Center for Biomedical Computing iDASH (integrating Data for Analysis, 'anonymization' and SHaring) hosted the second Critical Assessment of Data Privacy and Protection competition to assess the capacity of cryptographic technologies for protecting computation over human genomes in the cloud and promoting cross-institutional collaboration. Data scientists were challenged to design and engineer practical algorithms for secure outsourcing of genome computation tasks in working software, whereby analyses are performed only on encrypted data. They were also challenged to develop approaches to enable secure collaboration on data from genomic studies generated by multiple organizations (e.g., medical centers) to jointly compute aggregate statistics without sharing individual-level records. The results of the competition indicated that secure computation techniques can enable comparative analysis of human genomes, but greater efficiency (in terms of compute time and memory utilization) are needed before they are sufficiently practical for real world environments.

Secure Cloud Computing Implementation Study For Singapore Military Operations

DTIC Science & Technology

2016-09-01

COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS by Lai Guoquan September 2016 Thesis Advisor: John D. Fulp Co-Advisor...DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SECURE CLOUD COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS 5. FUNDING NUMBERS...addition, from the military perspective, the benefits of cloud computing were analyzed from a study of the U.S. Department of Defense. Then, using

Grid Computing: Topology-Aware, Peer-to-Peer, Power-Aware, and Embedded Web Services

DTIC Science & Technology

2003-09-22

Dist Simulation • Time Management enables temporal causality to be enforced in Distributed Simulations • Typically enforced via a Lower Bound Time...algorithm • Distinguished Root Node Algorithm developed as a topology-aware time management service – Relies on a tree from end-hosts to a

3 CFR 8429 - Proclamation 8429 of October 1, 2009. National Information Literacy Awareness Month, 2009

Code of Federal Regulations, 2010 CFR

2010-01-01

... communication technologies, including computers and mobile devices that can help in our day-to-day... Information Literacy Awareness Month, 2009 8429 Proclamation 8429 Presidential Documents Proclamations Proclamation 8429 of October 1, 2009 Proc. 8429 National Information Literacy Awareness Month, 2009By the...

Design and evaluation of security multimedia warnings for children's smartphones

NASA Astrophysics Data System (ADS)

Menzel, Wiebke; Tuchscheerer, Sven; Fruth, Jana; Kraetzer, Christian; Dittmann, Jana

2012-02-01

This article describes primarily the development and empiric validation of a design for security warning messages on smartphones for primary school children (7-10 years old). Our design approach for security warnings for children uses a specific character and is based on recommendations of a paediatrician expert. The design criteria are adapted to children's skills, e.g. their visual, acoustic, and haptic perception and their literacy. The developed security warnings are prototypically implemented in an iOS application (on the iPhone 3G/4G) where children are warned by a simulated anti-malware background service, while they are busy with another task. For the evaluation we select methods for empiric validation of the design approach from the field of usability testing ("think aloud" test, questionnaires, log-files, etc.). Our security warnings prototype is evaluated in an empiric user study with 13 primary school children, aged between 8 and 9 years and of different gender (5 girls, 8 boys). The evaluation analysis shows, that nearly all children liked the design of our security warnings. Surprisingly, on several security warning messages most of the children react in the right way after reading the warning, although the meaning couldn't be interpreted in the right way. Another interesting result is, that several children relate specific information, e.g. update, to a specific character. Furthermore, it could be seen that most of the primary school test candidates have little awareness of security threats on smartphones. It is a very strong argument to develop e.g. tutorials or websites in order to raise awareness and teach children how to recognize security threats and how to react to them. Our design approach of security warnings for children's smartphones can be a basis for warning on other systems or applications like tutorials, which are used by children. In a second investigation, we focus on webpages, designed for children since smartphones and webpages (the services behind) are more and more interconnected. From this point of view those services should continue the securityapproaches for children's smartphones. The webservices were evaluated among different criteria, e.g. data protection. The results of a first investigation are reported in this paper.