Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate Cyberespionage

DTIC Science & Technology

2012-06-01

keys: Data Breach at the Pentagon’s Largest Supplier,” ITNEWS (30 May 2011). 116 Christopher Drew and John Markoff, “ Data Breach at Security Firm...117 Drew and Markoff, “ Data Breach at Security Firm Linked to Attack on Lockheed Martin.” 118 Hjortdal, “China’s Use of Cyber...John Markoff. “ Data Breach at Security Firm Linked to Attack on Lockheed Martin.” The New York Times, 27 May 2011. http://www.nytimes.com/2011/05/28

Teaching Case: Security Breach at Target

ERIC Educational Resources Information Center

Plachkinova, Miloslava; Maurer, Chris

2018-01-01

This case study follows the security breach that affected Target at the end of 2013 and resulted in the loss of financial data for over 70 million customers. The case provides an overview of the company and describes the reasons that led to one of the biggest security breaches in history. It offers a discussion on Target's vendor management…

Cheating in OSCEs: The Impact of Simulated Security Breaches on OSCE Performance.

PubMed

Gotzmann, Andrea; De Champlain, André; Homayra, Fahmida; Fotheringham, Alexa; de Vries, Ingrid; Forgie, Melissa; Pugh, Debra

2017-01-01

Construct: Valid score interpretation is important for constructs in performance assessments such as objective structured clinical examinations (OSCEs). An OSCE is a type of performance assessment in which a series of standardized patients interact with the student or candidate who is scored by either the standardized patient or a physician examiner. In high-stakes examinations, test security is an important issue. Students accessing unauthorized test materials can create an unfair advantage and lead to examination scores that do not reflect students' true ability level. The purpose of this study was to assess the impact of various simulated security breaches on OSCE scores. Seventy-six 3rd-year medical students participated in an 8-station OSCE and were randomized to either a control group or to 1 of 2 experimental conditions simulating test security breaches: station topic (i.e., providing a list of station topics prior to the examination) or egregious security breach (i.e., providing detailed content information prior to the examination). Overall total scores were compared for the 3 groups using both a one-way between-subjects analysis of variance and a repeated measure analysis of variance to compare the checklist, rating scales, and oral question subscores across the three conditions. Overall total scores were highest for the egregious security breach condition (81.8%), followed by the station topic condition (73.6%), and they were lowest for the control group (67.4%). This trend was also found with checklist subscores only (79.1%, 64.9%, and 60.3%, respectively for the security breach, station topic, and control conditions). Rating scale subscores were higher for both the station topic and egregious security breach conditions compared to the control group (82.6%, 83.1%, and 77.6%, respectively). Oral question subscores were significantly higher for the egregious security breach condition (88.8%) followed by the station topic condition (64.3%), and they were the lowest for the control group (48.6%). This simulation of different OSCE security breaches demonstrated that student performance is greatly advantaged by having prior access to test materials. This has important implications for medical educators as they develop policies and procedures regarding the safeguarding and reuse of test content.

Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

ERIC Educational Resources Information Center

Coronado, Adolfo S.

2012-01-01

Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

An Examination of the Explicit Costs of Sensitive Information Security Breaches

ERIC Educational Resources Information Center

Toe, Cleophas Adeodat

2013-01-01

Data security breaches are categorized as loss of information that is entrusted in an organization by its customers, partners, shareholders, and stakeholders. Data breaches are significant risk factors for companies that store, process, and transmit sensitive personal information. Sensitive information is defined as confidential or proprietary…

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Impact of Security Awareness Programs on End-User Security Behavior: A Quantitative Study of Federal Workers

ERIC Educational Resources Information Center

Smith, Gwendolynn T.

2012-01-01

The increasing dependence on technology presented more vulnerability to security breaches of information and the need to assess security awareness levels in federal organizations, as well as other organizations. Increased headlines of security breaches of federal employees' security actions prompted this study. The research study reviewed the…

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2012-07-01 2012-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2014-07-01 2014-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2013-07-01 2013-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2011-07-01 2011-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

76 FR 64813 - Electronic Prescriptions for Controlled Substances Clarification

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-19

... employees' laptop computers and employee's mobile devices.\\9\\ Numerous recent news articles describe...,'' Office of Applied Studies, 2010 (NSDUH Series H-38A, HHS Publication No. SMA 10-4856), http://www.oas..., ``2009 Parents and Teens Attitude Tracking Study Report'' March 2, 2010. Increased Security Breaches...

Securing Information in the Healthcare Industry: Network Security, Incident Management, and Insider Threat

DTIC Science & Technology

2010-09-23

Chris, ―An Analysis of Breaches Affecting 500 or More Individuals in Healthcare‖, HITRUST, August 2010. 2. ―2009 Annual Study: Cost of a Data Breach ,‖ Ponemon...penalties for willful neglect • Loss of human life? — While many concerns focus on a data breach , some vulnerabilities can be more severe

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Data breach. 75.113 Section 75.113 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach...

A Quantitative Analysis of the Relationship between Computer Self-Efficacy and Misuse Intention

ERIC Educational Resources Information Center

Desire, Jean Ronald

2017-01-01

Intention to misuse information systems (IS) is a growing problem where employees of organizations are contributors to successful IS security breaches. Misuse of IS resources in organizations in the healthcare and pharmaceutical industries can affect patient care. Researchers investigated factors that influence changes in behavior regarding…

Defeating Insider Attacks via Autonomic Self-Protective Networks

ERIC Educational Resources Information Center

Sibai, Faisal M.

2012-01-01

There has been a constant growing security concern with insider attacks on network accessible computer systems. Users with power credentials can do almost anything they want with the systems they own with very little control or oversight. Most breaches occurring nowadays by power users are considered legitimate access and not necessarily…

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 47 Telecommunication 3 2011-10-01 2011-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 3 2010-10-01 2010-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2012-10-01 2012-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

Vehicle assisted harpoon breaching tool

DOEpatents

Pacheco, James E [Albuquerque, NM; Highland, Steven E [Albuquerque, NM

2011-02-15

A harpoon breaching tool that allows security officers, SWAT teams, police, firemen, soldiers, or others to forcibly breach metal doors or walls very quickly (in a few seconds), without explosives. The harpoon breaching tool can be mounted to a vehicle's standard receiver hitch.

Breach to Nowhere

ERIC Educational Resources Information Center

Schaffhauser, Dian

2009-01-01

Will that data breach be the end of a chief security officer (CSO)? Managing information security in higher education requires more than just technical expertise, especially when the heat is cranked up. This article takes a look at how two CSOs deal with hack attacks at their universities. When Purdue University Chief Information Security Officer…

Data security101: avoiding the list.

PubMed

Perna, Gabriel

2012-01-01

Thanks to the rampant digitization of healthcare data, breaches have become commonplace in an industry that lacks advanced security practices. In this industry-wide report, those who have dealt with breaches implore others to shore up internal security practices and be transparent. As one CIO keenly notes, "we're all in this together."

The Myth about IT Security

ERIC Educational Resources Information Center

Oblinger, Diana G.; Hawkins, Brian L.

2006-01-01

Seeing an institution's name in the headlines for a security breach may be among a CIO's-- and a president's--worst nightmares. Whether the breached data involves social security numbers, credit card accounts, clinical records, or research, this is bad news. Federal agencies that provide research funding may lose confidence in data integrity,…

Breach Risk Magnitude: A Quantitative Measure of Database Security.

PubMed

Yasnoff, William A

2016-01-01

A quantitative methodology is described that provides objective evaluation of the potential for health record system breaches. It assumes that breach risk increases with the number of potential records that could be exposed, while it decreases when more authentication steps are required for access. The breach risk magnitude (BRM) is the maximum value for any system user of the common logarithm of the number of accessible database records divided by the number of authentication steps needed to achieve such access. For a one million record relational database, the BRM varies from 5.52 to 6 depending on authentication protocols. For an alternative data architecture designed specifically to increase security by separately storing and encrypting each patient record, the BRM ranges from 1.3 to 2.6. While the BRM only provides a limited quantitative assessment of breach risk, it may be useful to objectively evaluate the security implications of alternative database organization approaches.

Recognizing and reducing risks: HIPAA privacy and security enforcement.

PubMed

Wachler, Andrew B; Fehn, Amy K

2003-01-01

With the passing of the Health Insurance Portability and Accountability Act (HIPAA) privacy rule deadline and the security rule deadline looming, many covered entities are left wondering if they are doing enough to prevent privacy and security breaches and what type of exposure their organization could face in the event of a breach.

Trusted Storage: Putting Security and Data Together

NASA Astrophysics Data System (ADS)

Willett, Michael; Anderson, Dave

State and Federal breach notification legislation mandates that the affected parties be notified in case of a breach of sensitive personal data, unless the data was provably encrypted. Self-encrypting hard drives provide the superior solution for encrypting data-at-rest when compared to software-based solutions. Self-encrypting hard drives, from the laptop to the data center, have been standardized across the hard drive industry by the Trusted Computing Group. Advantages include: simplified management (including keys), no performance impact, quick data erasure and drive re-purposing, no interference with end-to-end data integrity metrics, always encrypting, no cipher-text exposure, and scalability in large data centers.

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2014 CFR

2014-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2012 CFR

2012-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2013 CFR

2013-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2011 CFR

2011-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

Can EHRs and HIEs get along with HIPAA security requirements?

PubMed

Sarrico, Christine; Hauenstein, Jim

2011-02-01

For Enloe Medical Center in California, a good-faith effort to self-report a breach in the privacy of a patient's medical record resulted in a six-figure fine imposed by a state regulatory agency. Hospitals face a "catch-22" situation in responding to the conflicting mandates of developing electronic health records that allow information sharing across institutions versus ensuring absolute protection and security of patients' individual health information. Some industry analysts suggest that the sanctions for security breaches such as the one experienced by Enloe will have the unintended effect of discouraging self-reporting of breaches.

14 CFR 1274.936 - Breach of safety or security.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Breach of safety or security. 1274.936 Section 1274.936 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION COOPERATIVE... following: compromise of classified information; illegal technology transfer; workplace violence resulting...

Predicting Vulnerability Risks Using Software Characteristics

ERIC Educational Resources Information Center

Roumani, Yaman

2012-01-01

Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

Securing the Next Ripple in Information Security: The Defense Industrial Base (DIB)

DTIC Science & Technology

2012-06-14

Cybersecurity model for the DIB needs to be more preventative rather than responsive and a model should stress continuous improvement. In a 2012 data breach investigation...of what they do, but most become a target because of what they do (or don’t do)”, in the 2011 Data Breach Investigations Report. Therefore the...txt Verizon Risk Team (2012). Data Breach Investigations Report. Verizon Business, March 2012. http://www.verizonbusiness.com/resources

Learning the Lessons and Moving Ahead

ERIC Educational Resources Information Center

Grush, Mary

2007-01-01

Despite intensive security measures, institutions are still suffering breaches--sometimes quite painful and costly ones. After a major breach was reported at UCLA this past November, the author spoke with "Educause" security expert Rodney Petersen, to get his perspective and advice for higher education leadership. This article presents…

Security and Correctness Analysis on Privacy-Preserving k-Means Clustering Schemes

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

What caused the breach? An examination of use of information technology and health data breaches.

PubMed

Wikina, Suanu Bliss

2014-01-01

Data breaches arising from theft, loss, unauthorized access/disclosure, improper disclosure, or hacking incidents involving personal health information continue to increase every year. As of September 2013, reported breaches affecting individuals reached close to 27 million since 2009, when compilation of records on breaches began. These breaches, which involved 674 covered entities and 153 business associates, involved computer systems and networks, desktop computers, laptops, paper, e-mail, electronic health records, and removable/portable devices (CDs, USBs, x-ray films, backup tapes, etc.). Even with the increased use of health information technology by health institutions and allied businesses, theft and loss (not hacking) constitute the major types of data breaches encountered. Removable/portable devices, desktop computers, and laptops were the top sources or locations of the breached information, while the top six states-Virginia, Illinois, California, Florida, New York, and Tennessee-in terms of the number of reported breaches accounted for nearly 75 percent of the total individual breaches, 33 percent of breaches in covered entities, and about 30 percent of the total breaches involving business associates.

What Caused the Breach? An Examination of Use of Information Technology and Health Data Breaches

PubMed Central

Wikina, Suanu Bliss

2014-01-01

Data breaches arising from theft, loss, unauthorized access/disclosure, improper disclosure, or hacking incidents involving personal health information continue to increase every year. As of September 2013, reported breaches affecting individuals reached close to 27 million since 2009, when compilation of records on breaches began. These breaches, which involved 674 covered entities and 153 business associates, involved computer systems and networks, desktop computers, laptops, paper, e-mail, electronic health records, and removable/portable devices (CDs, USBs, x-ray films, backup tapes, etc.). Even with the increased use of health information technology by health institutions and allied businesses, theft and loss (not hacking) constitute the major types of data breaches encountered. Removable/portable devices, desktop computers, and laptops were the top sources or locations of the breached information, while the top six states—Virginia, Illinois, California, Florida, New York, and Tennessee—in terms of the number of reported breaches accounted for nearly 75 percent of the total individual breaches, 33 percent of breaches in covered entities, and about 30 percent of the total breaches involving business associates. PMID:25593574

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

38 CFR 75.118 - Other credit protection services.

Code of Federal Regulations, 2014 CFR

2014-07-01

... harm. (c) The Secretary will take action to obtain data mining and data breach analyses services, as... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.118 Other credit protection services. (a) With... relevant credit bureau reports; (2) Data breach analysis; (3) Fraud resolution services, including writing...

38 CFR 75.118 - Other credit protection services.

Code of Federal Regulations, 2013 CFR

2013-07-01

... harm. (c) The Secretary will take action to obtain data mining and data breach analyses services, as... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.118 Other credit protection services. (a) With... relevant credit bureau reports; (2) Data breach analysis; (3) Fraud resolution services, including writing...

38 CFR 75.118 - Other credit protection services.

Code of Federal Regulations, 2012 CFR

2012-07-01

... harm. (c) The Secretary will take action to obtain data mining and data breach analyses services, as... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.118 Other credit protection services. (a) With... relevant credit bureau reports; (2) Data breach analysis; (3) Fraud resolution services, including writing...

38 CFR 75.118 - Other credit protection services.

Code of Federal Regulations, 2010 CFR

2010-07-01

... harm. (c) The Secretary will take action to obtain data mining and data breach analyses services, as... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.118 Other credit protection services. (a) With... relevant credit bureau reports; (2) Data breach analysis; (3) Fraud resolution services, including writing...

38 CFR 75.118 - Other credit protection services.

Code of Federal Regulations, 2011 CFR

2011-07-01

... harm. (c) The Secretary will take action to obtain data mining and data breach analyses services, as... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.118 Other credit protection services. (a) With... relevant credit bureau reports; (2) Data breach analysis; (3) Fraud resolution services, including writing...

An Analysis of Data Breach Notifications as Negative News

ERIC Educational Resources Information Center

Veltsos, Jennifer R.

2012-01-01

Forty-six states require organizations to notify users when personally identifiable information has been exposed or when the organization's data security measures have been breached. This article describes a qualitative document analysis of 13 data breach notification templates from state and federal agencies. The results confirm much of the…

Just in Time Research: Data Breaches in Higher Education

ERIC Educational Resources Information Center

Grama, Joanna

2014-01-01

This "Just in Time" research is in response to recent discussions on the EDUCAUSE Higher Education Information Security Council (HEISC) discussion list about data breaches in higher education. Using data from the Privacy Rights Clearinghouse, this research analyzes data breaches attributed to higher education. The results from this…

14 CFR § 1274.936 - Breach of safety or security.

Code of Federal Regulations, 2014 CFR

2014-01-01

... environment. Safety is essential to NASA and is a material part of this contract. NASA's safety priority is to... Occupational Safety and Health Administration (OSHA) or by a state agency operating under an OSHA approved plan... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Breach of safety or security. § 1274.936...

Breaches of health information: are electronic records different from paper records?

PubMed

Sade, Robert M

2010-01-01

Breaches of electronic medical records constitute a type of healthcare error, but should be considered separately from other types of errors because the national focus on the security of electronic data justifies special treatment of medical information breaches. Guidelines for protecting electronic medical records should be applied equally to paper medical records.

Cyber Intrusion into U.S. Office of Personnel Management: In Brief

DTIC Science & Technology

2015-07-17

has been taken offline for “security enhancements.”6 Notably, as is common with data breaches , available information on the recent OPM breach...developments remains incomplete. Assumptions about the nature, origins, extent, and implications of the data breach may change, and some media reporting...Congress, House Committee on Oversight and Government Reform, OPM: Data Breach , 114th Cong., 1st sess., June 16, 2015; U.S. Congress, House Committee

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Medico legal issues.

PubMed

Mackenzie, Geraldine; Carter, Hugh

2010-01-01

This chapter gives an educational overview of: * An awareness of the legal issues involved in health informatics * The need for the privacy and security of the patient record * The legal consequences of a breach of the security of the patient record * The concept of privacy law and what precautions ought to be taken to minimize legal liability for a breach of privacy and/or confidentiality.

Fully integrated automated security surveillance system: managing a changing world through managed technology and product applications

NASA Astrophysics Data System (ADS)

Francisco, Glen; Brown, Todd

2012-06-01

Integrated security systems are essential to pre-empting criminal assaults. Nearly 500,000 sites have been identified (source: US DHS) as critical infrastructure sites that would suffer severe damage if a security breach should occur. One major breach in any of 123 U.S. facilities, identified as "most critical", threatens more than 1,000,000 people. The vulnerabilities of critical infrastructure are expected to continue and even heighten over the coming years.

Privacy, security, and the public health researcher in the era of electronic health record research

PubMed Central

Sarwate, Anand D.

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools. PMID:28210428

Privacy, security, and the public health researcher in the era of electronic health record research.

PubMed

Goldstein, Neal D; Sarwate, Anand D

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

CrossTalk. The Journal of Defense Software Engineering. Volume 24, Number 5, Sep/Oct 2011

DTIC Science & Technology

2011-09-01

Reduced security risks to data and information systems • Improved compliance • Reduction in the consequences of data breaches . In turn, these...applications do not generate the most useful data in the first place [1]. So many major data breaches reportedly occur without the knowledge of their...the need for such information. According to the Verizon Business 2010 Data Breach Investiga- tions Report [6], a large percentage of total breaches

Risk Assessment Planning for Airborne Systems: An Information Assurance Failure Mode, Effects and Criticality Analysis Methodology

DTIC Science & Technology

2012-06-01

Visa Investigate Data Breach March 30, 2012 Visa and MasterCard are investigating whether a data security breach at one of the main companies that...30). MasterCard and Visa Investigate Data Breach . New York Times . Stamatis, D. (2003). Failure Mode Effect Analysis: FMEA from Theory to Execution

A physician's role following a breach of electronic health information.

PubMed

Kim, Daniel; Schleiter, Kristin; Crigger, Bette-Jane; McMahon, John W; Benjamin, Regina M; Douglas, Sharon P

2010-01-01

The Council on Ethical and Judicial Affairs of the American Medical Association examines physicians' professional ethical responsibility in the event that the security of patients' electronic records is breached.

Security system

DOEpatents

Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

2016-02-02

A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

Combat Simulation Using Breach Computer Language

DTIC Science & Technology

1979-09-01

simulation and weapon system analysis computer language Two types of models were constructed: a stochastic duel and a dynamic engagement model The... duel model validates the BREACH approach by comparing results with mathematical solutions. The dynamic model shows the capability of the BREACH...BREACH 2 Background 2 The Language 3 Static Duel 4 Background and Methodology 4 Validation 5 Results 8 Tank Duel Simulation 8 Dynamic Assault Model

Data security and patient confidentiality: the manager's role.

PubMed

Fisher, F; Madge, B

1996-10-01

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their 'need to know' clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients consent, except in a legally allowable situation, should be a statutory offence.

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

CSIRT Requirements for Situational Awareness

DTIC Science & Technology

2014-01-25

deepsight-products http://www.symantec.com/security_response/publications/threatreport.jsp Verizon Verizon produces an annual data breach report...impact studies to the differences between malicious versus non-malicious data breaches . Ponemon also offers con- sulting services. Ponemon also

The Vulnerability of Social Networking Media and the Insider Threat: New Eyes for Bad Guys

DTIC Science & Technology

2011-09-01

purchased the best security technologies that money can buy...(and still be) totally vulnerable” (Mitnick, 2002). According to the 2011 Data Breach Investigations...Report, for data breach avenues that used social engineering methods, criminals are increasingly relying on direct contact with a...Spitler, M. (2011). 2011 Data breach investigations report. New York: Verizon Business. Bishop, M., Engle, S., Peisert, S., Whalen, S., & Gates, C

Information Security Is a Business Continuity Issue: Are You Ready

DTIC Science & Technology

2015-05-09

and data files • Legal - Employees have filed four lawsuits against the company for not protecting their data • Breach Expenses - In its first quarter...incidents into their planning, testing, and execution processes. 28© 2015 Carnegie Mellon University Factors Affecting Cost of Data Breach SOURCE: Ponemon...2014 Cost of Data Breach Study Per Capita Cost 29© 2015 Carnegie Mellon University Thank you for your attention.

Identity Theft and Protecting Service Member’s Social Security Numbers

DTIC Science & Technology

2009-04-01

AND ENDNOTES……………………………………………………………….39 iv List of Tables Table 1: Reports of Data Breaches 2006-2008…………………………………………………25 v AU/ACSC... data breach such as that in the VA as well as the GAO report, it is that individuals must be vigilant in protecting their information. Knowing the...breach totals from 2006 to 2008. From 2006 to 2008 government database breaches decreased by 50%. Table 1: Reports of Data Breaches 2006-2008

45 CFR 164.400 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.400 Applicability. The requirements of this subpart shall apply with respect to breaches of protected health...

45 CFR 164.400 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.400 Applicability. The requirements of this subpart shall apply with respect to breaches of protected health...

Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

PubMed

Collmann, Jeff; Cooper, Ted

2007-01-01

This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions

DTIC Science & Technology

2013-06-20

originally introduced in March.19 Several other Senate bills would have addressed specific aspects of cybersecurity, such as data breaches of personal...H.R. 3674)c X X X Public awareness H.R. 756 X X X X Cybercrime law X X X Data breach notification X X Internet security...Revisions Congressional Research Service 20 Data Breach Notification. The White House Proposal and the Task Force Report would also both have set

Bigdata Driven Cloud Security: A Survey

NASA Astrophysics Data System (ADS)

Raja, K.; Hanifa, Sabibullah Mohamed

2017-08-01

Cloud Computing (CC) is a fast-growing technology to perform massive-scale and complex computing. It eliminates the need to maintain expensive computing hardware, dedicated space, and software. Recently, it has been observed that massive growth in the scale of data or big data generated through cloud computing. CC consists of a front-end, includes the users’ computers and software required to access the cloud network, and back-end consists of various computers, servers and database systems that create the cloud. In SaaS (Software as-a-Service - end users to utilize outsourced software), PaaS (Platform as-a-Service-platform is provided) and IaaS (Infrastructure as-a-Service-physical environment is outsourced), and DaaS (Database as-a-Service-data can be housed within a cloud), where leading / traditional cloud ecosystem delivers the cloud services become a powerful and popular architecture. Many challenges and issues are in security or threats, most vital barrier for cloud computing environment. The main barrier to the adoption of CC in health care relates to Data security. When placing and transmitting data using public networks, cyber attacks in any form are anticipated in CC. Hence, cloud service users need to understand the risk of data breaches and adoption of service delivery model during deployment. This survey deeply covers the CC security issues (covering Data Security in Health care) so as to researchers can develop the robust security application models using Big Data (BD) on CC (can be created / deployed easily). Since, BD evaluation is driven by fast-growing cloud-based applications developed using virtualized technologies. In this purview, MapReduce [12] is a good example of big data processing in a cloud environment, and a model for Cloud providers.

45 CFR 164.410 - Notification by a business associate.

Code of Federal Regulations, 2013 CFR

2013-10-01

... associate shall, following the discovery of a breach of unsecured protected health information, notify the... possible, the identification of each individual whose unsecured protected health information has been, or... RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health...

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

PubMed

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

42 CFR 73.14 - Incident response.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., security breaches (including information systems), severe weather and other natural disasters, workplace... locations, (10) Site security and control, (11) Procedures for emergency evacuation, including type of...

45 CFR 164.410 - Notification by a business associate.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., following the discovery of a breach of unsecured protected health information, notify the covered entity of... individual whose unsecured protected health information has been, or is reasonably believed by the business... RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health...

38 CFR 75.111 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

...) INFORMATION SECURITY MATTERS Data Breaches § 75.111 Purpose and scope. This subpart implements provisions of... Information Technology Act of 2006. It only concerns actions to address a data breach regarding sensitive personal information that is processed or maintained by VA. This subpart does not supersede the...

Security of electronic mental health communication and record-keeping in the digital age.

PubMed

Elhai, Jon D; Frueh, B Christopher

2016-02-01

The mental health field has seen a trend in recent years of the increased use of information technology, including mobile phones, tablets, and laptop computers, to facilitate clinical treatment delivery to individual patients and for record keeping. However, little attention has been paid to ensuring that electronic communication with patients is private and secure. This is despite potentially deleterious consequences of a data breach, which are reported in the news media very frequently in modern times. In this article, we present typical security concerns associated with using technology in clinical services or research. We also discuss enhancing the privacy and security of electronic communication with clinical patients and research participants. We offer practical, easy-to-use software application solutions for clinicians and researchers to secure patient communication and records. We discuss such issues as using encrypted wireless networks, secure e-mail, encrypted messaging and videoconferencing, privacy on social networks, and others. © Copyright 2015 Physicians Postgraduate Press, Inc.

Cyber crimes.

PubMed

Nuzback, Kara

2014-07-01

Since it began offering cyber liability coverage in December 2011, the Texas Medical Liability Trust has received more than 150 cyber liability claims, most of which involved breaches of electronic protected health information. TMLT's cyber liability insurance will protect practices financially should a breach occur. The insurance covers a breach notification to customers and business partners, expenses for legal counsel, information security and forensic data services, public relations support, call center and website support, credit monitoring, and identity theft restoration services.

Joint Sensor: Security Test and Evaluation Embedded in a Production Network Sensor Cloud

DTIC Science & Technology

2010-12-01

read of this year’s Verizon 2010 Data Breach Investigations Report (Baker et al. 2010) may in a sense reiterate the assumptions and propagate the...in 2002. He currently serves as the program manager for the DREN. E-mail: rcampbell@hpcmo.hpc.mil References Baker, W., et al. 2010. 2010 data breach investiga...tions report. http://www.verizonbusiness.com/resources/ reports/rp_2010- data - breach -report_en_xg.pdf (ac- cessed October 13, 2010

Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector

DTIC Science & Technology

2014-07-01

the conclusions in the Verizon Data Breach Report 2013 that 47% of malware was downloaded through e-mail at- tachments, 48% of hacking took place...the attackers pivoted onto other systems and databases and exfiltrated approximately 8.2 GB of data . BREACH : Accessing an employee account via a...Symantec. “Internet Security Threat Report 2014.” 2013 Trends 19 (April 2014). Symantec Cor- poration. [Verizon 2013] Verizon. 2013 Data Breach Investigations

USDOT guidance summary for connected vehicle pilot site deployments: security operational concept : final report.

DOT National Transportation Integrated Search

2016-07-01

This document provides guidance material in regards to security for the CV Pilots Deployment Concept Development Phase. An approach for developing the security operational concept is presented based on identifying the impacts of security breaches reg...

45 CFR 164.408 - Notification to the Secretary.

Code of Federal Regulations, 2013 CFR

2013-10-01

... REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information... of a breach of unsecured protected health information as provided in § 164.404(a)(2), notify the... unsecured protected health information involving 500 or more individuals, a covered entity shall, except as...

45 CFR 164.408 - Notification to the Secretary.

Code of Federal Regulations, 2012 CFR

2012-10-01

... REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information... of a breach of unsecured protected health information as provided in § 164.404(a)(2), notify the... unsecured protected health information involving 500 or more individuals, a covered entity shall, except as...

Role for Federal Government in Safeguarding Student Data Privacy

ERIC Educational Resources Information Center

Barnes, Khaliah; Kowalski, Paige

2016-01-01

Unsurprisingly, schools, companies, and others that have amassed student information have been unable to adequately safeguard it. They simply cannot keep up with all the data they have collected and have routinely experienced data breaches. These breaches have compromised grades, student financial information, Social Security numbers, and even…

Evaluation of Secure Computation in a Distributed Healthcare Setting.

PubMed

Kimura, Eizen; Hamada, Koki; Kikuchi, Ryo; Chida, Koji; Okamoto, Kazuya; Manabe, Shirou; Kuroda, Tomohiko; Matsumura, Yasushi; Takeda, Toshihiro; Mihara, Naoki

2016-01-01

Issues related to ensuring patient privacy and data ownership in clinical repositories prevent the growth of translational research. Previous studies have used an aggregator agent to obscure clinical repositories from the data user, and to ensure the privacy of output using statistical disclosure control. However, there remain several issues that must be considered. One such issue is that a data breach may occur when multiple nodes conspire. Another is that the agent may eavesdrop on or leak a user's queries and their results. We have implemented a secure computing method so that the data used by each party can be kept confidential even if all of the other parties conspire to crack the data. We deployed our implementation at three geographically distributed nodes connected to a high-speed layer two network. The performance of our method, with respect to processing times, suggests suitability for practical use.

Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

ERIC Educational Resources Information Center

Okolo, Nkiru Benjamin

2016-01-01

Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

Building Information Security Awareness at Wilmington University

ERIC Educational Resources Information Center

Hufe, Mark J.

2014-01-01

This executive position paper proposes recommendations for reducing the risk of a data breach at Wilmington University. A data breach could result in identity theft of students, faculty and staff, which is costly to the individual affected and costly to the University. The University has a legal and ethical obligation to provide safeguards against…

Institutionalization of Information Security: Case of the Indonesian Banking Sector

ERIC Educational Resources Information Center

Nasution, Muhamad Faisal Fariduddin Attar

2012-01-01

This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

Three Essays on Information Security Policies

ERIC Educational Resources Information Center

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Evaluating the effects of dam breach methodologies on Consequence Estimation through Sensitivity Analysis

NASA Astrophysics Data System (ADS)

Kalyanapu, A. J.; Thames, B. A.

2013-12-01

Dam breach modeling often includes application of models that are sophisticated, yet computationally intensive to compute flood propagation at high temporal and spatial resolutions. This results in a significant need for computational capacity that requires development of newer flood models using multi-processor and graphics processing techniques. Recently, a comprehensive benchmark exercise titled the 12th Benchmark Workshop on Numerical Analysis of Dams, is organized by the International Commission on Large Dams (ICOLD) to evaluate the performance of these various tools used for dam break risk assessment. The ICOLD workshop is focused on estimating the consequences of failure of a hypothetical dam near a hypothetical populated area with complex demographics, and economic activity. The current study uses this hypothetical case study and focuses on evaluating the effects of dam breach methodologies on consequence estimation and analysis. The current study uses ICOLD hypothetical data including the topography, dam geometric and construction information, land use/land cover data along with socio-economic and demographic data. The objective of this study is to evaluate impacts of using four different dam breach methods on the consequence estimates used in the risk assessments. The four methodologies used are: i) Froehlich (1995), ii) MacDonald and Langridge-Monopolis 1984 (MLM), iii) Von Thun and Gillete 1990 (VTG), and iv) Froehlich (2008). To achieve this objective, three different modeling components were used. First, using the HEC-RAS v.4.1, dam breach discharge hydrographs are developed. These hydrographs are then provided as flow inputs into a two dimensional flood model named Flood2D-GPU, which leverages the computer's graphics card for much improved computational capabilities of the model input. Lastly, outputs from Flood2D-GPU, including inundated areas, depth grids, velocity grids, and flood wave arrival time grids, are input into HEC-FIA, which provides the consequence assessment for the solution to the problem statement. For the four breach methodologies, a sensitivity analysis of four breach parameters, breach side slope (SS), breach width (Wb), breach invert elevation (Elb), and time of failure (tf), is conducted. Up to, 68 simulations are computed to produce breach hydrographs in HEC-RAS for input into Flood2D-GPU. The Flood2D-GPU simulation results were then post-processed in HEC-FIA to evaluate: Total Population at Risk (PAR), 14-yr and Under PAR (PAR14-), 65-yr and Over PAR (PAR65+), Loss of Life (LOL) and Direct Economic Impact (DEI). The MLM approach resulted in wide variability in simulated minimum and maximum values of PAR, PAR 65+ and LOL estimates. For PAR14- and DEI, Froehlich (1995) resulted in lower values while MLM resulted in higher estimates. This preliminary study demonstrated the relative performance of four commonly used dam breach methodologies and their impacts on consequence estimation.

Cybersecurity: Authoritative Reports and Resources

DTIC Science & Technology

2013-10-25

Security Technologies Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers ? July 18, 2013 Energy and Commerce Commerce ...Protect Consumers ? July 18, 2013 Energy and Commerce Oversight and Investigation Cyber Espionage and the Theft of U.S. Intellectual Property and...protection for sensitive consumer data and timely notification in case of breach June 15, 2011 Energy and Commerce Commerce , Manufacturing, and

Can Cross-Listing Mitigate the Impact of an Information Security Breach Announcement on a Firm's Values?

NASA Astrophysics Data System (ADS)

Chen, Yong; Dong, Feng; Chen, Hong; Xu, Li

2016-08-01

The increase in globalization in the markets has driven firms to adopt online technologies and to cross-list their stocks. Recent studies have consistently found that the announcements of information security breaches (ISBs) are negatively associated with the market values of the announcing firms during the days surrounding the breach announcements. Given the improvement in firms’ information environments and the better protection for investors generated by cross-listing, does cross-listing help firms to reduce the negative impacts caused by their announcements of ISBs? This paper conducts an event study of 120 publicly traded firms (among which 25 cross-list and 95 do not), in order to explore the answer. The results indicate that the impact of ISB announcements on a firm's stock prices shows no difference between cross-listing firms and non-cross-listing firms. Cross-listing does not mitigate the impact of ISBs announcement on a firm's market value.

Ethics in Public Health Research

PubMed Central

Myers, Julie; Frieden, Thomas R.; Bherwani, Kamal M.; Henning, Kelly J.

2008-01-01

Public health agencies increasingly use electronic means to acquire, use, maintain, and store personal health information. Electronic data formats can improve performance of core public health functions, but potentially threaten privacy because they can be easily duplicated and transmitted to unauthorized people. Although such security breaches do occur, electronic data can be better secured than paper records, because authentication, authorization, auditing, and accountability can be facilitated. Public health professionals should collaborate with law and information technology colleagues to assess possible threats, implement updated policies, train staff, and develop preventive engineering measures to protect information. Tightened physical and electronic controls can prevent misuse of data, minimize the risk of security breaches, and help maintain the reputation and integrity of public health agencies. PMID:18382010

Security Attacks and Solutions in Electronic Health (E-health) Systems.

PubMed

Zeadally, Sherali; Isaac, Jesús Téllez; Baig, Zubair

2016-12-01

For centuries, healthcare has been a basic service provided by many governments to their citizens. Over the past few decades, we have witnessed a significant transformation in the quality of healthcare services provided by healthcare organizations and professionals. Recent advances have led to the emergence of Electronic Health (E-health), largely made possible by the massive deployment and adoption of information and communication technologies (ICTs). However, cybercriminals and attackers are exploiting vulnerabilities associated primarily with ICTs, causing data breaches of patients' confidential digital health information records. Here, we review recent security attacks reported for E-healthcare and discuss the solutions proposed to mitigate them. We also identify security challenges that must be addressed by E-health system designers and implementers in the future, to respond to threats that could arise as E-health systems become integrated with technologies such as cloud computing, the Internet of Things, and smart cities.

Can Cyberloafing and Internet Addiction Affect Organizational Information Security?

PubMed

Hadlington, Lee; Parsons, Kathryn

2017-09-01

Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.

An Examination of Issues Surrounding Information Security in California Colleges

ERIC Educational Resources Information Center

Butler, Robert D.

2013-01-01

Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2010 CFR

2010-07-01

... postal administration; or has been submitted for approval by the provider to the Postal Service or other foreign postal administration(s). (2) All potential security weaknesses or methods of tampering with the... security breaches of the Computerized Meter Resetting System (CMRS) or databases housing confidential...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2011 CFR

2011-07-01

... postal administration; or has been submitted for approval by the provider to the Postal Service or other foreign postal administration(s). (2) All potential security weaknesses or methods of tampering with the... security breaches of the Computerized Meter Resetting System (CMRS) or databases housing confidential...

Cybersecurity in healthcare: A narrative review of trends, threats and ways forward.

PubMed

Coventry, Lynne; Branley, Dawn

2018-07-01

Electronic healthcare technology is prevalent around the world and creates huge potential to improve clinical outcomes and transform care delivery. However, there are increasing concerns relating to the security of healthcare data and devices. Increased connectivity to existing computer networks has exposed medical devices to new cybersecurity vulnerabilities. Healthcare is an attractive target for cybercrime for two fundamental reasons: it is a rich source of valuable data and its defences are weak. Cybersecurity breaches include stealing health information and ransomware attacks on hospitals, and could include attacks on implanted medical devices. Breaches can reduce patient trust, cripple health systems and threaten human life. Ultimately, cybersecurity is critical to patient safety, yet has historically been lax. New legislation and regulations are in place to facilitate change. This requires cybersecurity to become an integral part of patient safety. Changes are required to human behaviour, technology and processes as part of a holistic solution. Copyright © 2018 Elsevier B.V. All rights reserved.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

Comparing process-based breach models for earthen embankments subjected to internal erosion

USDA-ARS?s Scientific Manuscript database

Predicting the potential flooding from a dam site requires prediction of outflow resulting from breach. Conservative estimates from the assumption of instantaneous breach or from an upper envelope of historical cases are readily computed, but these estimates do not reflect the properties of a speci...

Comparison of Dam Breach Parameter Estimators

DTIC Science & Technology

2008-01-01

of the methods, when used in the HEC - RAS simulation model , produced comparable results. The methods tested suggest use of ...characteristics of a dam breach, use of those parameters within the unsteady flow routing model HEC - RAS , and the computation and display of the resulting...implementation of these breach parameters in

How Attitude toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention

ERIC Educational Resources Information Center

Johnson, David P.

2017-01-01

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human…

Mitigating Security Issues: The University of Memphis Case.

ERIC Educational Resources Information Center

Jackson, Robert; Frolick, Mark N.

2003-01-01

Studied a server security breach at the University of Memphis, Tennessee, to highlight personnel roles, detection of the compromised server, policy enforcement, forensics, and the proactive search for other servers threatened in the same way. (SLD)

Security : breaches at federal agencies and airports

DOT National Transportation Integrated Search

2000-01-01

This is the statement of Robert H. Hast, Assistance Comptroller General for Investigations, Office of Special Investigations before the Subcommittee on Crime, House Committee on the Judiciary about potential security risks to the United States. The G...

Going Beyond Compliance: A Strategic Framework for Promoting Information Security in Hospitals.

PubMed

Zandona, David J; Thompson, Jon M

In the past decade, public and private organizations have experienced a significant and alarming rise in the number of data breaches. Across all sectors, there seems to be no safe haven for the protection of information. In the health care industry, the trend is even worse. Information security is at an unbelievable low point, and it is unlikely that government oversight can fix this issue. Health care organizations have ramped up their approaches to addressing the problem; however, these initiatives are often incremental rather than transformational. Hospitals need an overall organization-wide strategy to prevent breaches from occurring and to minimize effects if they do occur. This article provides an analysis of the literature related to health information security and offers a suggested strategy for hospital administrators to follow in order to create a more secure environment for patient health information.

An Analysis of the Use of the Social Security Number as Veteran Identification as it Relates to Identity Theft; A Cost Benefit Analysis of Transitioning the Department of Defense and Veterans Administration to a Military Identification Number

DTIC Science & Technology

2007-03-01

50 million over the 2007-2011 period. However, if the VA were to experience another data breach similar to the recent incident involving 17...compromised in some manner. Excluding the recent incident, the average number of people affected by a data breach has been about 50,000. The...suggests that all of the financial losses to a company that experiences a data breach of privacy information will quickly be reflected in the stock

Comparing Information Assurance Awareness Training for End-Users: A Content Analysis Examination of Air Force and Defense Information Systems Agency User Training Modules

DTIC Science & Technology

2008-03-01

for over 18 months (Vijayan, 2007). Other retailers have felt the sting of indirect data breaches as well. In October of 2007, a backup computer tape...Information Services suffered a data breach in the form of a “rouge and dishonest employee” stealing records (The Associated Press, 2007). Most of the...infects the target computer (Keizer, 2008). 2 With the frequency of attacks and data breaches , the actual financial cost is incredibly high

The extreme risk of personal data breaches and the erosion of privacy

NASA Astrophysics Data System (ADS)

Wheatley, Spencer; Maillart, Thomas; Sornette, Didier

2016-01-01

Personal data breaches from organisations, enabling mass identity fraud, constitute an extreme risk. This risk worsens daily as an ever-growing amount of personal data are stored by organisations and on-line, and the attack surface surrounding this data becomes larger and harder to secure. Further, breached information is distributed and accumulates in the hands of cyber criminals, thus driving a cumulative erosion of privacy. Statistical modeling of breach data from 2000 through 2015 provides insights into this risk: A current maximum breach size of about 200 million is detected, and is expected to grow by fifty percent over the next five years. The breach sizes are found to be well modeled by an extremely heavy tailed truncated Pareto distribution, with tail exponent parameter decreasing linearly from 0.57 in 2007 to 0.37 in 2015. With this current model, given a breach contains above fifty thousand items, there is a ten percent probability of exceeding ten million. A size effect is unearthed where both the frequency and severity of breaches scale with organisation size like s0.6. Projections indicate that the total amount of breached information is expected to double from two to four billion items within the next five years, eclipsing the population of users of the Internet. This massive and uncontrolled dissemination of personal identities raises fundamental concerns about privacy.

Preparing Information Systems (IS) Graduates to Meet the Challenges of Global IT Security: Some Suggestions

ERIC Educational Resources Information Center

Sauls, Jeff; Gudigantala, Naveen

2013-01-01

Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are investing heavily in IT resources to keep up with the challenges of managing their IT security and…

Mobile Device Security: Perspectives of Future Healthcare Workers

PubMed Central

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority. PMID:28566992

Mobile Device Security: Perspectives of Future Healthcare Workers.

PubMed

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

Physical security, HIPPA, and the HHS wall of shame.

PubMed

Sage, April

2014-01-01

In this article, the author a healthcare IT expert, reveals what experts have discovered in analyzing HIPPA data breaches. Most are the result of theft or loss. She explains why this is so, and offers a solution--improved physical security.

The law of unintended (financial) consequences: the expansion of HIPAA business associate liability.

PubMed

Tomes, Jonathan P

2013-01-01

The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its "do wnstream" business associate breaches security or privacy, the covered entity or "upstream" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.

Barrier island vulnerability to breaching: a case study on Dauphin Island, Alabama

USGS Publications Warehouse

Hansen, Mark; Sallenger, Asbury H.

2007-01-01

Breaching of barrier islands can adversely impact society by severing infrastructure, destroying private properties, and altering water quality in back bays and estuaries. This study provides a scheme that assesses the relative vulnerability of a barrier island to breach during storms. Dauphin Island, Alabama was selected for this study because it has a well documented history of island breaches and extensive geological and geomorphic data. To assess the vulnerability of the island, we defined several variables contributing to the risk of breaching: island geology, breaching history, and island topography and geomorphology. These variables were combined to form a breaching index (BI) value for cross island computational bins, each bin every 50 m in the alongshore direction. Results suggest the eastern section of Dauphin Island has the lowest risk of breaching with the remaining portion of the island having a moderate to high risk of breaching. Two reaches in the western section of the island were found to be particularly vulnerable due primarily to their minimal cross-sectional dimensions.

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template.

PubMed

He, Ying; Johnson, Chris

2015-11-01

The recurrence of past security breaches in healthcare showed that lessons had not been effectively learned across different healthcare organisations. Recent studies have identified the need to improve learning from incidents and to share security knowledge to prevent future attacks. Generic Security Templates (GSTs) have been proposed to facilitate this knowledge transfer. The objective of this paper is to evaluate whether potential users in healthcare organisations can exploit the GST technique to share lessons learned from security incidents. We conducted a series of case studies to evaluate GSTs. In particular, we used a GST for a security incident in the US Veterans' Affairs Administration to explore whether security lessons could be applied in a very different Chinese healthcare organisation. The results showed that Chinese security professional accepted the use of GSTs and that cyber security lessons could be transferred to a Chinese healthcare organisation using this approach. The users also identified the weaknesses and strengths of GSTs, providing suggestions for future improvements. Generic Security Templates can be used to redistribute lessons learned from security incidents. Sharing cyber security lessons helps organisations consider their own practices and assess whether applicable security standards address concerns raised in previous breaches in other countries. The experience gained from this study provides the basis for future work in conducting similar studies in other healthcare organisations. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Report: EPA Lacks Processes to Validate Whether Contractors Receive Specialized Role-Based Training for Network and Data Protection

EPA Pesticide Factsheets

Report #17-P-0344, July 31, 2017. The EPA is unaware whether information security contractors possess the skills and training needed to protect the agency’s information, data and network from security breaches.

Usable SPACE: Security, Privacy, and Context for the Mobile User

NASA Astrophysics Data System (ADS)

Jutla, Dawn

Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. (1...

Report: No Significant Residual Contamination Found at Deleted Superfund Sites, But Security Fences Were Damaged at Some Sites

EPA Pesticide Factsheets

Report #15-P-0013, November 10, 2014. Continued security breaches at some sites could impair the effectiveness of the remedy to protect human health and the environment and could expose trespassers to safety or health risks.

Development of method for evaluating estimated inundation area by using river flood analysis based on multiple flood scenarios

NASA Astrophysics Data System (ADS)

Ono, T.; Takahashi, T.

2017-12-01

Non-structural mitigation measures such as flood hazard map based on estimated inundation area have been more important because heavy rains exceeding the design rainfall frequently occur in recent years. However, conventional method may lead to an underestimation of the area because assumed locations of dike breach in river flood analysis are limited to the cases exceeding the high-water level. The objective of this study is to consider the uncertainty of estimated inundation area with difference of the location of dike breach in river flood analysis. This study proposed multiple flood scenarios which can set automatically multiple locations of dike breach in river flood analysis. The major premise of adopting this method is not to be able to predict the location of dike breach correctly. The proposed method utilized interval of dike breach which is distance of dike breaches placed next to each other. That is, multiple locations of dike breach were set every interval of dike breach. The 2D shallow water equations was adopted as the governing equation of river flood analysis, and the leap-frog scheme with staggered grid was used. The river flood analysis was verified by applying for the 2015 Kinugawa river flooding, and the proposed multiple flood scenarios was applied for the Akutagawa river in Takatsuki city. As the result of computation in the Akutagawa river, a comparison with each computed maximum inundation depth of dike breaches placed next to each other proved that the proposed method enabled to prevent underestimation of estimated inundation area. Further, the analyses on spatial distribution of inundation class and maximum inundation depth in each of the measurement points also proved that the optimum interval of dike breach which can evaluate the maximum inundation area using the minimum assumed locations of dike breach. In brief, this study found the optimum interval of dike breach in the Akutagawa river, which enabled estimated maximum inundation area to predict efficiently and accurately. The river flood analysis by using this proposed method will contribute to mitigate flood disaster by improving the accuracy of estimated inundation area.

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

User Authentication in Smartphones for Telehealth

PubMed Central

SMITH, KATHERINE A.; ZHOU, LEMING; WATZLAF, VALERIE J. M.

2017-01-01

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity. When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. PMID:29238444

User Authentication in Smartphones for Telehealth.

PubMed

Smith, Katherine A; Zhou, Leming; Watzlaf, Valerie J M

2017-01-01

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity. When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed.

Convergence: Yea or Nay?

ERIC Educational Resources Information Center

Villano, Matt

2008-01-01

Colleges and universities can never be too prepared, whether for physical attacks or data security breaches. A quick data slice of over 7,000 US higher ed institutions, using the Office of Postsecondary Education's Campus Security Data Analysis Cutting Tool Website and cutting across public and private two- and four-year schools, reveals some…

School Security Gap (with Related Video)

ERIC Educational Resources Information Center

Skurnac, Steve

2012-01-01

Data security breaches in the educational sector can be devastating to institutions and the students and employees they serve. They carry the potential for identity theft, violations of federal and state laws, and loss of trust of students, alumni and employees. The Identity Theft Resource Center says that as of October 2011, education…

Analyzing Risks and Vulnerabilities of Various Computer Systems and Undergoing Exploitation using Embedded Devices

NASA Technical Reports Server (NTRS)

Branch, Drew Alexander

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated, patched and secured state in a launch control system environment. Attacks on critical systems are becoming more and more relevant and frequent. Nation states are hacking into critical networks that might control electrical power grids or water dams as well as carrying out advanced persistent threat (APTs) attacks on government entities. NASA, as an organization, must protect its self from attacks from all different types of attackers with different motives. Although the International Space Station was created, there is still competition between the different space programs. With that in mind, NASA might get attacked and breached for various reasons such as espionage or sabotage. My project will provide a way for NASA to complete an in house penetration test which includes: asset discovery, vulnerability scans, exploit vulnerabilities and also provide forensic information to harden systems. Completing penetration testing is a part of the compliance requirements of the Federal Information Security Act (FISMA) and NASA NPR 2810.1 and related NASA Handbooks. This project is to demonstrate how in house penetration testing can be conducted that will satisfy all of the compliance requirements of the National Institute of Standards and Technology (NIST), as outlined in FISMA. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

Determining the right level for your IT security investment.

PubMed

Claunch, Don; McMillan, Mac

2013-05-01

Investing sufficiently in IT security not only is essential for a healthcare organization's protection, but also is a responsibility to patients, and its success depends on its being addressed at all levels of management. Hospital data security breaches have the potential to cost as much as $7 million, including fines, litigation, and damaged reputation. Response and cleanup alone can cost hundreds of thousands of dollars. Developing and following an annual action plan for IT security can lower hospitals' IT security costs in the long run.

CrossTalk. The Journal of Defense Software Engineering. Volume 25, Number 6

DTIC Science & Technology

2012-12-01

Cyber Security Threat Definition Communicable Noncommunicable Based on Risky Behavior Coordinated Trojan horse programs Threats hidden in a...for Cyber Security Threats Cyber Security Threat Communicable Noncommunicable Risky Behaviors Coordinated Type of Intervention (at the System...types of data are breached. Further, educational materials on risky behaviors (e.g., for home Internet users) as well as recommended guide- lines for

Willow System Demonstration

DTIC Science & Technology

2003-01-01

possibility of terrorists attempting to breach airport security . If a few terrorists attempt to smuggle weapons at any single airport, most will be...introduction of law- enforcement officials, and so on. For airport security , secu- rity staff would indicate when a banned object was found using a touch...necessary responses could be communicated to the airport security staff. In the Willow architecture, the various components and all of the algorithms

Privacy and Security in Multi-User Health Kiosks

PubMed Central

TAKYI, HAROLD; WATZLAF, VALERIE; MATTHEWS, JUDITH TABOLT; ZHOU, LEMING; DEALMEIDA, DILHARI

2017-01-01

Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) has gotten stricter and penalties have become more severe in response to a significant increase in computer-related information breaches in recent years. With health information said to be worth twice as much as other forms of information on the underground market, making preservation of privacy and security an integral part of health technology development, rather than an afterthought, not only mitigates risks but also helps to ensure HIPAA and HITECH compliance. This paper provides a guide, based on the Office for Civil Rights (OCR) audit protocol, for creating and maintaining an audit checklist for multi-user health kiosks. Implementation of selected audit elements for a multi-user health kiosk designed for use by community-residing older adults illustrates how the guide can be applied. PMID:28814990

HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

NASA Astrophysics Data System (ADS)

Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

2006-03-01

As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Belangia, David Warren

The Home Depot Data Breach is the second largest data breach on record. It has or will affect up to 56 million debit or credit cards. A trusted vendor account, coupled with the use of a previously unknown variant of malware that allowed the establishment of a foothold, was the entry point into the Home Depot network. Once inside the perimeter, privilege escalation provided an avenue to obtain the desired information. Home Depot did, however, learn some lessons from Target. Home Depot certainly communicated better than Target, procured insurance, and instituted as secure an environment as possible. There are specificmore » measures an institution should undertake to prepare for a data breach, and everyone can learn from this breach. Publicly available information about the Home Depot Data Breach provides insight into the attack, an old malware variant with a new twist.While the malware was modified as to be unrecognizable with tools, it probably should have been detected. There are also concerns with Home Depot’s insurance and the insurance provider’s apparent lack of fully reimbursing Home Depot for their losses. The effect on shareholders and Home Depot’s stock price was short lived. This story is still evolving but provides interesting lessons learned concerning how an organization should prepare for it inevitable breach.« less

Is Test Security an Issue in a Multistation Clinical Assessment?--A Preliminary Study.

ERIC Educational Resources Information Center

Stillman, Paula L.; And Others

1991-01-01

A study investigated possible differences in standardized patient examination scores for three groups of undergraduate (n=176) and graduate (n=221) medical students assessed at different sites over two years. Results show no systematic change in scores over testing dates, suggesting no problems with breach of test security. (MSE)

A Review of the Security of Insulin Pump Infusion Systems

PubMed Central

Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

2011-01-01

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. PMID:22226278

A review of the security of insulin pump infusion systems.

PubMed

Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

2011-11-01

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. © 2011 Diabetes Technology Society.

12 CFR 174.7 - Determination by the OCC.

Code of Federal Regulations, 2012 CFR

2012-01-01

..., dishonesty, breach of trust or fiduciary duties, organized crime or racketeering; (B) Violation of securities... furnishing a business plan projecting activities which are inconsistent with economical home financing. ...

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

Military Hydrology. Report 20. Reservoir Outflow (RESOUT) Model

DTIC Science & Technology

1991-04-01

and/or be withdrawn from the river at some distance below the dam . In other cases, the outlet works discharges directly into a canal or pipe conveyance... dams are cited in Table 3 (USAGE 1965). 150. Darcy-Weisbach eguation, The head loss resulting from pipe fric- tion may also be determined using the Darcy... dam breach and computes the resulting outflow hydrograph. Example 8 Dam Breach Simulation ID Example 8 ID Dam Breach Simulation ID 10 1 0 KK Teton CG

Compliance Issues and Homeland Security with New Federal Regulations for Higher Education Institutions

ERIC Educational Resources Information Center

Valcik, Nicolas A.

2010-01-01

Research advancements into different fields of study have increased the risks for accidents, criminal acts, or a potential breach of national security, and the types of hazardous materials (HAZMAT) stored and used at universities and colleges are under new scrutiny. Before, a chemistry laboratory might only have basic substances such as sulfur,…

Measuring the Level of Security in the K-12 IT Environment in Southern California

ERIC Educational Resources Information Center

Brown, Brandon R.

2016-01-01

Kindergartens through twelfth grade institutions (K-12) are susceptible to unauthorized breaches to the security of their networked systems. These systems house sensitive information for students and staff alike. K-12 organizations face a significant risk for loss of this information that can damage reputation and pose liability. Perpetrators have…

Residential Preferences: What's Terrorism Got to Do with It?

ERIC Educational Resources Information Center

Kay, David; Geisler, Charles; Bills, Nelson

2010-01-01

Security has long been recognized as an element in residential preference and its relative importance has risen with fear of extremist attacks on U.S. cities. Using polling data from 2004, this research investigates whether the security breaches of 9/11 in New York City influenced residential preferences in New York State. Our results confirm that…

The Numbers Game: Phasing in Generated ID Numbers at the University of Oregon

ERIC Educational Resources Information Center

Eveland, Sue

2005-01-01

With all the recent headlines about security breaches and information loss at financial and educational institutions, the higher education community needs to address the issue of using social security numbers as ID numbers. The University of Oregon undertook a change process to assign generated ID numbers to all records in their information…

Data Security and Breach Notification Act of 2011

THOMAS, 112th Congress

Sen. Pryor, Mark L. [D-AR

2011-06-15

Senate - 06/15/2011 Read twice and referred to the Committee on Commerce, Science, and Transportation. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Data Security and Breach Notification Act of 2013

THOMAS, 113th Congress

Sen. Toomey, Pat [R-PA

2013-06-20

Senate - 06/20/2013 Read twice and referred to the Committee on Commerce, Science, and Transportation. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Data Security and Breach Notification Act of 2012

THOMAS, 112th Congress

Sen. Toomey, Pat [R-PA

2012-06-21

Senate - 06/21/2012 Read twice and referred to the Committee on Commerce, Science, and Transportation. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Data Security and Breach Notification Act of 2014

THOMAS, 113th Congress

Sen. Rockefeller, John D., IV [D-WV

2014-01-30

Senate - 01/30/2014 Read twice and referred to the Committee on Commerce, Science, and Transportation. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.

PubMed

Drolet, Brian C; Marwaha, Jayson S; Hyatt, Brad; Blazar, Phillip E; Lifchez, Scott D

2017-06-01

Technology has enhanced modern health care delivery, particularly through accessibility to health information and ease of communication with tools like mobile device messaging (texting). However, text messaging has created new risks for breach of protected health information (PHI). In the current study, we sought to evaluate hand surgeons' knowledge and compliance with privacy and security standards for electronic communication by text message. A cross-sectional survey of the American Society for Surgery of the Hand membership was conducted in March and April 2016. Descriptive and inferential statistical analyses were performed of composite results as well as relevant subgroup analyses. A total of 409 responses were obtained (11% response rate). Although 63% of surgeons reported that they believe that text messaging does not meet Health Insurance Portability and Accountability Act of 1996 security standards, only 37% reported they do not use text messages to communicate PHI. Younger surgeons and respondents who believed that their texting was compliant were statistically significantly more like to report messaging of PHI (odds ratio, 1.59 and 1.22, respectively). A majority of hand surgeons in this study reported the use of text messaging to communicate PHI. Of note, neither the Health Insurance Portability and Accountability Act of 1996 statute nor US Department of Health and Human Services specifically prohibits this form of electronic communication. To be compliant, surgeons, practices, and institutions need to take reasonable security precautions to prevent breach of privacy with electronic communication. Communication of clinical information by text message is not prohibited under Health Insurance Portability and Accountability Act of 1996, but surgeons should use appropriate safeguards to prevent breach when using this form of communication. Copyright © 2017 American Society for Surgery of the Hand. Published by Elsevier Inc. All rights reserved.

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497

Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers

PubMed Central

Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

2014-01-01

Introduction This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). Methods The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents’ concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Results Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). Conclusions This study underscores the need for enhanced measures to secure patients’ PHI to avoid undermining their trust. PMID:23975624

Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers.

PubMed

Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

2014-01-01

This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents' concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). This study underscores the need for enhanced measures to secure patients' PHI to avoid undermining their trust.

Promotion by the British pharmaceutical industry, 1983-8: a critical analysis of self regulation.

PubMed Central

Herxheimer, A; Collier, J

1990-01-01

Since 1958 the Association of the British Pharmaceutical Industry (ABPI) has attempted to regulate the promotion of prescription medicines through its code of practice. This regulation is described and analysed for the six years 1983-8 using the reports on 302 complaints considered by its code of practice committee and annual reports. The complaints came mainly from doctors (143, 48%) and competing companies (103, 33%). The committee found a total of 379 breaches of the code in 192 (63%) of the complaints. Additional breaches were detected by informational scrutiny of advertisements by the ABPI secretariat. Analysis showed that 270 (71%) of these breaches involved possible breaches of the Medicines Act. The rules that forbid misleading or unsubstantiated information and misleading claims or comparisons were broken most often. The committee found the most frequent offenders to be Organon (32 breaches), Smith Kline and French (23), Glaxo (21), A H Robins (18), Bayer (17), Merck Sharp and Dohme (17), and Lederle (16). Often the promotion of one product led to several breaches. The promotional wars over histamine H2 receptor antagonists accounted for 33 breaches. It is estimated that in 1983-8 about 100 breaches of the code were detected a year. In the 18 years 1972-88 the Medicines Act was breached probably over 1200 times. Health ministers, by not enforcing the regulations controlling promotion, have abrogated their responsibility to the ABPI, but the evidence suggests that the code has failed to deter promotional excesses. The ABPI's wish to secure compliance with the code seems weaker than its wish to pre-empt outside criticism and action: its self regulation seems to be a service to itself rather than to the public. It is suggested that the code of practice committee should become publicly accountable, that the majority of its members should represent the health professions and the public, and that effective sanctions are needed. PMID:2106963

Design of a Forecasting Service System for Monitoring of Vulnerabilities of Sensor Networks

NASA Astrophysics Data System (ADS)

Song, Jae-Gu; Kim, Jong Hyun; Seo, Dong Il; Kim, Seoksoo

This study aims to reduce security vulnerabilities of sensor networks which transmit data in an open environment by developing a forecasting service system. The system is to remove or monitor causes of breach incidents in advance. To that end, this research first examines general security vulnerabilities of sensor networks and analyzes characteristics of existing forecasting systems. Then, 5 steps of a forecasting service system are proposed in order to improve security responses.

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

33 CFR 106.230 - OCS facility recordkeeping requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

... participants, and any best practices or lessons learned which may improve the FSP; (3) Incidents and breaches... days after the end of its effective period; and (8) Annual audit of the Facility Security Plan (FSP...

33 CFR 106.230 - OCS facility recordkeeping requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

... participants, and any best practices or lessons learned which may improve the FSP; (3) Incidents and breaches... days after the end of its effective period; and (8) Annual audit of the Facility Security Plan (FSP...

33 CFR 106.230 - OCS facility recordkeeping requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

... participants, and any best practices or lessons learned which may improve the FSP; (3) Incidents and breaches... days after the end of its effective period; and (8) Annual audit of the Facility Security Plan (FSP...

33 CFR 106.230 - OCS facility recordkeeping requirements.

Code of Federal Regulations, 2010 CFR

2010-07-01

... participants, and any best practices or lessons learned which may improve the FSP; (3) Incidents and breaches... days after the end of its effective period; and (8) Annual audit of the Facility Security Plan (FSP...

33 CFR 106.230 - OCS facility recordkeeping requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

... participants, and any best practices or lessons learned which may improve the FSP; (3) Incidents and breaches... days after the end of its effective period; and (8) Annual audit of the Facility Security Plan (FSP...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or... conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or...

Exploring Effects of Organizational Culture upon Implementation of Information Security Awareness and Training Programs within the Defense Industry Located in the Tennessee Valley Region

ERIC Educational Resources Information Center

Grant, Robert Luther

2017-01-01

Data breaches due to social engineering attacks and employee negligence are on the rise. The only known defense against social engineering attacks and employee negligence is information security awareness and training. However, implementation of awareness and training programs within organizations are lagging in priority. This research used the…

Large Earthquakes Disrupt Groundwater System by Breaching Aquitards

NASA Astrophysics Data System (ADS)

Wang, C. Y.; Manga, M.; Liao, X.; Wang, L. P.

2016-12-01

Changes of groundwater system by large earthquakes are widely recognized. Some changes have been attributed to increases in the vertical permeability but basic questions remain: How do increases in the vertical permeability occur? How frequent do they occur? How fast does the vertical permeability recover after the earthquake? Is there a quantitative measure for detecting the occurrence of aquitard breaching? Here we attempt to answer these questions by examining data accumulated in the past 15 years. Analyses of increased stream discharges and their geochemistry after large earthquakes show evidence that the excess water originates from groundwater released from high elevations by large increase of the vertical permeability. Water-level data from a dense network of clustered wells in a sedimentary basin near the epicenter of the 1999 M7.6 Chi-Chi earthquake in western Taiwan show that, while most confined aquifers remained confined after the earthquake, about 10% of the clustered wells show evidence of coseismic breaching of aquitards and a great increase of the vertical permeability. Water level in wells without evidence of coseismic breaching of aquitards show similar tidal response before and after the earthquake; wells with evidence of coseismic breaching of aquitards, on the other hand, show distinctly different tidal response before and after the earthquake and that the aquifers became hydraulically connected for many months thereafter. Breaching of aquitards by large earthquakes has significant implications for a number of societal issues such as the safety of water resources, the security of underground waste repositories, and the production of oil and gas. The method demonstrated here may be used for detecting the occurrence of aquitard breaching by large earthquakes in other seismically active areas.

Medicare program; offset of Medicare payments to individuals to collect past-due obligations arising from breach of scholarship and loan contracts--HCFA. Final rule.

PubMed

1992-05-04

This final rule sets forth the procedures to be followed for collection of past-due amounts owed by individuals who breached contracts under certain scholarship and loan programs. The programs that would be affected are the National Health Service Corps Scholarship, the Physician Shortage Area Scholarship, and the Health Education Assistance Loan. These procedures would apply to those individuals who breached contracts under the scholarship and loan programs and who-- Accept Medicare assignment for services; Are employed by or affiliated with a provider, Health Maintenance Organization, or Competitive Medical Plan that receives Medicare payment for services; or Are members of a group practice that receives Medicare payment for services. This regulation implements section 1892 of the Social Security Act, as added by section 4052 of the Omnibus Budget Reconciliation Act of 1987.

Simulation of Flow Through Breach in Leading Edge at Mach 24

NASA Technical Reports Server (NTRS)

Gnoffo, Peter A.; Alter, Stephen J.

2004-01-01

A baseline solution for CFD Point 1 (Mach 24) in the STS-107 accident investigation was modified to include effects of holes through the leading edge into a vented cavity. The simulations were generated relatively quickly and early in the investigation by making simplifications to the leading edge cavity geometry. These simplifications in the breach simulations enabled: 1) A very quick grid generation procedure; 2) High fidelity corroboration of jet physics with internal surface impingements ensuing from a breach through the leading edge, fully coupled to the external shock layer flow at flight conditions. These simulations provided early evidence that the flow through a 2 inch diameter (or larger) breach enters the cavity with significant retention of external flow directionality. A normal jet directed into the cavity was not an appropriate model for these conditions at CFD Point 1 (Mach 24). The breach diameters were of the same order or larger than the local, external boundary-layer thickness. High impingement heating and pressures on the downstream lip of the breach were computed. It is likely that hole shape would evolve as a slot cut in the direction of the external streamlines. In the case of the 6 inch diameter breach the boundary layer is fully ingested.

78 FR 79481 - Summary of Commission Practice Relating to Administrative Protective Orders

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-30

... breach of the Commission's APOs. APO breach inquiries are considered on a case-by- case basis. As part of... suitable container (N.B.: storage of BPI on so-called hard disk computer media is to be avoided, because mere erasure of data from such media may not irrecoverably destroy the BPI and may result in violation...

Integrated homeland security system with passive thermal imaging and advanced video analytics

NASA Astrophysics Data System (ADS)

Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

2007-04-01

A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection for creating initial alerts - we refer to this as software level detection, the next level building block Immersive 3D visual assessment for situational awareness and to manage the reaction process - we refer to this as automated intelligent situational awareness, a third building block Wide area command and control capabilities to allow control from a remote location - we refer to this as the management and process control building block integrating together the lower level building elements. In addition, this paper describes three live installations of complete, total systems that incorporate visible and thermal cameras as well as advanced video analytics. Discussion of both system elements and design is extensive.

What to do when trust has been breached in your practice.

PubMed

Hills, Laura

2013-01-01

We've all experienced gossiping, missed deadlines, someone taking credit for another's work, and little white lies. These and other breaches of trust are commonplace. However, they do more damage in the medical practice than many practice managers realize. This article argues that medical practice employees need to trust their managers, patients, doctors, one another, and even the security of their jobs so they are able to focus on their daily tasks and perform well. It defines trust as both a logical and emotional act and describes common breaches of workplace trust. It defines three characteristics of high-trust organizations and illustrates through examples how practice managers can demonstrate their trustworthiness through their actions, not only through their words. This article also offers seven steps for rebuilding trust that has been breached. It offers readers two instruments: a survey tool practice managers can use to assess the trust in their practices and a self-quiz practice managers can take to assess their own trustworthiness. Finally, this article offers research about the impact of trust on the bottom line and 10 truths about trust that medical practice managers can share with their employees.

High stakes. HITECH's privacy provisions will make costly security breaches even more painful to bear.

PubMed

Gamble, Kate Huvane

2009-07-01

* The HITECH section of ARRA includes provisions relating to protected health information that could significantly alter the C-suite leader's strategy. * Patients will be entitled to request an accounting of disclosure for up to three years after the date of request. The onus will be on hospital leaders to put in place a process that makes accounting available without disrupting operations or patient care. * Because of the increased risks hospitals now face, it is critical that executives are aware of the new requirements, and are either involved in or have a solid understanding of the organization's breach notification policies.

Computational Approach for Securing Radiology-Diagnostic Data in Connected Health Network using High-Performance GPU-Accelerated AES.

PubMed

Adeshina, A M; Hashim, R

2017-03-01

Diagnostic radiology is a core and integral part of modern medicine, paving ways for the primary care physicians in the disease diagnoses, treatments and therapy managements. Obviously, all recent standard healthcare procedures have immensely benefitted from the contemporary information technology revolutions, apparently revolutionizing those approaches to acquiring, storing and sharing of diagnostic data for efficient and timely diagnosis of diseases. Connected health network was introduced as an alternative to the ageing traditional concept in healthcare system, improving hospital-physician connectivity and clinical collaborations. Undoubtedly, the modern medicinal approach has drastically improved healthcare but at the expense of high computational cost and possible breach of diagnosis privacy. Consequently, a number of cryptographical techniques are recently being applied to clinical applications, but the challenges of not being able to successfully encrypt both the image and the textual data persist. Furthermore, processing time of encryption-decryption of medical datasets, within a considerable lower computational cost without jeopardizing the required security strength of the encryption algorithm, still remains as an outstanding issue. This study proposes a secured radiology-diagnostic data framework for connected health network using high-performance GPU-accelerated Advanced Encryption Standard. The study was evaluated with radiology image datasets consisting of brain MR and CT datasets obtained from the department of Surgery, University of North Carolina, USA, and the Swedish National Infrastructure for Computing. Sample patients' notes from the University of North Carolina, School of medicine at Chapel Hill were also used to evaluate the framework for its strength in encrypting-decrypting textual data in the form of medical report. Significantly, the framework is not only able to accurately encrypt and decrypt medical image datasets, but it also successfully encrypts and decrypts textual data in Microsoft Word document, Microsoft Excel and Portable Document Formats which are the conventional format of documenting medical records. Interestingly, the entire encryption and decryption procedures were achieved at a lower computational cost using regular hardware and software resources without compromising neither the quality of the decrypted data nor the security level of the algorithms.

45 CFR 164.400 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Applicability. 164.400 Section 164.400 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.400...

45 CFR 164.400 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Applicability. 164.400 Section 164.400 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.400...

45 CFR 164.400 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Applicability. 164.400 Section 164.400 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.400...

Data Security and Breach Notification Act of 2010

THOMAS, 111th Congress

Sen. Pryor, Mark L. [D-AR

2010-08-05

Senate - 09/22/2010 Committee on Commerce, Science, and Transportation Subcommittee on Consumer Protection, Product Safety, and Insurance . Hearings held. With printed Hearing: S.Hrg. 111-1040. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2011-07-01 2011-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2012-07-01 2012-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2013-07-01 2013-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.119 - Finality of Secretary determination.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2011-07-01 2011-07-01 false Finality of Secretary... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.119 Finality of Secretary determination. A determination made by the Secretary under this subpart will be a final agency decision. ...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2014-07-01 2014-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.119 - Finality of Secretary determination.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2014-07-01 2014-07-01 false Finality of Secretary... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.119 Finality of Secretary determination. A determination made by the Secretary under this subpart will be a final agency decision. ...

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

45 CFR 164.412 - Law enforcement delay.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Law enforcement delay. 164.412 Section 164.412 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information...

45 CFR 164.412 - Law enforcement delay.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 45 Public Welfare 1 2012-10-01 2012-10-01 false Law enforcement delay. 164.412 Section 164.412 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information...

45 CFR 164.412 - Law enforcement delay.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Law enforcement delay. 164.412 Section 164.412 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information...

45 CFR 164.412 - Law enforcement delay.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Law enforcement delay. 164.412 Section 164.412 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information...

38 CFR 75.119 - Finality of Secretary determination.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Finality of Secretary determination. 75.119 Section 75.119 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.119 Finality of Secretary determination. A...

The Legal Implications of Storing Student Data: Preparing for and Responding to Data Breaches

ERIC Educational Resources Information Center

Beaudin, Katie

2017-01-01

This chapter outlines the varying threats that IR professionals face when securely storing and managing data, as well as the regulatory structure in place to control data management. Advice is offered on how best to structure and manage student data.

Testing Integrity Symposium: Issues and Recommendations for Best Practice

ERIC Educational Resources Information Center

National Center for Education Statistics, 2013

2013-01-01

Educators, parents, and the public depend on accurate, valid, reliable, and timely information about student academic performance. Testing irregularities--breaches of test security or improper administration of academic testing--undermine efforts to use those data to improve student achievement. Unfortunately, there have been high-profile and…

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

22 CFR 94.5 - Application.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Relations DEPARTMENT OF STATE LEGAL AND RELATED SERVICES INTERNATIONAL CHILD ABDUCTION § 94.5 Application... locating a child, securing access to a child, or obtaining the return of a child that has been removed or retained in breach of custody rights. The application shall be made in the form prescribed by the U.S...

38 CFR 75.117 - Notification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... information that were involved in the data breach (e.g., full name, Social Security number, date of birth... conspicuous posting on the home page of VA's Web site and notification in major print and broadcast media, including major media in geographic areas where the affected individuals likely reside. Such a notice in...

38 CFR 75.117 - Notification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... information that were involved in the data breach (e.g., full name, Social Security number, date of birth... conspicuous posting on the home page of VA's Web site and notification in major print and broadcast media, including major media in geographic areas where the affected individuals likely reside. Such a notice in...

38 CFR 75.117 - Notification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... information that were involved in the data breach (e.g., full name, Social Security number, date of birth... conspicuous posting on the home page of VA's Web site and notification in major print and broadcast media, including major media in geographic areas where the affected individuals likely reside. Such a notice in...

38 CFR 75.117 - Notification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... information that were involved in the data breach (e.g., full name, Social Security number, date of birth... conspicuous posting on the home page of VA's Web site and notification in major print and broadcast media, including major media in geographic areas where the affected individuals likely reside. Such a notice in...

45 CFR 164.414 - Administrative requirements and burden of proof.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Administrative requirements and burden of proof. 164.414 Section 164.414 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured...

45 CFR 164.410 - Notification by a business associate.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Notification by a business associate. 164.410 Section 164.410 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health...

45 CFR 164.408 - Notification to the Secretary.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Notification to the Secretary. 164.408 Section 164.408 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information...

45 CFR 164.414 - Administrative requirements and burden of proof.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Administrative requirements and burden of proof. 164.414 Section 164.414 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured...

45 CFR 164.410 - Notification by a business associate.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Notification by a business associate. 164.410 Section 164.410 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health...

45 CFR 164.414 - Administrative requirements and burden of proof.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Administrative requirements and burden of proof. 164.414 Section 164.414 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured...

45 CFR 164.410 - Notification by a business associate.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Notification by a business associate. 164.410 Section 164.410 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health...

38 CFR 75.117 - Notification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... information that were involved in the data breach (e.g., full name, Social Security number, date of birth... conspicuous posting on the home page of VA's Web site and notification in major print and broadcast media, including major media in geographic areas where the affected individuals likely reside. Such a notice in...

78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-25

... certain health information, such as standards for certain health care transactions conducted electronically and code sets and unique identifiers for health care providers and employers. The HIPAA... HIPAA apply to three types of entities, which are known as ``covered entities'': health care providers...

38 CFR 75.112 - Definitions and terms.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Definitions and terms. 75.112 Section 75.112 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.112 Definitions and terms. For purposes of this subpart: Confidentiality means preserving...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Secretary determination. 75.116 Section 75.116 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, th...

Open to Attack?

ERIC Educational Resources Information Center

Poremba, Sue Marquette

2012-01-01

Who hasn't received mail from a company notifying them that their personal information may have been compromised? No organization--not Amazon, not the CIA--is immune to cyberattacks, and higher education is no exception. Indeed, colleges and universities may be even more susceptible to security breaches than their corporate brethren, and the…

7 CFR 1488.18 - Covenant against contingent fees.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Financing of Export Sales of Agricultural Commodities From Private Stocks Under CCC Export Credit Sales... exporter for the purpose of securing business. For breach or violation of this warranty, CCC shall have the... liability to CCC. Should the financing agreement be annulled, CCC will promptly consent to the reduction or...

7 CFR 1488.18 - Covenant against contingent fees.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Financing of Export Sales of Agricultural Commodities From Private Stocks Under CCC Export Credit Sales... exporter for the purpose of securing business. For breach or violation of this warranty, CCC shall have the... liability to CCC. Should the financing agreement be annulled, CCC will promptly consent to the reduction or...

7 CFR 1488.18 - Covenant against contingent fees.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Financing of Export Sales of Agricultural Commodities From Private Stocks Under CCC Export Credit Sales... exporter for the purpose of securing business. For breach or violation of this warranty, CCC shall have the... liability to CCC. Should the financing agreement be annulled, CCC will promptly consent to the reduction or...

From Hippocrates to facsimile: Protecting patient confidentiality is more difficult and more important than ever before

PubMed Central

Dodek, D Y; Dodek, A

1997-01-01

Although patient confidentiality has been a fundamental ethical principle since the Hippocratic Oath, it is under increasing threat. The main area of confidentiality is patient records. Physicians must be able to store and dispose of medical records securely. Patients should be asked whether some information should be kept out of the record or withheld if information is released. Patient identity should be kept secret during peer review of medical records. Provincial legislation outlines circumstances in which confidential information must be divulged. Because of the "team approach" to care, hospital records may be seen by many health care and administrative personnel. All hospital workers must respect confidentiality, especially when giving out information about patients by telephone or to the media. Research based on medical-record review also creates challenges for confidentiality. Electronic technology and communications are potential major sources of breaches of confidentiality. Computer records must be carefully protected from casual browsing or from unauthorized access. Fax machines and cordless and cellular telephones can allow unauthorized people to see or overhear confidential information. Confidentiality is also a concern in clinical settings, including physicians' offices and hospitals. Conversations among hospital personnel in elevators or public cafeterias can result in breaches of confidentiality. Patient confidentiality is a right that must be safeguarded by all health care personnel. PMID:9084393

Achieving Cyber Resilience, Reducing Cybercrime and Increasing Cyber Defense Capabilities: Where Should the U.S. Department of Defense Concentrate Today to Prevent Cyberattacks of Significant Consequence

DTIC Science & Technology

2016-04-24

the Cybersecurity in the United States – Brief Overview 13 2.1. Data Breaches in the United States 14 2.2. Security and...Capacity to Defend 15 2.2.1. Cybersecurity Capabilities in the United States 18 2.3. Internationalization of Cybersecurity ...The Department of Homeland Security (DHS) Org Chart 43 2.2.1.2 National Cybersecurity and Communications Integration Center (NCCIC) Org

Adapting America’s Security Paradigm and Security Agenda

DTIC Science & Technology

2010-01-01

from religious strife, others are eth- nic or territorial in nature . What they have in com- mon is a disregard for the value of human life; a breach...Acknowledgements The primary authors of this report are Dr. Roy Godson and Dr. Richard Shultz. Dr. God - son is Professor Emeritus of Government, Georgetown...ELEMENT NUMBER 6. AUTHOR (S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) National

The effectiveness of the department of defense's field manual 3-11 in detecting, deterring and degrading the breach of a combat base by a human-borne with bioagent (HBBA): perceptions of security personnel.

PubMed

Alakpa, George Edafese; Collins, John W

2015-01-01

The department of defense's FM 3-11 is among the military's field manuals for preparing for, reacting to and recovering from chemical, biological, radiological and nuclear attacks. Since post 9-11, U.S. military service members have been deployed in the global war on terrorism. This study attempted to determine the effectiveness of the FM 3-11 in detecting, deterring or preventing a human-borne with bioagent (HBBA) terrorist breach at an entry control point (ECP). This time-specific, cross-sectional study disseminated a validated survey tool with Cronbach's α > 0.82 to respondents who have had antiterrorism training and combat ECP experience. The return rate was greater than 75.0 %; however, many of the respondents failed to meet the inclusion criteria. Consequently, only 26 questionnaires were included in the sample. The results revealed that while over 60.0 % of the respondents either strongly agreed or agreed that biointelligence, the deployment of biodetectors and the use of biowarning systems could be effective in preventing an ECP breach by a terrorist with a bioagent, the use of protective equipment and immunization to decontaminate service members or other TTPs would never prevent a breach. A large percentage of respondents claimed that soldiers at the ECP lacked the devices or the knowledge to detect an HBBA at an ECP, and 72.0 % suggested modifying current ECP TTPs to include education, training and equipment for security personnel at military base ECPs. If obtained from appropriate sources and communicated to the personnel at the ECP in an effective or timely manner, the possible effectiveness of certain TTPs in the FM 3-11, specifically FM 3-11.86 (intelligence), might increase.

The health information system security threat lifecycle: an informatics theory.

PubMed

Fernando, Juanita I; Dawson, Linda L

2009-12-01

This manuscript describes the health information system security threat lifecycle (HISSTL) theory. The theory is grounded in case study data analyzing clinicians' health information system (HIS) privacy and security (P&S) experiences in the practice context. The 'questerview' technique was applied to this study of 26 clinicians situated in 3 large Australian (across Victoria) teaching hospitals. Questerviews rely on data collection that apply standardized questions and questionnaires during recorded interviews. Analysis (using Nvivo) involved the iterative scrutiny of interview transcripts to identify emergent themes. Issues including poor training, ambiguous legal frameworks containing punitive threats, productivity challenges, usability errors and the limitations of the natural hospital environment emerged from empirical data about the clinicians' HIS P&S practices. The natural hospital environment is defined by the permanence of electronic HISs (e-HISs), shared workspaces, outdated HIT infrastructure, constant interruption, a P&S regulatory environment that is not conducive to optimal training outcomes and budgetary constraints. The evidence also indicated the obtrusiveness, timeliness, and reliability of P&S implementations for clinical work affected participant attitudes to, and use of, e-HISs. The HISSTL emerged from the analysis of study evidence. The theory embodies elements such as the fiscal, regulatory and natural hospital environments which impede P&S implementations in practice settings. These elements conflict with improved patient care outcomes. Efforts by clinicians to avoid conflict and emphasize patient care above P&S tended to manifest as security breaches. These breaches entrench factors beyond clinician control and perpetuate those within clinician control. Security breaches of health information can progress through the HISSTL. Some preliminary suggestions for addressing these issues are proposed. Legislative frameworks that are not related to direct patient care were excluded from this study. Other limitations included an exclusive focus on patient care tasks post-admission and pre-discharge from public hospital wards. Finally, the number of cases was limited by the number of participants who volunteered to participate in the study. It is reasonable to assume these participants were more interested in the P&S of patient care work than their counterparts, though the study was not intended to provide quantitative or statistical data. Nonetheless, additional case studies would strengthen the HISSTL theory if confirmatory, practice-based evidence were found.

E-Business Curricula and Cybercrime: A Continuing Error of Omission?

ERIC Educational Resources Information Center

Fusilier, Marcelline; Penrod, Charlie

2013-01-01

The growth of e-business has been accompanied by even faster increases in losses from security breaches, legal problems, and cybercrime. These unnecessary costs inhibit the growth and efficiency of e-business worldwide. Professional education in e-business can help address these problems by providing students with coursework aimed at them. The…

Analyzing Security Breaches in the U.S.: A Business Analytics Case-Study

ERIC Educational Resources Information Center

Parks, Rachida F.; Adams, Lascelles

2016-01-01

This is a real-world applicable case-study and includes background information, functional organization requirements, and real data. Business analytics has been defined as the technologies, skills, and practices needed to iteratively investigate historical performance to gain insight or spot trends. You are asked to utilize/apply critical thinking…

A Trust That Can't Be Breached.

ERIC Educational Resources Information Center

Penning, Nick

1990-01-01

Children's Investment Trust is a proposed trust fund for children's services (nutrition, health, education, and social services) similar in design to Social Security fund. The trust would be funded by a small, progressive payroll tax levied on both employer and employee on wages greater than $5 per hour. The tax would raise $25 billion more every…

38 CFR 75.114 - Accelerated response.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Accelerated response. 75.114 Section 75.114 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.114 Accelerated response. (a) The Secretary, in the exercise of his or her discretion, may provide...

Cybersecurity: Authoritative Reports and Resources

DTIC Science & Technology

2013-04-17

Consumer Credit Cybersecurity: An Overview of Risks to Critical Infrastructure July 26, 2011 Energy and Commerce Oversight and Investigations...require greater protection for sensitive consumer data and timely notification in case of breach June 15, 2011 Energy and Commerce Commerce ...Financial Sector June 21, 2011 Commerce , Science and Transportation Privacy and Data Security: Protecting Consumers in the Modern World June 29, 2011

38 CFR 75.111 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Purpose and scope. 75.111 Section 75.111 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.111 Purpose and scope. This subpart implements provisions of 38 U.S.C. 5724 and 5727, which are set...

What Ohio U. Learned from a Major IT Crisis

ERIC Educational Resources Information Center

McDavis, Roderick J.

2008-01-01

Nationwide, IT breaches rose noticeably across all industries from 2003 to 2006. According to national statistics, hackers account for half of all exposures. Physical loss, theft, and fraud represent the second biggest risk. Security is an issue for all of higher education. Of all higher-education records that were exposed between 2000 and 2008, 4…

Cybersecurity in healthcare: A systematic review of modern threats and trends.

PubMed

Kruse, Clemens Scott; Frederick, Benjamin; Jacobson, Taylor; Monticone, D Kyle

2017-01-01

The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats. The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature. The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review. The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code. The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

Assessing the Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills toward Computer Misuse Intention at Government Agencies

ERIC Educational Resources Information Center

Choi, Min Suk

2013-01-01

Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Cybersecurity criminals are stealing more than one billion dollars from banks every year by exploiting vulnerabilities caused by bank users' computer misuse. Cybersecurity breaches are threatening the common…

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

Experimental and Computational Study of Underexpanded Jet Impingement Heat Transfer

NASA Technical Reports Server (NTRS)

Rufer, Shann J.; Nowak, Robert J.; Daryabeigi, Kamran; Picetti, Donald

2009-01-01

An experiment was performed to assess CFD modeling of a hypersonic-vehicle breach, boundary-layer flow ingestion and internal surface impingement. Tests were conducted in the NASA Langley Research Center 31-Inch Mach 10 Tunnel. Four simulated breaches were tested and impingement heat flux data was obtained for each case using both phosphor thermography and thin film gages on targets placed inside the model. A separate target was used to measure the surface pressure distribution. The measured jet impingement width and peak location are in good agreement with CFD analysis.

Lessons learned from a privacy breach at an academic health science centre.

PubMed

Malonda, Jacqueline; Campbell, Janice; Crivianu-Gaita, Daniela; Freedman, Melvin H; Stevens, Polly; Laxer, Ronald M

2009-01-01

In 2007, the Hospital for Sick Children experienced a serious privacy breach when a laptop computer containing the personal health information of approximately 3,000 patients and research subjects was stolen from a physician-researcher's vehicle. This incident was reported to the information and privacy commissioner of Ontario (IPC). The IPC issued an order that required the hospital to examine and revise its policies, practices and research protocols related to the protection of personal health information and to educate staff on privacy-related matters.

Patient-Centered Access to Secure Systems Online (PCASSO): a secure approach to clinical data access via the World Wide Web.

PubMed Central

Masys, D. R.; Baker, D. B.

1997-01-01

The Internet's World-Wide Web (WWW) provides an appealing medium for the communication of health related information due to its ease of use and growing popularity. But current technologies for communicating data between WWW clients and servers are systematically vulnerable to certain types of security threats. Prominent among these threats are "Trojan horse" programs running on client workstations, which perform some useful and known function for a user, while breaching security via background functions that are not apparent to the user. The Patient-Centered Access to Secure Systems Online (PCASSO) project of SAIC and UCSD is a research, development and evaluation project to exploit state-of-the-art security and WWW technology for health care. PCASSO is designed to provide secure access to clinical data for healthcare providers and their patients using the Internet. PCASSO will be evaluated for both safety and effectiveness, and may provide a model for secure communications via public data networks. PMID:9357644

Development and evaluation of a de-identification procedure for a case register sourced from mental health electronic records.

PubMed

Fernandes, Andrea C; Cloete, Danielle; Broadbent, Matthew T M; Hayes, Richard D; Chang, Chin-Kuo; Jackson, Richard G; Roberts, Angus; Tsang, Jason; Soncul, Murat; Liebscher, Jennifer; Stewart, Robert; Callard, Felicity

2013-07-11

Electronic health records (EHRs) provide enormous potential for health research but also present data governance challenges. Ensuring de-identification is a pre-requisite for use of EHR data without prior consent. The South London and Maudsley NHS Trust (SLaM), one of the largest secondary mental healthcare providers in Europe, has developed, from its EHRs, a de-identified psychiatric case register, the Clinical Record Interactive Search (CRIS), for secondary research. We describe development, implementation and evaluation of a bespoke de-identification algorithm used to create the register. It is designed to create dictionaries using patient identifiers (PIs) entered into dedicated source fields and then identify, match and mask them (with ZZZZZ) when they appear in medical texts. We deemed this approach would be effective, given high coverage of PI in the dedicated fields and the effectiveness of the masking combined with elements of a security model. We conducted two separate performance tests i) to test performance of the algorithm in masking individual true PIs entered in dedicated fields and then found in text (using 500 patient notes) and ii) to compare the performance of the CRIS pattern matching algorithm with a machine learning algorithm, called the MITRE Identification Scrubber Toolkit - MIST (using 70 patient notes - 50 notes to train, 20 notes to test on). We also report any incidences of potential breaches, defined by occurrences of 3 or more true or apparent PIs in the same patient's notes (and in an additional set of longitudinal notes for 50 patients); and we consider the possibility of inferring information despite de-identification. True PIs were masked with 98.8% precision and 97.6% recall. As anticipated, potential PIs did appear, owing to misspellings entered within the EHRs. We found one potential breach. In a separate performance test, with a different set of notes, CRIS yielded 100% precision and 88.5% recall, while MIST yielded a 95.1% and 78.1%, respectively. We discuss how we overcome the realistic possibility - albeit of low probability - of potential breaches through implementation of the security model. CRIS is a de-identified psychiatric database sourced from EHRs, which protects patient anonymity and maximises data available for research. CRIS demonstrates the advantage of combining an effective de-identification algorithm with a carefully designed security model. The paper advances much needed discussion of EHR de-identification - particularly in relation to criteria to assess de-identification, and considering the contexts of de-identified research databases when assessing the risk of breaches of confidential patient information.

A College's Liability for Unauthorized Copying of Microcomputer Software by Students.

ERIC Educational Resources Information Center

Gemignani, Michael

1986-01-01

Reviews copyright law and "contributory infringement" as it relates to computer software and possible student and staff violation in colleges and universities. Also discusses possibilities of "breach of contract" and "negligence" in computer software use. Provides a series of recommendations for universities and colleges to protect their…

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

19 CFR 113.45 - Charge for production of a missing document made against a continuous bond.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 19 Customs Duties 1 2013-04-01 2013-04-01 false Charge for production of a missing document made... Charge for production of a missing document made against a continuous bond. When a continuous bond secures the production of a missing document and the bond is breached by the principal's failure to timely...

19 CFR 113.45 - Charge for production of a missing document made against a continuous bond.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 19 Customs Duties 1 2010-04-01 2010-04-01 false Charge for production of a missing document made... Charge for production of a missing document made against a continuous bond. When a continuous bond secures the production of a missing document and the bond is breached by the principal's failure to timely...

19 CFR 113.45 - Charge for production of a missing document made against a continuous bond.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 19 Customs Duties 1 2012-04-01 2012-04-01 false Charge for production of a missing document made... Charge for production of a missing document made against a continuous bond. When a continuous bond secures the production of a missing document and the bond is breached by the principal's failure to timely...

19 CFR 113.45 - Charge for production of a missing document made against a continuous bond.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 19 Customs Duties 1 2011-04-01 2011-04-01 false Charge for production of a missing document made... Charge for production of a missing document made against a continuous bond. When a continuous bond secures the production of a missing document and the bond is breached by the principal's failure to timely...

19 CFR 113.45 - Charge for production of a missing document made against a continuous bond.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 19 Customs Duties 1 2014-04-01 2014-04-01 false Charge for production of a missing document made... Charge for production of a missing document made against a continuous bond. When a continuous bond secures the production of a missing document and the bond is breached by the principal's failure to timely...

Cyber threats to health information systems: A systematic review.

PubMed

Luna, Raul; Rhine, Emily; Myhra, Matthew; Sullivan, Ross; Kruse, Clemens Scott

2016-01-01

Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

PubMed Central

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. PMID:28052843

Aerospace Communications Security Technologies Demonstrated

NASA Technical Reports Server (NTRS)

Griner, James H.; Martzaklis, Konstantinos S.

2003-01-01

In light of the events of September 11, 2001, NASA senior management requested an investigation of technologies and concepts to enhance aviation security. The investigation was to focus on near-term technologies that could be demonstrated within 90 days and implemented in less than 2 years. In response to this request, an internal NASA Glenn Research Center Communications, Navigation, and Surveillance Aviation Security Tiger Team was assembled. The 2-year plan developed by the team included an investigation of multiple aviation security concepts, multiple aircraft platforms, and extensively leveraged datalink communications technologies. It incorporated industry partners from NASA's Graphical Weather-in-the-Cockpit research, which is within NASA's Aviation Safety Program. Two concepts from the plan were selected for demonstration: remote "black box," and cockpit/cabin surveillance. The remote "black box" concept involves real-time downlinking of aircraft parameters for remote monitoring and archiving of aircraft data, which would assure access to the data following the loss or inaccessibility of an aircraft. The cockpit/cabin surveillance concept involves remote audio and/or visual surveillance of cockpit and cabin activity, which would allow immediate response to any security breach and would serve as a possible deterrent to such breaches. The datalink selected for the demonstrations was VDL Mode 2 (VHF digital link), the first digital datalink for air-ground communications designed for aircraft use. VDL Mode 2 is beginning to be implemented through the deployment of ground stations and aircraft avionics installations, with the goal of being operational in 2 years. The first demonstration was performed December 3, 2001, onboard the LearJet 25 at Glenn. NASA worked with Honeywell, Inc., for the broadcast VDL Mode 2 datalink capability and with actual Boeing 757 aircraft data. This demonstration used a cockpitmounted camera for video surveillance and a coupling to the intercom system for audio surveillance. Audio, video, and "black box" data were simultaneously streamed to the ground, where they were displayed to a Glenn audience of senior management and aviation security team members.

Relationship between stakeholders' information value perception and information security behaviour

NASA Astrophysics Data System (ADS)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information security behaviours. This study seeks to address this gap in the research. Data will be presented from a pilot study consisting of interviews with 6 participants from public organisations in Brunei Darussalam which illustrate the nature of the value assignment process, together with an initial model of the relationship between perceived information value and information security behaviours.

New HIPAA rules: a guide for radiology providers.

PubMed

Dresevic, Adrienne; Mikel, Clinton

2013-01-01

The Office for Civil Rights issued its long awaited final regulations modifying the HIPAA privacy, security, enforcement, and breach notification rules--the HIPAA Megarule. The new HIPAA rules will require revisions to Notice of Privacy Practices, changes to business associate agreements, revisions to HIPAA privacy and security policies and procedures, and an overall assessment of HIPAA compliance. The HIPAA Megarule formalizes the HITECH Act requirements, and makes it clear that the OCRs ramp up of HIPAA enforcement is not merely a passing trend. The new rules underscore that both covered entities and business associates must reassess and strengthen HIPAA compliance.

Percutaneous pedicle screw placement under single dimensional fluoroscopy with a designed pedicle finder-a technical note and case series.

PubMed

Tsuang, Fon-Yih; Chen, Chia-Hsien; Kuo, Yi-Jie; Tseng, Wei-Lung; Chen, Yuan-Shen; Lin, Chin-Jung; Liao, Chun-Jen; Lin, Feng-Huei; Chiang, Chang-Jung

2017-09-01

Minimally invasive spine surgery has become increasingly popular in clinical practice, and it offers patients the potential benefits of reduced blood loss, wound pain, and infection risk, and it also diminishes the loss of working time and length of hospital stay. However, surgeons require more intraoperative fluoroscopy and ionizing radiation exposure during minimally invasive spine surgery for localization, especially for guidance in instrumentation placement. In addition, computer navigation is not accessible in some facility-limited institutions. This study aimed to demonstrate a method for percutaneous screws placement using only the anterior-posterior (AP) trajectory of intraoperative fluoroscopy. A technical report (a retrospective and prospective case series) was carried out. Patients who received posterior fixation with percutaneous pedicle screws for thoracolumbar degenerative disease or trauma comprised the patient sample. We retrospectively reviewed the charts of consecutive 670 patients who received 4,072 pedicle screws between December 2010 and August 2015. Another case series study was conducted prospectively in three additional hospitals, and 88 consecutive patients with 413 pedicle screws were enrolled from February 2014 to July 2016. The fluoroscopy shot number and radiation dose were recorded. In the prospective study, 78 patients with 371 screws received computed tomography at 3 months postoperatively to evaluate the fusion condition and screw positions. In the retrospective series, the placement of a percutaneous screw required 5.1 shots (2-14, standard deviation [SD]=2.366) of AP fluoroscopy. One screw was revised because of a medialwall breach of the pedicle. In the prospective series, 5.8 shots (2-16, SD=2.669) were required forone percutaneous pedicle screw placement. There were two screws with a Grade 1 breach (8.6%), both at the lateral wall of the pedicle, out of 23 screws placed at the thoracic spine at T9-T12. Forthe lumbar and sacral areas, there were 15 Grade 1 breaches (4.3%), 1 Grade 2 breach (0.3%), and 1 Grade 3 breach (0.3%). No revision surgery was necessary. This method avoids lateral shots of fluoroscopy during screw placement and thus decreases the operation time and exposes surgeons to less radiation. At the same time, compared with the computer-navigated procedure, it is less facility-demanding, and provides satisfactory reliability and accuracy. Copyright © 2017 The Authors. Published by Elsevier Inc. All rights reserved.

Verification of OpenSSL version via hardware performance counters

NASA Astrophysics Data System (ADS)

Bruska, James; Blasingame, Zander; Liu, Chen

2017-05-01

Many forms of malware and security breaches exist today. One type of breach downgrades a cryptographic program by employing a man-in-the-middle attack. In this work, we explore the utilization of hardware events in conjunction with machine learning algorithms to detect which version of OpenSSL is being run during the encryption process. This allows for the immediate detection of any unknown downgrade attacks in real time. Our experimental results indicated this detection method is both feasible and practical. When trained with normal TLS and SSL data, our classifier was able to detect which protocol was being used with 99.995% accuracy. After the scope of the hardware event recording was enlarged, the accuracy diminished greatly, but to 53.244%. Upon removal of TLS 1.1 from the data set, the accuracy returned to 99.905%.

Type-Based Access Control in Data-Centric Systems

NASA Astrophysics Data System (ADS)

Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

NASA Technical Reports Server (NTRS)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Mum's the Word: Feds Are Serious About Protecting Patients' Privacy.

PubMed

Conde, Crystal

2010-08-01

The Health Information Technology for Economic and Clinical Health (HITECH) Act significantly changes HIPAA privacy and security policies that affect physicians. Chief among the changes are the new breach notification regulations, developed by the U.S. Department of Health and Human Services Office for Civil Rights. The Texas Medical Association has developed resources to help physicians comply with the new HIPAA regulations.

Proceedings of the Center for National Software Studies Workshop on Trustworthy Software

DTIC Science & Technology

2004-05-10

just the de - velopment cost) to achieve a sustained level of software trustworthiness. • Reforming the procurement process. We could reform the...failure or breach of security. Some examples include software used in safety systems of nuclear power plants, transportation systems, medical devices...issue in many vital systems, including those found in transportation , telecommunications, utilities, health care, and financial services. Any lack of

Defense Industrial Personnel Security Clearance Review Program

DTIC Science & Technology

1992-01-02

or on closed accounts. 5. Indication of deceit or deception in obtaining credit or bank accounts, misappropriation of funds, income tax evasion ...income tax evasion , expense account fraud, filing deceptive loan statements, and other intentional financial breaches of trust; (3) inability or...information; or any U.S. citizen nominated by the Red Cross or United Service Organizations for assignment with the Military Services overseas. The

Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection.

PubMed

Oğüt, Hulisi; Raghunathan, Srinivasan; Menon, Nirup

2011-03-01

The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management. © 2010 Society for Risk Analysis.

An analysis of United States K-12 stem education versus STEM workforce at the dawn of the digital revolution

NASA Astrophysics Data System (ADS)

Cataldo, Franca

The world is at the dawn of a third industrial revolution, the digital revolution, that brings great changes the world over. Today, computing devices, the Internet, and the World Wide Web are vital technology tools that affect every aspect of everyday life and success. While computing technologies offer enormous benefits, there are equally enormous safety and security risks that have been growing exponentially since they became widely available to the public in 1994. Cybercriminals are increasingly implementing sophisticated and serious hack attacks and breaches upon our nation's government, financial institutions, organizations, communities, and private citizens. There is a great need for computer scientists to carry America's innovation and economic growth forward and for cybersecurity professionals to keep our nation safe from criminal hacking. In this digital age, computer science and cybersecurity are essential foundational ingredients of technological innovation, economic growth, and cybersecurity that span all industries. Yet, America's K-12 education institutions are not teaching the computer science and cybersecurity skills required to produce a technologically-savvy 21st century workforce. Education is the key to preparing students to enter the workforce and, therefore, American K-12 STEM education must be reformed to accommodate the teachings required in the digital age. Keywords: Cybersecurity Education, Cybersecurity Education Initiatives, Computer Science Education, Computer Science Education Initiatives, 21 st Century K-12 STEM Education Reform, 21st Century Digital Literacies, High-Tech Innovative Problem-Solving Skills, 21st Century Digital Workforce, Standardized Testing, Foreign Language and Culture Studies, Utica College, Professor Chris Riddell.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL ismore » tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.« less

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Texas Should Require Homeland Security Standards for High-Speed Rail

DTIC Science & Technology

2015-12-01

conditions. Japanese trains, engineered with earthquakes in mind, all came to a safe stop during the 2011 Fukushima disaster without loss of life or...building—that devastated parts of Japan through immediate effect as well as caused the consequential breach of the Fukushima nuclear reactor.119...119 Ichiro Fujisaki, “Japan’s Recovery Six Months after the Earthquake, Tsunami and Nuclear Crisis,” Brookings Institution, last modified September

A laser profilometry technique for monitoring fluvial dike breaching in laboratory experiments

NASA Astrophysics Data System (ADS)

Dewals, Benjamin; Rifai, Ismail; Erpicum, Sébastien; Archambeau, Pierre; Violeau, Damien; Pirotton, Michel; El kadi Abderrezzak, Kamal

2017-04-01

A challenging aspect for experimental modelling of fluvial dike breaching is the continuous monitoring of the transient breach geometry. In dam breaching cases induced by flow overtopping over the whole breach crest (plane erosion), a side view through a glass wall is sufficient to monitor the breach formation. This approach can be extended for 3D dam breach tests (spatial erosion) if the glass wall is located along the breach centreline. In contrast, using a side view does not apply for monitoring fluvial dike breaching, because the breach is not symmetric in this case. We present a non-intrusive, high resolution technique to record the breach development in experimental models of fluvial dikes by means of a laser profilometry (Rifai et al. 2016). Most methods used for monitoring dam and dike breaching involve the projection of a pattern (fringes, grid) on the dam or dike body and the analysis of its deformation on images recorded during the breaching (e.g., Pickert et al. 2011, Frank and Hager 2014). A major limitation of these methods stems from reflection on the water surface, particularly in the vicinity of the breach where the free surface is irregular and rippled. This issue was addressed by Spinewine et al. (2004), who used a single laser sheet so that reflections on the water surface were strongly limited and did not hamper the accurate processing of each image. We have developed a similar laser profilometry technique tailored for laboratory experiments on fluvial dike breaching. The setup is simple and relatively low cost. It consists of a digital video camera (resolution of 1920 × 1080 pixels at 60 frames per second) and a swiping red diode 30 mW laser that enables the projection of a laser sheet over the dike body. The 2D image coordinates of each deformed laser profile incident on the dike are transformed into 3D object coordinates using the Direct Linear Transformation (DLT) algorithm. All 3D object coordinates computed over a swiping cycle of the laser are merged to generate a cloud of points. The DLT-based image processing method uses control points and reference axes, so that no prior knowledge is needed on the position, orientation and intrinsic characteristics of the camera, nor on the laser position. Refraction of the light and laser rays across the water surface needs to be taken into account, because the dike is partially submerged during the experiments. An ad hoc correction is therefore applied using the Snell-Descartes law. For this purpose, planar approximations are used to describe the shape of the water surface. In the presentation, we will discuss the resulting uncertainty and will detail the validation of the developed method based on configurations of known geometry with various complexity. The presented laser profilometry technique allows for a rapid non-intrusive measurement of the dike geometry evolution. It is readily available for laboratory experiments and has proven its performance (Rifai et al. 2017). Further adjustments are needed for its application to cohesive dike material due to the reduced visibility resulting from the higher turbidity of water. References Frank, P.-J., Hager, W.H. (2014). Spatial dike breach: Accuracy of photogrammetric measurement system. Proc. of the International Conference on Fluvial Hydraulics, River Flow 2014, 1647-1654. Pickert, G., Weitbrecht, V., Bieberstein A. (2011). Beaching of overtopped river embankments controlled by apparent cohesion. Journal of Hydraulic Research 49:143-156. Rifai, I., Erpicum, S., Archambeau, P., Violeau, D., Pirotton, M., El kadi Abderrezzak, K., Dewals, B. (2016). Monitoring topography of laboratory fluvial dike models subjected to breaching based on a laser profilometry technique. Proc. of the International Symposium on River Sedimentation (ISRS): Stuttgart, 19-22 September 2016. Rifai, I., Erpicum, S., Archambeau, P., Violeau, D., Pirotton, M., El kadi Abderrezzak, K., Dewals, B. (2017). Overtopping induced failure of non-cohesive, homogenous fluvial dikes. Water Resources Research, under revision. Spinewine, B., Delobbe, A., Elslander, L., Zech, Y. (2004). Experimental investigation of the breach growth process in sand dikes. Proc. of the International Conference on Fluvial Hydraulics, River Flow 2004, 2:983-991.

Full-field implementation of a perfect eavesdropper on a quantum cryptography system.

PubMed

Gerhardt, Ilja; Liu, Qin; Lamas-Linares, Antía; Skaar, Johannes; Kurtsiefer, Christian; Makarov, Vadim

2011-06-14

Quantum key distribution (QKD) allows two remote parties to grow a shared secret key. Its security is founded on the principles of quantum mechanics, but in reality it significantly relies on the physical implementation. Technological imperfections of QKD systems have been previously explored, but no attack on an established QKD connection has been realized so far. Here we show the first full-field implementation of a complete attack on a running QKD connection. An installed eavesdropper obtains the entire 'secret' key, while none of the parameters monitored by the legitimate parties indicate a security breach. This confirms that non-idealities in physical implementations of QKD can be fully practically exploitable, and must be given increased scrutiny if quantum cryptography is to become highly secure.

Use of behavioral biometrics in intrusion detection and online gaming

NASA Astrophysics Data System (ADS)

Yampolskiy, Roman V.; Govindaraju, Venu

2006-04-01

Behavior based intrusion detection is a frequently used approach for insuring network security. We expend behavior based intrusion detection approach to a new domain of game networks. Specifically, our research shows that a unique behavioral biometric can be generated based on the strategy used by an individual to play a game. We wrote software capable of automatically extracting behavioral profiles for each player in a game of Poker. Once a behavioral signature is generated for a player, it is continuously compared against player's current actions. Any significant deviations in behavior are reported to the game server administrator as potential security breaches. Our algorithm addresses a well-known problem of user verification and can be re-applied to the fields beyond game networks, such as operating systems and non-game networks security.

Encryption and the loss of patient data.

PubMed

Miller, Amalia R; Tucker, Catherine E

2011-01-01

Fast-paced IT advances have made it increasingly possible and useful for firms to collect data on their customers on an unprecedented scale. One downside of this is that firms can experience negative publicity and financial damage if their data are breached. This is particularly the case in the medical sector, where we find empirical evidence that increased digitization of patient data is associated with more data breaches. The encryption of customer data is often presented as a potential solution, because encryption acts as a disincentive for potential malicious hackers, and can minimize the risk of breached data being put to malicious use. However, encryption both requires careful data management policies to be successful and does not ward off the insider threat. Indeed, we find no empirical evidence of a decrease in publicized instances of data loss associated with the use of encryption. Instead, there are actually increases in the cases of publicized data loss due to internal fraud or loss of computer equipment.

An In-House Prototype for the Implementation of Computer-Based Extensive Reading in a Limited-Resource School

ERIC Educational Resources Information Center

Mayora, Carlos A.; Nieves, Idami; Ojeda, Victor

2014-01-01

A variety of computer-based models of Extensive Reading have emerged in the last decade. Different Information and Communication Technologies online usually support these models. However, such innovations are not feasible in contexts where the digital breach limits the access to Internet. The purpose of this paper is to report a project in which…

76 FR 7213 - ACRAnet, Inc.; SettlementOne Credit Corporation, and Sackett National Holdings, Inc.; Fajilan and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-09

... allege that hackers were able to exploit vulnerabilities in the computer networks of multiple end user clients, putting all consumer reports in those networks at risk. In multiple breaches, hackers accessed...

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior.

PubMed

Walker, Daniel M; Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-04

As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. These findings suggest that consumers' beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. ©Daniel M Walker, Tyler Johnson, Eric W Ford, Timothy R Huerta. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 04.01.2017.

Infoseconomics: A Utility Model for Information Security

DTIC Science & Technology

2010-09-01

are stricter controls on the Secret network, and fewer people have access to it, meaning that breaches occur less frequently. Consider some perishable...decide whether to store and transmit the information on the Secret network or on the Confidential network. Traditionally, we would simply look at the...to be stored on the Secret network. But given that the information is perishable, maybe we can accept a temporary increased risk if this is outweighed

Caprock Breach: A Threat to Secure Geologic Sequestration

NASA Astrophysics Data System (ADS)

Selvadurai, A. P.; Dong, W.

2013-12-01

The integrity of caprock in providing a reliable barrier is crucial to several environmental geosciences endeavours related to geologic sequestration of CO2, deep geologic disposal of hazardous wastes and contaminants. The integrity of geologic barriers can be compromised by several factors. The re-activation of dormant fractures and development of new fractures in the caprock during the injection process are regarded as effects that can pose a threat to storage security. Other poromechanical influences of pore structure collapse due to chemically induced erosion of the porous fabric resulting in worm-hole type features can also contribute to compromising storage security. The assessment of the rate of steady or transient seepage through defects in the caprock can allow geoscientists to make prudent evaluations of the effectiveness of a sequestration strategy. While complicated computational simulations can be used to calculate leakage through defects, it is useful to explore alternative analytical results that could be used in providing preliminary estimates of leakage rates through defects in the caprock in a storage setting. The relevance of such developments is underscored by the fact that the permeability characteristics of the storage formation, the fracture and the surficial rocks overlying the caprock can rarely be quantified with certainty. This paper presents the problem of a crack in a caprock that connects to a storage formation and an overburden rock or surficial soil formation. The geologic media are maintained at constant far-field flow potentials and leakage takes place at either steady or transient conditions. The paper develops an analytical result that can be used to estimate the steady seepage through the crack. The analytical result can also be used to estimate the leakage through hydraulically non-intersecting cracks and leakage from caprock-well casing interfaces. The analytical result is used to estimate the accuracy of a computational procedure based on a finite element procedure.

Effects of Wing Leading Edge Penetration with Venting and Exhaust Flow from Wheel Well at Mach 24 in Flight

NASA Technical Reports Server (NTRS)

Gnoffo, Peter A.

2003-01-01

A baseline solution for CFD Point 1 (Mach 24) in the STS-107 accident investigation was modified to include effects of: (1) holes through the leading edge into a vented cavity; and (2) a scarfed, conical nozzle directed toward the centerline of the vehicle from the forward, inboard corner of the landing gear door. The simulations were generated relatively quickly and early in the investigation because simplifications were made to the leading edge cavity geometry and an existing utility to merge scarfed nozzle grid domains with structured baseline external domains was implemented. These simplifications in the breach simulations enabled: (1) a very quick grid generation procedure; and (2) high fidelity corroboration of jet physics with internal surface impingements ensuing from a breach through the leading edge, fully coupled to the external shock layer flow at flight conditions. These simulations provided early evidence that the flow through a two-inch diameter (or larger) breach enters the cavity with significant retention of external flow directionality. A normal jet directed into the cavity was not an appropriate model for these conditions at CFD Point 1 (Mach 24). The breach diameters were of the same order or larger than the local, external boundary-layer thickness. High impingement heating and pressures on the downstream lip of the breach were computed. It is likely that hole shape would evolve as a slot cut in the direction of the external streamlines. In the case of the six-inch diameter breach the boundary layer is fully ingested. The intent of externally directed jet simulations in the second scenario was to approximately model aerodynamic effects of a relatively large internal wing pressure, fueled by combusting aluminum, which deforms the corner of the landing gear door and directs a jet across the windside surface. These jet interactions, in and of themselves, were not sufficiently large to explain observed aerodynamic behavior.

Privacy and Security in Mobile Health (mHealth) Research.

PubMed

Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

2014-01-01

Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

Privacy and Security in Mobile Health (mHealth) Research

PubMed Central

Arora, Shifali; Yttri, Jennifer; Nilsen, Wendy

2014-01-01

Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions—some in real time—while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

Strategic Sealift for Desert Shield not a Blue Print for the Future

DTIC Science & Technology

1991-06-21

the requirements of the Department of Operations. The contents of this paper reflect our own personal views and are not necessarily endorsed by the...answers without breaching operational security most telephone and personal interviews were held on a non- attributable basis. However, we feel that there...MV is LT Jack Lu:uus. MV !st LT Baldomero Lopez and MV PFC Dwayne T. Williams) commanded by Capt. Charles E. Aaker , USN. also got underway on August

Mitigating Risk to DOD Information Networks by Improving Network Security in Third-Party Information Networks

DTIC Science & Technology

2016-06-01

not an investment that can add value to the company and ultimately contribute to cost savings.25 In short, companies only consider the direct costs of...26 Ibid., 140–141. 27 Benjamin Dean, “Sorry Consumers, Companies Have Little Incentive to Invest in Better Cybersecurity,” Quartz, March 05...Have Little Incentive to Invest in Better Cybersecurity,” Quartz, March 05, 2015, http://qz.com/356274/cybersecurity-breaches-hurt-consumers

Establishing and operating an incident response team

DOE Office of Scientific and Technical Information (OSTI.GOV)

Padgett, K.M.

1992-09-01

Occurrences of improprieties dealing with computer usage are on the increase. They range all the way from misuse by employees to international computer telecommunications hacking. In addition, natural disasters and other disasters such as catastrophic fires may also fall into the same category. These incidents, like any other breach of acceptable behavior, may or may not involve actual law breaking. A computer incident response team should be created as a first priority. This report discusses the establishment and operation of a response team.

Establishing and operating an incident response team

DOE Office of Scientific and Technical Information (OSTI.GOV)

Padgett, K.M.

1992-01-01

Occurrences of improprieties dealing with computer usage are on the increase. They range all the way from misuse by employees to international computer telecommunications hacking. In addition, natural disasters and other disasters such as catastrophic fires may also fall into the same category. These incidents, like any other breach of acceptable behavior, may or may not involve actual law breaking. A computer incident response team should be created as a first priority. This report discusses the establishment and operation of a response team.

Software platform virtualization in chemistry research and university teaching

PubMed Central

2009-01-01

Background Modern chemistry laboratories operate with a wide range of software applications under different operating systems, such as Windows, LINUX or Mac OS X. Instead of installing software on different computers it is possible to install those applications on a single computer using Virtual Machine software. Software platform virtualization allows a single guest operating system to execute multiple other operating systems on the same computer. We apply and discuss the use of virtual machines in chemistry research and teaching laboratories. Results Virtual machines are commonly used for cheminformatics software development and testing. Benchmarking multiple chemistry software packages we have confirmed that the computational speed penalty for using virtual machines is low and around 5% to 10%. Software virtualization in a teaching environment allows faster deployment and easy use of commercial and open source software in hands-on computer teaching labs. Conclusion Software virtualization in chemistry, mass spectrometry and cheminformatics is needed for software testing and development of software for different operating systems. In order to obtain maximum performance the virtualization software should be multi-core enabled and allow the use of multiprocessor configurations in the virtual machine environment. Server consolidation, by running multiple tasks and operating systems on a single physical machine, can lead to lower maintenance and hardware costs especially in small research labs. The use of virtual machines can prevent software virus infections and security breaches when used as a sandbox system for internet access and software testing. Complex software setups can be created with virtual machines and are easily deployed later to multiple computers for hands-on teaching classes. We discuss the popularity of bioinformatics compared to cheminformatics as well as the missing cheminformatics education at universities worldwide. PMID:20150997

Software platform virtualization in chemistry research and university teaching.

PubMed

Kind, Tobias; Leamy, Tim; Leary, Julie A; Fiehn, Oliver

2009-11-16

Modern chemistry laboratories operate with a wide range of software applications under different operating systems, such as Windows, LINUX or Mac OS X. Instead of installing software on different computers it is possible to install those applications on a single computer using Virtual Machine software. Software platform virtualization allows a single guest operating system to execute multiple other operating systems on the same computer. We apply and discuss the use of virtual machines in chemistry research and teaching laboratories. Virtual machines are commonly used for cheminformatics software development and testing. Benchmarking multiple chemistry software packages we have confirmed that the computational speed penalty for using virtual machines is low and around 5% to 10%. Software virtualization in a teaching environment allows faster deployment and easy use of commercial and open source software in hands-on computer teaching labs. Software virtualization in chemistry, mass spectrometry and cheminformatics is needed for software testing and development of software for different operating systems. In order to obtain maximum performance the virtualization software should be multi-core enabled and allow the use of multiprocessor configurations in the virtual machine environment. Server consolidation, by running multiple tasks and operating systems on a single physical machine, can lead to lower maintenance and hardware costs especially in small research labs. The use of virtual machines can prevent software virus infections and security breaches when used as a sandbox system for internet access and software testing. Complex software setups can be created with virtual machines and are easily deployed later to multiple computers for hands-on teaching classes. We discuss the popularity of bioinformatics compared to cheminformatics as well as the missing cheminformatics education at universities worldwide.

Experimental investigation of fluvial dike breaching due to flow overtopping

NASA Astrophysics Data System (ADS)

El Kadi Abderrezzak, K.; Rifai, I.; Erpicum, S.; Archambeau, P.; Violeau, D.; Pirotton, M.; Dewals, B.

2017-12-01

The failure of fluvial dikes (levees) often leads to devastating floods that cause loss of life and damages to public infrastructure. Overtopping flows have been recognized as one of the most frequent cause of dike erosion and breaching. Fluvial dike breaching is different from frontal dike (embankments) breaching, because of specific geometry and boundary conditions. The current knowledge on the physical processes underpinning fluvial dike failure due to overtopping remains limited. In addition, there is a lack of a continuous monitoring of the 3D breach formation, limiting the analysis of the key mechanisms governing the breach development and the validation of conceptual or physically-based models. Laboratory tests on breach growth in homogeneous, non-cohesive sandy fluvial dikes due to flow overtopping have been performed. Two experimental setups have been constructed, permitting the investigation of various hydraulic and geometric parameters. Each experimental setup includes a main channel, separated from a floodplain by a dike. A rectangular initial notch is cut in the crest to initiate dike breaching. The breach development is monitored continuously using a specific developed laser profilometry technique. The observations have shown that the breach develops in two stages: first the breach deepens and widens with the breach centerline being gradually shifted toward the downstream side of the main channel. This behavior underlines the influence of the flow momentum component parallel to the dike crest. Second, the dike geometry upstream of the breach stops evolving and the breach widening continues only toward the downstream side of the main channel. The breach evolution has been found strongly affected by the flow conditions (i.e. inflow discharge in the main channel, downstream boundary condition) and floodplain confinement. The findings of this work shed light on key mechanisms of fluvial dike breaching, which differ substantially from those of dam breaching. These specific features need to be incorporated in flood risk analyses involving fluvial dike breach and failure. In addition, a well-documented, reliable data set, with a continuous high resolution monitoring of the 3D breach evolution under various flow conditions, has been gathered, which can be used for validating numerical models.

Numerical Study of Ammonia Leak and Dispersion in the International Space Station

NASA Technical Reports Server (NTRS)

Son, Chang H.

2012-01-01

Release of ammonia into the International Space Station (ISS) cabin atmosphere can occur if the water/ammonia barrier breach of the active thermal control system (ATCS) interface heat exchanger (IFHX) happens. After IFHX breach liquid ammonia is introduced into the water-filled internal thermal control system (ITCS) and then to the cabin environment through a ruptured gas trap. Once the liquid water/ammonia mixture exits ITCS, it instantly vaporizes and mixes with the U.S. Laboratory cabin air that results in rapid deterioration of the cabin conditions. The goal of the study is to assess ammonia propagation in the Station after IFHX breach to plan the operation procedure. A Computational Fluid Dynamics (CFD) model for accurate prediction of airflow and ammonia transport within each of the modules in the ISS cabin was developed. CFD data on ammonia content in the cabin aisle way of the ISS and, in particular, in the Russian On- Orbit Segment during the period of 15 minutes after gas trap rupture are presented for four scenarios of rupture response. Localized effects of ammonia dispersion and risk mitigation are discussed.

Increasing operational command and control security by the implementation of device independent quantum key distribution

NASA Astrophysics Data System (ADS)

Bovino, Fabio Antonio; Messina, Angelo

2016-10-01

In a very simplistic way, the Command and Control functions can be summarized as the need to provide the decision makers with an exhaustive, real-time, situation picture and the capability to convey their decisions down to the operational forces. This two-ways data and information flow is vital to the execution of current operations and goes far beyond the border of military operations stretching to Police and disaster recovery as well. The availability of off-the shelf technology has enabled hostile elements to endanger the security of the communication networks by violating the traditional security protocols and devices and hacking sensitive databases. In this paper an innovative approach based to implementing Device Independent Quantum Key Distribution system is presented. The use of this technology would prevent security breaches due to a stolen crypto device placed in an end-to-end communication chain. The system, operating with attenuated laser, is practical and provides the increasing of the distance between the legitimate users.

Preventing a data breach from becoming a disaster.

PubMed

Goldberg, Ed

2013-01-01

Organisations have traditionally dealt with data breaches by investing in protective measures without a great deal of attention to mitigation of breach consequences and response. Conversely, business continuity (BC) planning has traditionally focused on mitigating disasters, not on preventing them. From a BC planning perspective, organisations need to assume that a data breach is inevitable and plan accordingly. The spate of data breaches in these past few years hit many organisations that were well protected. Those that suffered disastrous consequences as a result of a data breach lacked effective mitigation and response, not protection. The complexity and speed of an effective data breach response require that detailed planning takes place in advance of a breach.

Counter Piracy Off Somalia; A Case for Applying the Comprehensive Approach Strategy

DTIC Science & Technology

2011-01-03

operations conducted by HDMS ABSALON 15 comprise the threat of being captured , trialed and jailed for many years in another country. Finally a pirate...The first wave secured the open deck of the ship and the second wave breached into the bridge and took over control of the ship manoeuvres. In the...at this stage not able to take command of his own ship. The chock and stress he had been through had obviously had an impact on him. But after a

Transportation as an Element of Foreign Policy in Southern Africa or the Ties that Bind

DTIC Science & Technology

1985-06-01

been used by political leaders in Southern Africa to push regional development in a direction that would benefit the particular personal or corporate ...concession to an American financed company which rapidly went bankrupt and sold out to an English owned company, owned by Cecil J. Rhodes. Claiming breach...8217 political cunning and his ability to secure financing , all in an effort to "extract maximum political advantage with minimum financial outlay." [Ref

The Anonymity vs. Utility Dilemma

NASA Astrophysics Data System (ADS)

Bezzi, Michele; Pazzaglia, Jean-Christophe

The number, the type of users and their usage of the internet, computers and phones have evolved considerably, due to the emergence of the web 2.0, the decreasing cost of portable devices, the expansion of wired and wireless internet access and the digitalization of the main entertainment media. Protecting the assets of service and software providers has been the main driver for the development of security solutions in the past ten years. However, the users/customers/citizen rights have been too often neglected since the risk related to the wrong usage of personal related information was not considered by the other stakeholders. Today, the Right to Privacy is appearing on everyone’s radar and factors as regulations, increasing number of news stories on privacy breaches, brand damages, are forcing organizations to address user privacy as a priority. In this paper, we will briefly review the main business drivers behind the raising of privacy concerns, and outline some of the current technology solutions to address privacy requirements. Finally, we will describe some of the future challenges in the area of privacy.

Multi-Layer Approach for the Detection of Selective Forwarding Attacks

PubMed Central

Alajmi, Naser; Elleithy, Khaled

2015-01-01

Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable. PMID:26610499

The cyber security threat stops in the boardroom.

PubMed

Scully, Tim

The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

Multi-Layer Approach for the Detection of Selective Forwarding Attacks.

PubMed

Alajmi, Naser; Elleithy, Khaled

2015-11-19

Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

Fluvial dike breaching due to overtopping: how different is it from dam breaching?

NASA Astrophysics Data System (ADS)

Rifai, Ismail; Erpicum, Sébastien; Archambeau, Pierre; Violeau, Damien; Pirotton, Michel; El kadi Abderrezzak, Kamal; Dewals, Benjamin

2017-04-01

During floods in large rivers, casualties and extent of damage are often aggravated by breach formation across fluvial dikes. The most frequent cause of breaching is flow overtopping. Predicting the breach geometry and associated outflow hydrograph is of critical importance for estimating the inundation characteristics in the floodplain and the resulting flood risk. Because fluvial dikes are built along a main channel that conveys flowing water, fluvial dike breaching differs from dam breaching, in which the embankment is built across the channel downstream of a reservoir. While a vast body of studies exists on dam breaching configuration (e.g., Schmocker et al. 2012, 2014, Müller et al. 2016), little is known on specific aspects of fluvial dike breaching. We performed laboratory experiments that highlight the specific erosion processes governing fluvial dike breaching (Rifai et al. 2017a). The experimental setup includes a 10 m long and 1 m wide main channel, separated from a floodplain by a 0.3 m high dike of trapezoidal cross-section. The dike material was homogeneous and made of uniform sand. A rectangular initial notch was cut in the crest to initiate 3D breaching. The breach development was monitored continuously using a self-developed laser profilometry technique (Rifai et al. 2016). The observations reveal that the breach develops in two stages. First, a combined breach deepening and widening occur, together with a gradual shift of the breach centreline toward the downstream side of the main channel. Later, the breach widening continues only toward the downstream side of the main channel, highlighting a significant influence of flow momentum in the main channel. Moreover, the breach cross-section is tilted toward the downstream end of the main channel, which is a signature of an asymmetric velocity distribution through the breach (Rifai et al. 2017b). When the inflow discharge in the main channel is increased, the breach development becomes much faster (e.g., seven times faster for a 150 % increase in the inflow discharge). When an equilibrium state is reached at the end of the test, the breach centreline orientation is found consistent with the theory of flow over a lateral weir. In the experiments, the boundary condition at the downstream end of the main channel is a lumped representation of river characteristics downstream of the breach section. In real-world conditions, these river characteristics influence the flow partition between the breach and the main channel. Therefore, we tested several downstream boundary conditions (perforated plane, rectilinear weir and sluice gate). For the same inflow discharge and water levels, they lead to significantly different breach geometries. The findings of this research shed light on key mechanisms occurring in fluvial dike breaching, which differ substantially from those in dam breaching. These specific features need to be incorporated in flood risk analyses involving fluvial dike breaching. This research also delivers a unique experimental database of high resolution continuous monitoring of the breach geometry under various flow conditions. The datasets are freely available for engineers and researchers willing to assess the performance of numerical models to simulate dike breaching and resulting flood. References Müller, C., Frank, P.-J., Hager, W.H. (2016). Dyke overtopping: effects of shape and headwater elevation. Journal of Hydraulic Research, 54(4), 410-422. Rifai, I., Erpicum, S., Archambeau, P., Violeau, D., Pirotton, M., El kadi Abderrezzak, K., Dewals, B. (2016). Monitoring topography of laboratory fluvial dike models subjected to breaching based on a laser profilometry technique. Proc. International Symposium on River Sedimentation (ISRS), 19-22 September 2016, Stuttgart. Rifai, I., Erpicum, S., Archambeau, P., Violeau, D., Pirotton, M., El kadi Abderrezzak, K., Dewals, B. (2017a). Overtopping induced failure of non-cohesive, homogenous fluvial dikes. Water Resources Research, under revision. Rifai, I., Erpicum, S., Archambeau, P., Violeau, D., Pirotton, M., El kadi Abderrezzak, K., Dewals, B. (2017b). Discussion of: Laboratory Study on 3D Flow Structures Induced by Zero-Height Side Weir and Implications for 1D Modeling. Journal of Hydraulic Engineering, 07016010. doi: 10.1061/(ASCE)HY.1943-7900.0001256 Schmocker, L., Frank, P.-J., Hager, W.H. (2014). Overtopping dike-breach: Effect of grain size distribution. Journal of Hydraulic Research, 52(4), 559-564. Schmocker, L., Hager, W.H. (2012). Plane dike-breach due to overtopping: Effects of sediment, dike height and discharge. Journal of Hydraulic Research, 50(6), 576-586.

Psychological contract breaches, organizational commitment, and innovation-related behaviors: a latent growth modeling approach.

PubMed

Ng, Thomas W H; Feldman, Daniel C; Lam, Simon S K

2010-07-01

This study examined the relationships among psychological contract breaches, organizational commitment, and innovation-related behaviors (generating, spreading, implementing innovative ideas at work) over a 6-month period. Results indicate that the effects of psychological contract breaches on employees are not static. Specifically, perceptions of psychological contract breaches strengthened over time and were associated with decreased levels of affective commitment over time. Further, increased perceptions of psychological contract breaches were associated with decreases in innovation-related behaviors. We also found evidence that organizational commitment mediates the relationship between psychological contract breaches and innovation-related behaviors. These results highlight the importance of examining the nomological network of psychological contract breaches from a change perspective.

The State of Integrated Air and Missile Defense Held in Laurel, Maryland on July 14, 2011

DTIC Science & Technology

2011-07-14

compromised from servers (-22%) 86% were discovered by a third party (+25%) 96% of breaches were avoidable (+-0) Source 2011 Data Breach Investigations...Foreign Espionage - Terrorists - State Sponsored Attacks UNCLASSIFIED UNCLASSIFIED 11 What commonalities exist? How do breaches occur? Verizon Data ... Breach Study “Breaching organizations still doesn’t typically require highly sophisticated attacks, most victims are a target of opportunity rather

Model Experiment on the Temporary Closure of a Breached Bank

NASA Astrophysics Data System (ADS)

Shimada, T.; Maeda, S.; Nakashima, Y.

2016-12-01

In recent years, the possibility of river bank failures has been rising due to increased occurrences of floods from localized torrential downpours and typhoons. To mitigate bank failure damage, we made an experiment to simulate the flood discharge reduction effect of a temporary closure at an opening in a breached bank. A scale river model was used. A bank was made and then breached. Then, model blocks were placed to close the breach, to observe the flood discharge reduction afforded by the closure. We assumed that the blocks would be placed by a crane or from a helicopter, so we placed the model blocks accordingly. Regardless of the placement method, the flood discharge reduction was about 20% when about 50% of the breach was closed by the placement of blocks starting from the upstream-most portion of the breach. That result was because the water flow hit the tip of the placed closure, scoured the bed near the tip, and lowered the bed at the remaining part of the breach opening, after which the area where water flows out did not decrease at the same rate as the rate of longitudinal closure for the breach. In addition, with each successive length of breach closure, the required number of blocks increased and the closure progress decreased, because of the bed degradation. The results show that it is possible to reduce the flood flow from a bank breach effectively while closing the opening by taking measures to reduce bed scouring near the breach.

A Line in the Sand a Historical Study of Border Security During Insurgencies and Lessons for the Contemporary Afghan-Pakistan Frontier

DTIC Science & Technology

2009-04-03

day, the border force ploughed a ten-metre strip inside the barricade to allow trackers to assess the size of any groups that successfully crossed the...managed to breach the line, but once alerted, the French forces rapidly encircled the insurgents. After a week of fighting, the French killed or...camels in the Western Dhofar. During the next two days, Strikemasters accounted for over two-hundred camels killed .44 From 1974, the SAF enhanced their

Barrier island breach evolution: Alongshore transport and bay-ocean pressure gradient interactions

USGS Publications Warehouse

Safak, Ilgar; Warner, John C.; List, Jeffrey

2016-01-01

Physical processes controlling repeated openings and closures of a barrier island breach between a bay and the open ocean are studied using aerial photographs and atmospheric and hydrodynamic observations. The breach site is located on Pea Island along the Outer Banks, separating Pamlico Sound from the Atlantic Ocean. Wind direction was a major control on the pressure gradients between the bay and the ocean to drive flows that initiate or maintain the breach opening. Alongshore sediment flux was found to be a major contributor to breach closure. During the analysis period from 2011 to 2016, three hurricanes had major impacts on the breach. First, Hurricane Irene opened the breach with wind-driven flow from bay to ocean in August 2011. Hurricane Sandy in October 2012 quadrupled the channel width from pressure gradient flows due to water levels that were first higher on the ocean side and then higher on the bay side. The breach closed sometime in Spring 2013, most likely due to an event associated with strong alongshore sediment flux but minimal ocean-bay pressure gradients. Then, in July 2014, Hurricane Arthur briefly opened the breach again from the bay side, in a similar fashion to Irene. In summary, opening and closure of breaches are shown to follow a dynamic and episodic balance between along-channel pressure gradient driven flows and alongshore sediment fluxes.

Psychological contract breach among allied health professionals.

PubMed

Rodwell, John; Gulyas, Andre

2015-01-01

Allied health professionals are vital for effective healthcare yet there are continuing shortages of these employees. Building on work with other healthcare professionals, the purpose of this paper is to investigate the influence of psychological contract (PC) breach and types of organisational justice on variables important to retention among allied health professionals: mental health and organisational commitment. The potential effects of justice on the negative outcomes of breach were examined. Multiple regressions analysed data from 113 allied health professionals working in a medium-large Australian healthcare organisation. The main negative impacts on respondents' mental health and commitment were from high PC breach, low procedural and distributive justice and less respectful treatment from organisational representatives. The interaction between procedural justice and breach illustrates that breach may be forgivable if processes are fair. Surprisingly, a betrayal or "aggravated breach effect" may occur after a breach when interpersonal justice is high. Further, negative affectivity was negatively related to respondents' mental health (affective outcomes) but not commitment (work-related attitude). Healthcare organisations should ensure the fairness of decisions and avoid breaking promises within their control. If promises cannot reasonably be kept, transparency of processes behind the breach may allow allied health professionals to understand that the organisation did not purposefully fail to fulfil expectations. This study offers insights into how breach and four types of justice interact to influence employee mental health and work attitudes among allied health professionals.

77 FR 76518 - Summary of Commission Practice Relating to Administrative Protective Orders

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-28

.... APO breach inquiries are considered on a case-by-case basis. As part of the effort to educate...-called hard disk computer media is to be avoided, because mere erasure of data from such media may not...; (2) Referral to the United States Attorney; (3) In the case of an attorney, accountant, or other...

Analysis of flood hazard under consideration of dike breaches

NASA Astrophysics Data System (ADS)

Vorogushyn, S.; Apel, H.; Lindenschmidt, K.-E.; Merz, B.

2009-04-01

The study focuses on the development and application of a new modelling system which allows a comprehensive flood hazard assessment along diked river reaches under consideration of dike failures. The proposed Inundation Hazard Assessment Model (IHAM) represents a hybrid probabilistic-deterministic model. It comprises three models interactively coupled at runtime. These are: (1) 1D unsteady hydrodynamic model of river channel and floodplain flow between dikes, (2) probabilistic dike breach model which determines possible dike breach locations, breach widths and breach outflow discharges, and (3) 2D raster-based diffusion wave storage cell model of the hinterland areas behind the dikes. Due to the unsteady nature of the 1D and 2D coupled models, the dependence between hydraulic load at various locations along the reach is explicitly considered. The probabilistic dike breach model describes dike failures due to three failure mechanisms: overtopping, piping and slope instability caused by the seepage flow through the dike core (micro-instability). Dike failures for each mechanism are simulated based on fragility functions. The probability of breach is conditioned by the uncertainty in geometrical and geotechnical dike parameters. The 2D storage cell model driven by the breach outflow boundary conditions computes an extended spectrum of flood intensity indicators such as water depth, flow velocity, impulse, inundation duration and rate of water rise. IHAM is embedded in a Monte Carlo simulation in order to account for the natural variability of the flood generation processes reflected in the form of input hydrographs and for the randomness of dike failures given by breach locations, times and widths. The scenario calculations for the developed synthetic input hydrographs for the main river and tributary were carried out for floods with return periods of T = 100; 200; 500; 1000 a. Based on the modelling results, probabilistic dike hazard maps could be generated that indicate the failure probability of each discretised dike section for every scenario magnitude. Besides the binary inundation patterns that indicate the probability of raster cells being inundated, IHAM generates probabilistic flood hazard maps. These maps display spatial patterns of the considered flood intensity indicators and their associated return periods. The probabilistic nature of IHAM allows for the generation of percentile flood hazard maps that indicate the median and uncertainty bounds of the flood intensity indicators. The uncertainty results from the natural variability of the flow hydrographs and randomness of dike breach processes. The same uncertainty sources determine the uncertainty in the flow hydrographs along the study reach. The simulations showed that the dike breach stochasticity has an increasing impact on hydrograph uncertainty in downstream direction. Whereas in the upstream part of the reach the hydrograph uncertainty is mainly stipulated by the variability of the flood wave form, the dike failures strongly shape the uncertainty boundaries in the downstream part of the reach. Finally, scenarios of polder deployment for the extreme floods with T = 200; 500; 1000 a were simulated with IHAM. The results indicate a rather weak reduction of the mean and median flow hydrographs in the river channel. However, the capping of the flow peaks resulted in a considerable reduction of the overtopping failures downstream of the polder with a simultaneous slight increase of the piping and slope micro-instability frequencies explained by a more durable average impoundment. The developed IHAM simulation system represents a new scientific tool for studying fluvial inundation dynamics under extreme conditions incorporating effects of technical flood protection measures. With its major outputs in form of novel probabilistic inundation and dike hazard maps, the IHAM system has a high practical value for decision support in flood management.

25 CFR 163.42 - Obligated service and breach of contract.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 25 Indians 1 2010-04-01 2010-04-01 false Obligated service and breach of contract. 163.42 Section... breach of contract. (a) Obligated service. (1) Individuals completing forestry education programs with an... request for waiver. (b) Breach of contract. Any individual who has participated in and accepted financial...

41 CFR 50-201.201 - Breach of stipulations.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 41 Public Contracts and Property Management 1 2010-07-01 2010-07-01 true Breach of stipulations... Public Contracts PUBLIC CONTRACTS, DEPARTMENT OF LABOR 201-GENERAL REGULATIONS § 50-201.201 Breach of... determination of a breach of stipulations is made, the Secretary of Labor will furnish to the contracting agency...

13 CFR 115.69 - Imminent Breach.

Code of Federal Regulations, 2010 CFR

2010-01-01

... an Imminent Breach of the terms of a Contract covered by an SBA guaranteed bond. The PSB Surety does... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Imminent Breach. 115.69 Section... Surety Bond (PSB) Guarantees § 115.69 Imminent Breach. (a) No prior approval requirement. SBA will...

77 FR 14418 - Grand Ditch Breach Restoration Draft Environmental Impact Statement, Rocky Mountain National Park...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-09

... Breach Restoration Draft Environmental Impact Statement, Rocky Mountain National Park, CO AGENCY... Environmental Impact Statement for the Grand Ditch Breach Restoration, Rocky Mountain National Park. SUMMARY... announces the availability of a Draft Environmental Impact Statement for the Grand Ditch Breach Restoration...

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes

PubMed Central

2018-01-01

Background The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs’ success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. Objective The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Methods Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Results Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Conclusions Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients’ frequency of accessing health records, patients’ positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. PMID:29643052

Analysis of Effects of Sensor Multithreading to Generate Local System Event Timelines

DTIC Science & Technology

2014-03-27

works on logs highlights the importance of logs [17, 18]. The two aforementioned works both reference the same 2009 Data Breach Investigations Report...the data breaches report on, the logs contained evidence of events leading up to 82% of those data breaches . This means that preventing 82% of the data ...report states that of the data breaches reported on, the logs contained evidence of events leading up to 66% of those data breaches . • The 2010 DBIR

Conscientiousness and reactions to psychological contract breach: a longitudinal field study.

PubMed

Orvis, Karin A; Dudley, Nicole M; Cortina, Jose M

2008-09-01

The authors examined the role of employee conscientiousness as a moderator of the relationships between psychological contract breach and employee behavioral and attitudinal reactions to the breach. They collected data from 106 newly hired employees within the 1st month of employment (Time 1), 3 months later (Time 2), and 8 months after Time 1 (Time 3) to observe the progression through contract development, breach, and reaction. Results suggest that conscientiousness is a significant moderator for 4 of the 5 contract breach-employee reaction relationships examined (turnover intentions, organizational loyalty, job satisfaction, and 1 of 2 facets of job performance). Specifically, employees who were lower in conscientiousness had more negative reactions to perceived breach with respect to turnover intentions, organizational loyalty, and job satisfaction. In contrast, employees who were higher in conscientiousness reduced their job performance to a greater degree in response to contract breach. Future research directions are discussed.

Reactions to psychological contract breaches and organizational citizenship behaviours: An experimental manipulation of severity.

PubMed

Atkinson, Theresa P; Matthews, Russell A; Henderson, Alexandra A; Spitzmueller, Christiane

2018-01-30

Grounded in affective events theory, we investigated the effects of experimentally manipulated psychological contract breaches on participants' feelings of violation, subsequent perceptions of psychological contract strength, and organizational citizenship behaviours in a sample of working adults. Results support previous findings that pre-existing relational psychological contract strength interacts with severity of unmet promises or expectations. Specifically, individuals with high relational contracts who experience low severity of unmet promises/expectations have the lowest breach perceptions, whereas individuals with high relational contracts who experience more severe levels unmet promises/expectations experience the highest level of breach perceptions. Results also support the concept of a breach spiral in that prior perceptions of breach led to an increased likelihood of subsequent perceptions of breach following the experimental manipulation. Furthermore, consistent with affective events theory, results support the argument that a psychological contract breach's effect on specific organizational citizenship behaviours is mediated by feelings of violation and the reassessment of relational contracts. These effects were present even after controlling for the direct effects of the manipulated severity of unmet promises/expectations. Copyright © 2018 John Wiley & Sons, Ltd.

Food safety security: a new concept for enhancing food safety measures.

PubMed

Iyengar, Venkatesh; Elmadfa, Ibrahim

2012-06-01

The food safety security (FSS) concept is perceived as an early warning system for minimizing food safety (FS) breaches, and it functions in conjunction with existing FS measures. Essentially, the function of FS and FSS measures can be visualized in two parts: (i) the FS preventive measures as actions taken at the stem level, and (ii) the FSS interventions as actions taken at the root level, to enhance the impact of the implemented safety steps. In practice, along with FS, FSS also draws its support from (i) legislative directives and regulatory measures for enforcing verifiable, timely, and effective compliance; (ii) measurement systems in place for sustained quality assurance; and (iii) shared responsibility to ensure cohesion among all the stakeholders namely, policy makers, regulators, food producers, processors and distributors, and consumers. However, the functional framework of FSS differs from that of FS by way of: (i) retooling the vulnerable segments of the preventive features of existing FS measures; (ii) fine-tuning response systems to efficiently preempt the FS breaches; (iii) building a long-term nutrient and toxicant surveillance network based on validated measurement systems functioning in real time; (iv) focusing on crisp, clear, and correct communication that resonates among all the stakeholders; and (v) developing inter-disciplinary human resources to meet ever-increasing FS challenges. Important determinants of FSS include: (i) strengthening international dialogue for refining regulatory reforms and addressing emerging risks; (ii) developing innovative and strategic action points for intervention {in addition to Hazard Analysis and Critical Control Points (HACCP) procedures]; and (iii) introducing additional science-based tools such as metrology-based measurement systems.

Outcomes associated with breach and fulfillment of the psychological contract of safety.

PubMed

Walker, Arlene

2013-12-01

The study investigated the outcomes associated with breach and fulfillment of the psychological contract of safety. The psychological contract of safety is defined as the beliefs of individuals about reciprocal employer and employee safety obligations inferred from implicit or explicit promises. When employees perceive that safety obligations promised by the employer have not been met, a breach of the psychological contract occurs, termed employer breach of obligations. The extent to which employees fulfill their safety obligations to the employer is termed employee fulfillment of obligations. Structural equation modeling was used to test a model of safety that investigated the positive and negative outcomes associated with breach and fulfillment of the psychological contract of safety. Participants were 424 health care workers recruited from two hospitals in the State of Victoria, Australia. Following slight modification of the hypothesized model, a good fitting model resulted. Being injured in the workplace was found to lower perceptions of trust in the employer and increase perceptions of employer breach of safety obligations. Trust in the employer significantly influenced perceived employer breach of safety obligations such that lowered trust resulted in higher perceptions of breach. Perceptions of employer breach significantly impacted employee fulfillment of safety obligations with high perceptions of breach resulting in low employee fulfillment of obligations. Trust and perceptions of breach significantly influenced safety attitudes, but not safety behavior. Fulfillment of employee safety obligations significantly impacted safety behavior, but not safety attitudes. Implications of these findings for safety and psychological contract research are explored. A positive emphasis on social exchange relationships in organizations will have positive outcomes for safety climate and safety behavior. © 2013.

The 1960 tsunami on beach-ridge plains near Maullín, Chile: Landward descent, renewed breaches, aggraded fans, multiple predecessors

USGS Publications Warehouse

Atwater, Brian F.; Cisternas, Marco; Yulianto, E.; Prendergast, A.; Jankaew, K.; Eipert, A.; Fernando, Warnakulasuriya; Tejakusuma, Iwan; Schiappacasse, Ignacio; Sawai, Yuki

2013-01-01

The Chilean tsunami of 22 May 1960 reamed out a breach and built up a fan as it flowed across a sparsely inhabited beach-ridge plain near Maullín, midway along the length of the tsunami source. Eyewitnesses to the flooding, interviewed mainly in 1988 and 1989, identified levels that the tsunami had reached on high ground, trees, and build- ings. The maximum levels fell, from about 10 m to 2 m, between the mouth of the tidal Río Maullín and an inundation limit nearly 5 km inland across the plain. Along this profile at Caulle, where the maximum flow depth was a few meters deep, airphotos taken in 1961 show breaches across a road on a sandy beach ridge. Inland from one of these breaches is a fan with branched distributaries. Today its breach holds a pond that has been changing into a marsh. The 1960 fan deposits, as much as 60 cm thick, are traceable inland for 120 m from the breach. They rest on a pasture soil above two additional sand bodies, each atop its own buried soil. The earlier of the pre-1960 sand bodies probably dates to AD 1270-1400, in which case its age is not statistically different from that of a sand sheet previously dated elsewhere near Maullín. The breach likely originated then and has been freshened twice. Evidence that the breach was freshened in 1960 includes a near-basal interval of cobble-size clasts of sediment and soil, most of them probably derived from the organic fill of pre-1960 breach. The cobbly interval is overlain by sand with ripple-drift laminae that record landward flow. The fan of another breach near Maullín, at Chanhué, also provides stratigraphic evidence for recurrent tsunamis, though not necessarily for the repeated use of the breach. These findings were anticipated a half century ago by descrip- tion of paired breaches and fans that the 1960 Chilean tsunami produced in Japan. Breaches and their fans may provide lasting evidence for tsunami inundation of beach-ridge plains. The breaches might be detectable by remote sensing, and the thickness of the fan deposits might help them outlast an ordinary tsunami sand sheet. Keywords: Tsunami, Erosion, Deposition, Hazard, Chile.

A physically-based method for predicting peak discharge of floods caused by failure of natural and constructed earthen dams

USGS Publications Warehouse

Walder, J.S.; O'Connor, J. E.; Costa, J.E.; ,

1997-01-01

We analyse a simple, physically-based model of breach formation in natural and constructed earthen dams to elucidate the principal factors controlling the flood hydrograph at the breach. Formation of the breach, which is assumed trapezoidal in cross-section, is parameterized by the mean rate of downcutting, k, the value of which is constrained by observations. A dimensionless formulation of the model leads to the prediction that the breach hydrograph depends upon lake shape, the ratio r of breach width to depth, the side slope ?? of the breach, and the parameter ?? = (V.D3)(k/???gD), where V = lake volume, D = lake depth, and g is the acceleration due to gravity. Calculations show that peak discharge Qp depends weakly on lake shape r and ??, but strongly on ??, which is the product of a dimensionless lake volume and a dimensionless erosion rate. Qp(??) takes asymptotically distinct forms depending on whether < ??? 1 or < ??? 1. Theoretical predictions agree well with data from dam failures for which k could be reasonably estimated. The analysis provides a rapid and in many cases graphical way to estimate plausible values of Qp at the breach.We analyze a simple, physically-based model of breach formation in natural and constructed earthen dams to elucidate the principal factors controlling the flood hydrograph at the breach. Formation of the breach, which is assumed trapezoidal in cross-section, is parameterized by the mean rate of downcutting, k, the value of which is constrained by observations. A dimensionless formulation of the model leads to the prediction that the breach hydrograph depends upon lake shape, the ratio r of breach width to depth, the side slope ?? of the breach, and the parameter ?? = (V/D3)(k/???gD), where V = lake volume, D = lake depth, and g is the acceleration due to gravity. Calculations show that peak discharge Qp depends weakly on lake shape r and ??, but strongly on ??, which is the product of a dimensionless lake volume and a dimensionless erosion rate. Qp(??) takes asymptotically distinct forms depending on whether ?????1 or ?????1. Theoretical predictions agree well with data from dam failures for which k could be reasonably estimated. The analysis provides a rapid and in many cases graphical way to estimate plausible values of Qp at the breach.

41 CFR 50-203.1 - Reports of breach or violation.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 41 Public Contracts and Property Management 1 2010-07-01 2010-07-01 true Reports of breach or... of the Walsh-Healey Public Contracts Act § 50-203.1 Reports of breach or violation. (a) Any employer... violation, or apparent breach or violation of the Walsh-Healey Public Contracts Act of June 30, 1936 (49...

48 CFR 52.233-4 - Applicable Law for Breach of Contract Claim.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Provisions and Clauses 52.233-4 Applicable Law for Breach of Contract Claim. As prescribed in 33.215(b), insert the following clause: Applicable Law for Breach of Contract Claim (OCT 2004) United States law... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Applicable Law for Breach...

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Fulfill Promises and Avoid Breaches to Retain Satisfied, Committed Nurses.

PubMed

Rodwell, John; Ellershaw, Julia

2016-07-01

This study examines two commonly proposed mechanisms, violation and trust, to see if they mediate the relationships between the components of the psychological contract (i.e., promises, fulfillment, and breach) and their impact on the work-related outcomes of job satisfaction, intent to quit, and organizational commitment. Online surveys were completed by 459 Australian nurses. Structural equation modeling revealed that breach and fulfillment have direct and mediated effects on the outcomes, whereas promises had no impact. Violation partially mediated the relationship between breach and job satisfaction and intent to quit, while trust partially mediated the relationships between fulfillment and organizational commitment, and breach and organizational commitment. Negative experiences (i.e., breaches) were related to both increased feelings of violation and decreased feelings of trust. In contrast, positive experiences (i.e., fulfillment) increased trust but did not significantly reduce feelings of violation. Nurse and organizational managers can use these findings to improve communication with nurses so as to minimize the negative effects of breach and maximize the positive effects of fulfillment and thus improve attitudes. Nurse managers need to be careful to make promises regarding their nurses' employment that they can fulfill and to particularly avoid breaking the psychological contract. The potentially disproportionate negative effect of breach means that a breach can undo a lot of efforts to fulfill employment-related promises. © 2016 Sigma Theta Tau International.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

Cyber Insurance - Managing Cyber Risk

DTIC Science & Technology

2015-04-01

license under the clause at DFARS 252.227-7013 (a)(16) [Jun 2013]. Cyber Insurance – Managing Cyber Risk Data breaches involving...significant personal information losses and financial impact are becoming increasingly common. Whether the data breach has financial implications for...hundreds of millions of dollars depending on the type and size of the breach. Most states have some type of data breach law requiring notification

Uncertainties and constraints on breaching and their implications for flood loss estimation.

PubMed

Muir Wood, Robert; Bateman, William

2005-06-15

Around the coasts of the southern North Sea, flood risk is mediated everywhere by the performance of natural and man-made flood defences. Under the conditions of extreme surge with tide water levels, the performance of the defences determines the extent of inland flooding. Sensitivity tests reveal the enormous increase in the volume of water that can pass through a defence once breaching is initiated, with a 1m reduction in sill elevation doubling the loss. Empirical observations of defence performance in major storm surges around the North Sea reveal some of the principal controls on breaching. For the same defence type, the maximum size and depth of a breach is a function of the integral of the hydraulic gradient across the defence, which is in turn determined by the elevation of the floodplain and the degree to which water can continue to flow inland away from the breach. The most extensive and lowest floodplains thereby "generate" the largest breaches. For surges that approach the crest height, the weaker the protection of the defence, the greater the number of breaches. Defence reinforcement reduces both the number and size of the breaches.

Antecedents of Psychological Contract Breach: The Role of Job Demands, Job Resources, and Affect

PubMed Central

Vantilborgh, Tim; Bidee, Jemima; Pepermans, Roland; Griep, Yannick; Hofmans, Joeri

2016-01-01

While it has been shown that psychological contract breach leads to detrimental outcomes, relatively little is known about factors leading to perceptions of breach. We examine if job demands and resources predict breach perceptions. We argue that perceiving high demands elicits negative affect, while perceiving high resources stimulates positive affect. Positive and negative affect, in turn, influence the likelihood that psychological contract breaches are perceived. We conducted two experience sampling studies to test our hypotheses: the first using daily surveys in a sample of volunteers, the second using weekly surveys in samples of volunteers and paid employees. Our results confirm that job demands and resources are associated with negative and positive affect respectively. Mediation analyses revealed that people who experienced high job resources were less likely to report psychological contract breach, because they experienced high levels of positive affect. The mediating role of negative affect was more complex, as it increased the likelihood to perceive psychological contract breach, but only in the short-term. PMID:27171275

Antecedents of Psychological Contract Breach: The Role of Job Demands, Job Resources, and Affect.

PubMed

Vantilborgh, Tim; Bidee, Jemima; Pepermans, Roland; Griep, Yannick; Hofmans, Joeri

2016-01-01

While it has been shown that psychological contract breach leads to detrimental outcomes, relatively little is known about factors leading to perceptions of breach. We examine if job demands and resources predict breach perceptions. We argue that perceiving high demands elicits negative affect, while perceiving high resources stimulates positive affect. Positive and negative affect, in turn, influence the likelihood that psychological contract breaches are perceived. We conducted two experience sampling studies to test our hypotheses: the first using daily surveys in a sample of volunteers, the second using weekly surveys in samples of volunteers and paid employees. Our results confirm that job demands and resources are associated with negative and positive affect respectively. Mediation analyses revealed that people who experienced high job resources were less likely to report psychological contract breach, because they experienced high levels of positive affect. The mediating role of negative affect was more complex, as it increased the likelihood to perceive psychological contract breach, but only in the short-term.

Privacy Breach Analysis in Social Networks

NASA Astrophysics Data System (ADS)

Nagle, Frank

This chapter addresses various aspects of analyzing privacy breaches in social networks. We first review literature that defines three types of privacy breaches in social networks: interactive, active, and passive. We then survey the various network anonymization schemes that have been constructed to address these privacy breaches. After exploring these breaches and anonymization schemes, we evaluate a measure for determining the level of anonymity inherent in a network graph based on its topological structure. Finally, we close by emphasizing the difficulty of anonymizing social network data while maintaining usability for research purposes and offering areas for future work.

Breaching the Devil’s Garden- The 6th New Zealand Brigade in Operation Lightfoot. The Second Battle of El Alamein, 23 October 1942. Appendices

DTIC Science & Technology

2006-02-01

operate, and on this model all officers will be instructed in the stage- management of the battle. Finally all NCOs and men will be shown on the model the...overall management of the construction of the obstacle areas. 7.) It will be constructed: Obstacle Area Al My XXI Italian Corps and the 1641 Infantry...importance. 6.) With all new mining, immediately reduce 20% of all antitank mine are to be secured for resumption. The most careful management of the

The use of information and communication technology (ICT) in dentistry.

PubMed

Knott, N J

2013-02-01

As the use of information and communication technology (ICT) becomes more widespread in dentistry the risk of breaching electronic commerce laws and patient confidentiality increases. It is necessary to be aware of the responsibilities internet usage entails, especially within a dental practice where the protection of patient information is of the utmost importance. More should be done to outline the various precautions that should be taken to ensure ICT security within the professional domain, as it would appear dentistry has been neglected with regard to receiving the proper ICT education, training and support systems.

Scenario and multiple criteria decision analysis for energy and environmental security of military and industrial installations.

PubMed

Karvetski, Christopher W; Lambert, James H; Linkov, Igor

2011-04-01

Military and industrial facilities need secure and reliable power generation. Grid outages can result in cascading infrastructure failures as well as security breaches and should be avoided. Adding redundancy and increasing reliability can require additional environmental, financial, logistical, and other considerations and resources. Uncertain scenarios consisting of emergent environmental conditions, regulatory changes, growth of regional energy demands, and other concerns result in further complications. Decisions on selecting energy alternatives are made on an ad hoc basis. The present work integrates scenario analysis and multiple criteria decision analysis (MCDA) to identify combinations of impactful emergent conditions and to perform a preliminary benefits analysis of energy and environmental security investments for industrial and military installations. Application of a traditional MCDA approach would require significant stakeholder elicitations under multiple uncertain scenarios. The approach proposed in this study develops and iteratively adjusts a scoring function for investment alternatives to find the scenarios with the most significant impacts on installation security. A robust prioritization of investment alternatives can be achieved by integrating stakeholder preferences and focusing modeling and decision-analytical tools on a few key emergent conditions and scenarios. The approach is described and demonstrated for a campus of several dozen interconnected industrial buildings within a major installation. Copyright © 2010 SETAC.

Emerging Trends

DTIC Science & Technology

2013-08-08

theft in the CERT Insider Threat Database were associated with foreign social network connections. 1 Verizon. “The 2013 Data Breach Investigations...passwords, opening infected attachments or web sites, etc. 1 Verizon. “The 2013 Data Breach Investigations Report.” http...were experienced by 38% of respondents1 •  The 2013 Verizon Data Breach Report2 reveals •  29% of breaches studied leveraged social tactics •  A

Intermittent ephemeral river-breaching

NASA Astrophysics Data System (ADS)

Reniers, A. J.; MacMahan, J. H.; Gallagher, E. L.; Shanks, A.; Morgan, S.; Jarvis, M.; Thornton, E. B.; Brown, J.; Fujimura, A.

2012-12-01

In the summer of 2011 we performed a field experiment in Carmel River State Beach, CA, at a time when the intermittent natural breaching of the ephemeral Carmel River occurred due to an unusually rainy period prior to the experiment associated with El Nino. At this time the river would fill the lagoon over the period of a number of days after which a breach would occur. This allowed us to document a number of breaches with unique pre- and post-breach topographic surveys, accompanying ocean and lagoon water elevations as well as extremely high flow (4m/s) velocities in the river mouth during the breaching event. The topographic surveys were obtained with a GPS-equipped backpack mounted on a walking human and show the evolution of the river breaching with a gradually widening and deepening river channel that cuts through the pre-existing beach and berm. The beach face is qualified as a steep with an average beach slope of 1:10 with significant reflection of the incident waves (MacMahan et al., 2012). The wave directions are generally shore normal as the waves refract over the deep canyon that is located offshore of the beach. The tide is mixed semi-diurnal with a range on the order of one meter. Breaching typically occurred during the low-low tide. Grain size is highly variable along the beach with layers of alternating fine and coarse material that could clearly be observed as the river exit channel was cutting through the beach. Large rocky outcroppings buried under the beach sand are also present along certain stretches of the beach controlling the depth of the breaching channel. The changes in the water level measured within the lagoon and the ocean side allows for an estimate of the volume flux associated with the breach as function of morphology, tidal elevation and wave conditions as well as an assessment of the conditions and mechanisms of breach closure, which occurred on the time scale of O(0.5 days). Exploratory model simulations will be presented at the conference examining the processes responsible for the development of the river breaching from the initial stages to a wide-open river flow and subsequent closure.

Composite Bloom Filters for Secure Record Linkage.

PubMed

Durham, Elizabeth Ashley; Kantarcioglu, Murat; Xue, Yuan; Toth, Csaba; Kuzu, Mehmet; Malin, Bradley

2014-12-01

The process of record linkage seeks to integrate instances that correspond to the same entity. Record linkage has traditionally been performed through the comparison of identifying field values ( e.g., Surname ), however, when databases are maintained by disparate organizations, the disclosure of such information can breach the privacy of the corresponding individuals. Various private record linkage (PRL) methods have been developed to obscure such identifiers, but they vary widely in their ability to balance competing goals of accuracy, efficiency and security. The tokenization and hashing of field values into Bloom filters (BF) enables greater linkage accuracy and efficiency than other PRL methods, but the encodings may be compromised through frequency-based cryptanalysis. Our objective is to adapt a BF encoding technique to mitigate such attacks with minimal sacrifices in accuracy and efficiency. To accomplish these goals, we introduce a statistically-informed method to generate BF encodings that integrate bits from multiple fields, the frequencies of which are provably associated with a minimum number of fields. Our method enables a user-specified tradeoff between security and accuracy. We compare our encoding method with other techniques using a public dataset of voter registration records and demonstrate that the increases in security come with only minor losses to accuracy.

Composite Bloom Filters for Secure Record Linkage

PubMed Central

Durham, Elizabeth Ashley; Kantarcioglu, Murat; Xue, Yuan; Toth, Csaba; Kuzu, Mehmet; Malin, Bradley

2014-01-01

The process of record linkage seeks to integrate instances that correspond to the same entity. Record linkage has traditionally been performed through the comparison of identifying field values (e.g., Surname), however, when databases are maintained by disparate organizations, the disclosure of such information can breach the privacy of the corresponding individuals. Various private record linkage (PRL) methods have been developed to obscure such identifiers, but they vary widely in their ability to balance competing goals of accuracy, efficiency and security. The tokenization and hashing of field values into Bloom filters (BF) enables greater linkage accuracy and efficiency than other PRL methods, but the encodings may be compromised through frequency-based cryptanalysis. Our objective is to adapt a BF encoding technique to mitigate such attacks with minimal sacrifices in accuracy and efficiency. To accomplish these goals, we introduce a statistically-informed method to generate BF encodings that integrate bits from multiple fields, the frequencies of which are provably associated with a minimum number of fields. Our method enables a user-specified tradeoff between security and accuracy. We compare our encoding method with other techniques using a public dataset of voter registration records and demonstrate that the increases in security come with only minor losses to accuracy. PMID:25530689

Avulsion threshold in a large Himalayan river: the case of the Kosi, India and Nepal

NASA Astrophysics Data System (ADS)

Sinha, R.; Kommula, S.

2010-12-01

Avulsion, the relatively rapid shift of a river to a new course on a lower part of a floodplain, is considered as a major fluvial hazard in large population centers such as the north Bihar plains, eastern India and the adjoining areas of Nepal. This region witnessed one of the most recent avulsions of the Kosi River on 18 August, 2008 when the river shifted by ~120 km eastward. This was perhaps one of the greatest avulsions in a large river in recent years triggered by the breach of the eastern afflux bund at Kusaha in Nepal at a location 12 km upstream of the Kosi barrage and affecting more than 3 million people in Nepal and north Bihar. The trigger for an avulsion largely depends upon the regional channel-floodplain slope relationships and the lowest elevation available in the region. Most of the available assessments of avulsion threshold have therefore been based on the examination of channel slopes- longitudinal and cross-sectional. However, planform dynamics in a sediment-charged river such as the Kosi also plays an important role in pushing the river towards threshold for avulsion. The present study has made use of SRTM DEM, temporal satellite images and maps to compute the avulsion threshold for a ~50 km long reach of the Kosi river after incorporating planform dynamics in a GIS environment. Flow accumulation paths generated from the SRTM data match closely with the zones of high avulsion threshold. Not just that the Kusaha plots in a high avulsion threshold zone, we also identify several critical points where breach (avulsion) can occur in near future. This study assumes global significance keeping in view the most recent flooding in the Indus River in Pakistan. Like the Kusaha breach in Kosi in August 2008, the Indus flood trauma started with the breach of the eastern marginal embankment in the upstream of Taunsa barrage and was apparently triggered by rise of bed level due to excessive sediment load. The mega avulsion of the Kosi on 18th August 2008 which occurred due to a breach in the eastern embankment at Kusaha, Nepal

Use of mobile devices for medical imaging.

PubMed

Hirschorn, David S; Choudhri, Asim F; Shih, George; Kim, Woojin

2014-12-01

Mobile devices have fundamentally changed personal computing, with many people forgoing the desktop and even laptop computer altogether in favor of a smaller, lighter, and cheaper device with a touch screen. Doctors and patients are beginning to expect medical images to be available on these devices for consultative viewing, if not actual diagnosis. However, this raises serious concerns with regard to the ability of existing mobile devices and networks to quickly and securely move these images. Medical images often come in large sets, which can bog down a network if not conveyed in an intelligent manner, and downloaded data on a mobile device are highly vulnerable to a breach of patient confidentiality should that device become lost or stolen. Some degree of regulation is needed to ensure that the software used to view these images allows all relevant medical information to be visible and manipulated in a clinically acceptable manner. There also needs to be a quality control mechanism to ensure that a device's display accurately conveys the image content without loss of contrast detail. Furthermore, not all mobile displays are appropriate for all types of images. The smaller displays of smart phones, for example, are not well suited for viewing entire chest radiographs, no matter how small and numerous the pixels of the display may be. All of these factors should be taken into account when deciding where, when, and how to use mobile devices for the display of medical images. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Private and Efficient Query Processing on Outsourced Genomic Databases.

PubMed

Ghasemi, Reza; Al Aziz, Md Momin; Mohammed, Noman; Dehkordi, Massoud Hadian; Jiang, Xiaoqian

2017-09-01

Applications of genomic studies are spreading rapidly in many domains of science and technology such as healthcare, biomedical research, direct-to-consumer services, and legal and forensic. However, there are a number of obstacles that make it hard to access and process a big genomic database for these applications. First, sequencing genomic sequence is a time consuming and expensive process. Second, it requires large-scale computation and storage systems to process genomic sequences. Third, genomic databases are often owned by different organizations, and thus, not available for public usage. Cloud computing paradigm can be leveraged to facilitate the creation and sharing of big genomic databases for these applications. Genomic data owners can outsource their databases in a centralized cloud server to ease the access of their databases. However, data owners are reluctant to adopt this model, as it requires outsourcing the data to an untrusted cloud service provider that may cause data breaches. In this paper, we propose a privacy-preserving model for outsourcing genomic data to a cloud. The proposed model enables query processing while providing privacy protection of genomic databases. Privacy of the individuals is guaranteed by permuting and adding fake genomic records in the database. These techniques allow cloud to evaluate count and top-k queries securely and efficiently. Experimental results demonstrate that a count and a top-k query over 40 Single Nucleotide Polymorphisms (SNPs) in a database of 20 000 records takes around 100 and 150 s, respectively.

Private and Efficient Query Processing on Outsourced Genomic Databases

PubMed Central

Ghasemi, Reza; Al Aziz, Momin; Mohammed, Noman; Dehkordi, Massoud Hadian; Jiang, Xiaoqian

2017-01-01

Applications of genomic studies are spreading rapidly in many domains of science and technology such as healthcare, biomedical research, direct-to-consumer services, and legal and forensic. However, there are a number of obstacles that make it hard to access and process a big genomic database for these applications. First, sequencing genomic sequence is a time-consuming and expensive process. Second, it requires large-scale computation and storage systems to processes genomic sequences. Third, genomic databases are often owned by different organizations and thus not available for public usage. Cloud computing paradigm can be leveraged to facilitate the creation and sharing of big genomic databases for these applications. Genomic data owners can outsource their databases in a centralized cloud server to ease the access of their databases. However, data owners are reluctant to adopt this model, as it requires outsourcing the data to an untrusted cloud service provider that may cause data breaches. In this paper, we propose a privacy-preserving model for outsourcing genomic data to a cloud. The proposed model enables query processing while providing privacy protection of genomic databases. Privacy of the individuals is guaranteed by permuting and adding fake genomic records in the database. These techniques allow cloud to evaluate count and top-k queries securely and efficiently. Experimental results demonstrate that a count and a top-k query over 40 SNPs in a database of 20,000 records takes around 100 and 150 seconds, respectively. PMID:27834660

19 CFR 10.39 - Cancellation of bond charges.

Code of Federal Regulations, 2011 CFR

2011-04-01

... amount of the bond. (f) Anticipatory breach. If an importer anticipates that the merchandise entered... anticipatory breach. At the time of written notification of the breach, the importer shall pay to Customs the...

19 CFR 10.39 - Cancellation of bond charges.

Code of Federal Regulations, 2014 CFR

2014-04-01

... amount of the bond. (f) Anticipatory breach. If an importer anticipates that the merchandise entered... anticipatory breach. At the time of written notification of the breach, the importer shall pay to Customs the...

19 CFR 10.39 - Cancellation of bond charges.

Code of Federal Regulations, 2012 CFR

2012-04-01

... amount of the bond. (f) Anticipatory breach. If an importer anticipates that the merchandise entered... anticipatory breach. At the time of written notification of the breach, the importer shall pay to Customs the...

19 CFR 10.39 - Cancellation of bond charges.

Code of Federal Regulations, 2013 CFR

2013-04-01

... amount of the bond. (f) Anticipatory breach. If an importer anticipates that the merchandise entered... anticipatory breach. At the time of written notification of the breach, the importer shall pay to Customs the...

Inversion Method for Early Detection of ARES-1 Case Breach Failure

NASA Technical Reports Server (NTRS)

Mackey, Ryan M.; Kulikov, Igor K.; Bajwa, Anupa; Berg, Peter; Smelyanskiy, Vadim

2010-01-01

A document describes research into the problem of detecting a case breach formation at an early stage of a rocket flight. An inversion algorithm for case breach allocation is proposed and analyzed. It is shown how the case breach can be allocated at an early stage of its development by using the rocket sensor data and the output data from the control block of the rocket navigation system. The results are simulated with MATLAB/Simulink software. The efficiency of an inversion algorithm for a case breach location is discussed. The research was devoted to the analysis of the ARES-l flight during the first 120 seconds after the launch and early prediction of case breach failure. During this time, the rocket is propelled by its first-stage Solid Rocket Booster (SRB). If a breach appears in SRB case, the gases escaping through it will produce the (side) thrust directed perpendicular to the rocket axis. The side thrust creates torque influencing the rocket attitude. The ARES-l control system will compensate for the side thrust until it reaches some critical value, after which the flight will be uncontrollable. The objective of this work was to obtain the start time of case breach development and its location using the rocket inertial navigation sensors and GNC data. The algorithm was effective for the detection and location of a breach in an SRB field joint at an early stage of its development.

Whatever Happened to Formal Methods for Security?

PubMed

Voas, J; Schaffer, K

2016-08-01

We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We are continually reminded of the 1996 paper by Tony Hoare "How did Software Get So Reliable Without Proof?" [1] In that vein, how did we get so insecure with proof? Given daily press announcements concerning new malware, data breaches, and privacy loss, is FM still relevant or was it ever? Our experts answered with unique personal insights. We were curious as to whether this successful methodology in "safety-critical" has succeeded as well for today's "build it, hack it, patch it" mindset. Our experts were John McLean (Naval Research Labs), Paul Black (National Institute of Standards and Technology), Karl Levitt (University of California at Davis), Joseph Williams (CloudEconomist.Com), Connie Heitmeyer (Naval Research Labs), Eugene Spafford (Purdue University), and Joseph Kiniry (Galois, Inc.). The questions and responses follow.

16 CFR 318.3 - Breach notification requirement.

Code of Federal Regulations, 2010 CFR

2010-01-01

... identification of each customer of the vendor of personal health records or PHR related entity whose unsecured... deemed to have knowledge of a breach if such breach is known, or reasonably should have been known, to...

Identifying Psychological Contract Breaches to Guide Improvements in Faculty Recruitment, Retention, and Development

PubMed Central

Desselle, Shane P.; Draugalis, JoLaine R.; Spies, Alan R.; Davis, Tamra S.; Bolino, Mark

2012-01-01

Objective. To identify pharmacy faculty members’ perceptions of psychological contract breaches that can be used to guide improvements in faculty recruitment, retention, and development. Methods. A list of psychological contract breaches was developed using a Delphi procedure involving a panel of experts assembled through purposive sampling. The Delphi consisted of 4 rounds, the first of which elicited examples of psychological contract breaches in an open-ended format. The ensuing 3 rounds consisting of a survey and anonymous feedback on aggregated group responses. Results. Usable responses were obtained from 11 of 12 faculty members who completed the Delphi procedure. The final list of psychological contract breaches included 27 items, after modifications based on participant feedback in subsequent rounds. Conclusion. The psychological contract breach items generated in this study provide guidance for colleges and schools of pharmacy regarding important aspects of faculty recruitment, retention, and development. PMID:22919084

Identifying psychological contract breaches to guide improvements in faculty recruitment, retention, and development.

PubMed

Peirce, Gretchen L; Desselle, Shane P; Draugalis, JoLaine R; Spies, Alan R; Davis, Tamra S; Bolino, Mark

2012-08-10

To identify pharmacy faculty members' perceptions of psychological contract breaches that can be used to guide improvements in faculty recruitment, retention, and development. A list of psychological contract breaches was developed using a Delphi procedure involving a panel of experts assembled through purposive sampling. The Delphi consisted of 4 rounds, the first of which elicited examples of psychological contract breaches in an open-ended format. The ensuing 3 rounds consisting of a survey and anonymous feedback on aggregated group responses. Usable responses were obtained from 11 of 12 faculty members who completed the Delphi procedure. The final list of psychological contract breaches included 27 items, after modifications based on participant feedback in subsequent rounds. The psychological contract breach items generated in this study provide guidance for colleges and schools of pharmacy regarding important aspects of faculty recruitment, retention, and development.

Bathymetry of the Wilderness breach at Fire Island, New York, June 2013

USGS Publications Warehouse

Brownell, Andrew T.; Hapke, Cheryl J.; Spore, Nicholas J.; McNinch, Jesse E.

2015-01-01

The U.S. Geological Survey (USGS) St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, collaborated with the U.S. Army Corps of Engineers Field Research Facility in Duck, North Carolina, to collect shallow water bathymetric data of the Wilderness breach on Fire Island, New York, in June 2013. The breach formed in October 2012 during Hurricane Sandy, and the USGS is involved in a post-Sandy effort to map, monitor, and model the morphologic evolution of the breach as part of Hurricane Sandy Supplemental Project GS2-2B: Linking Coastal Vulnerability and Process, Fire Island. This publication includes a bathymetric dataset of the breach and the adjacent nearshore on the ocean side of the island. The objective of the data collection and analysis is to map the bathymetry of the primary breach channel, ebb shoal, and nearshore bar system.

An extreme breaching of a barrier spit: insights on large breach formation and its impact on barrier dynamics

NASA Astrophysics Data System (ADS)

Iulian Zăinescu, Florin; Vespremeanu-Stroe, Alfred; Tătui, Florin

2017-04-01

In this study, we document a case of exceptionally large natural breaching of a sandy spit (Sacalin barrier, Danube delta) using Lidar data and satellite imagery, annual (and seasonal) surveys of topography and bathymetry on successive cross-barrier profiles, and hourly datasets of wind and waves. The breach morphology and dynamics was monitored and described from its inception to closure, together with its impact on the adjoining features (upper shoreface, back-barrier lagoon, downdrift coast) and on the local sediment budgets. Breaching is first observed to occur on a beach-length of 0.5 km in April 2012 and two years later reached 3.5 km (May 2014). The barrier translates to a recovery stage dominated by continuous back-barrier deposition through subaqueous cross-breach sediment transport. Soon, the barrier widening triggers a negative feedback which limits the back-barrier sediment transfer. As a result, back-barrier deposition decreases whilst the barrier aggradation through overwash becomes more frequent. The event was found to be a natural experiment which switched the barrier's decadal evolution from low cross-shore transport to high cross-shore transport over the barrier. Although previously considered as constant, the cross-shore transport recorded during the large breach lifespan is an order of magnitude larger than in the non-breach period. 3 x 106 m3 of sediment were deposited in three years which is equivalent to the modelled longshore transport in the region. Nevertheless, the sediment circuits are more complex involving exchanges with the upper shoreface, as indicated by the extensive erosion down to -4m. In the absence of tides, the Sacalin breach closed naturally in 3 years and brings a valuable contribution on how breaches may evolve, as only limited data has been internationally reported until now. The very high deposition rate of sediment in the breach is a testimony of the high sediment volumes supplied by the longshore transport and the high sediment release through shoreface retreat, and resulted in widening the barrier to a maximum of 1 km. Since the newly-formed barrier shoreline got displaced backward up to 500 m, this reveals that barrier breaching is an important mechanism which significantly accelerates the landward migration of the barrier system and is a proof of the highly nonlinear morphodynamics involved in the barrier island translation. We demonstrate that the 2012-2015 event was an example of complex barrier breaching which has a substantial influence on the longer-term evolution of the spit. Studies of breaching help us understand the barrier evolution and will help coastal erosion risk management policy makers undertake better decisions on barrier management practice.

Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Chen, Qian; Nichols, Jeff A.

Supervisory control and data acquisition (SCADA) is an industrial automation system that remotely monitor, and control critical infrastructures. SCADA systems are major targets for espionage and sabotage attackers. According to the 2015 Dell security annual threat report, the number of cyber-attacks against SCADA systems has doubled in the past year. Cyber-attacks (i.e., buffer overflow, rootkits and code injection) could cause serious financial losses and physical infrastructure damages. Moreover, some specific cyber-attacks against SCADA systems could become a threat to human life. Current commercial off-the-shelf security solutions are insufficient in protecting SCADA systems against sophisticated cyber-attacks. In 2014 a report bymore » Mandiant stated that only 69% of organizations learned about their breaches from third entities, meaning that these companies lack of their own detection system. Furthermore, these breaches are not detected in real-time or fast enough to prevent further damages. The average time between compromise and detection (for those intrusions that were detected) was 205 days. To address this challenge, we propose an Intrusion Detection System (IDS) that detects SCADA-specific cyber-attacks by analyzing the power consumption of a SCADA device. Specifically, to validate the proposed approach, we chose to monitor in real-time the power usage of a a Programmable Logic Controller (PLC). To this end, we configured the hardware of the tetsbed by installing the required sensors to monitor and collect its power consumption. After that two SCADA-specific cyber-attacks were simulated and TracerDAQ Pro was used to collect the power consumption of the PLC under normal and anomalous scenarios. Results showed that is possible to distinguish between the regular power usage of the PLC and when the PLC was under specific cyber-attacks.« less

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

A Portable Computer Security Workshop

ERIC Educational Resources Information Center

Wagner, Paul J.; Phillips, Andrew T.

2006-01-01

We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

I Am So Tired… How Fatigue May Exacerbate Stress Reactions to Psychological Contract Breach.

PubMed

Achnak, Safâa; Griep, Yannick; Vantilborgh, Tim

2018-01-01

Previous research showed that perceptions of psychological contract (PC) breach have undesirable individual and organizational consequences. Surprisingly, the PC literature has paid little to no attention to the relationship between PC breach perceptions and stress. A better understanding of how PC breach may elicit stress seems crucial, given that stress plays a key role in employees' physical and mental well-being. Based on Conservation of Resources Theory, we suggest that PC breach perceptions represent a perceived loss of valued resources, subsequently leading employees to experience higher stress levels resulting from emerging negative emotions. Moreover, we suggest that this mediated relationship is moderated by initial levels of fatigue, due to fatigue lowering the personal resources necessary to cope with breach events. To tests our hypotheses, we analyzed the multilevel data we obtained from two experience sampling designs (Study 1: 51 Belgian employees; Study 2: 53 US employees). Note that the unit of analysis is "observations" rather than "respondents," resulting in an effective sample size of 730 (Study 1) and 374 (Study 2) observations. In both studies, we found evidence for the mediating role of negative emotions in the PC breach-stress relationship. In the second study, we also found evidence for the moderating role of fatigue in the mediated PC breach-stress relationship. Implications for research and practice are discussed.

The Role of HIPAA Omnibus Rules in Reducing the Frequency of Medical Data Breaches: Insights From an Empirical Study.

PubMed

Yaraghi, Niam; Gopal, Ram D

2018-03-01

Policy Points: Frequent data breaches in the US health care system undermine the privacy of millions of patients every year-a large number of which happen among business associates of the health care providers that continue to gain unprecedented access to patients' data as the US health care system becomes digitally integrated. Implementation of the HIPAA Omnibus Rules in 2013 has led to a significant decrease in the number of privacy breach incidents among business associates. Frequent data breaches in the US health care system undermine the privacy of millions of patients every year. A large number of such breaches happens among business associates of the health care providers that continue to gain unprecedented access to patients' data as the US health care system becomes digitally integrated. The Omnibus Rules of the Health Insurance Portability and Accountability Act (HIPAA), which were enacted in 2013, significantly increased the regulatory oversight and privacy protection requirements of business associates. The objective of this study is to empirically examine the effects of this shift in policy on the frequency of medical privacy breaches among business associates in the US health care system. The findings of this research shed light on how regulatory efforts can protect patients' privacy. Using publicly available data on breach incidents between October 2009 and August 2017 as reported by the Office for Civil Rights (OCR), we conducted an interrupted time-series analysis and a difference-in-differences analysis to examine the immediate and long-term effects of implementation of HIPAA omnibus rules on the frequency of medical privacy breaches. We show that implementation of the omnibus rules led to a significant reduction in the number of breaches among business associates and prevented 180 privacy breaches from happening, which could have affected nearly 18 million Americans. Implementation of HIPAA omnibus rules may have been a successful federal policy in enhancing privacy protection efforts and reducing the number of breach incidents in the US health care system. © 2018 Milbank Memorial Fund.

A physically-based method for predicting peak discharge of floods caused by failure of natural and constructed earthen dams

USGS Publications Warehouse

Walder, J.S.

1997-01-01

We analyse a simple, physically-based model of breach formation in natural and constructed earthen dams to elucidate the principal factors controlling the flood hydrograph at the breach. Formation of the breach, which is assumed trapezoidal in cross-section, is parameterized by the mean rate of downcutting, k, the value of which is constrained by observations. A dimensionless formulation of the model leads to the prediction that the breach hydrograph depends upon lake shape, the ratio r of breach width to depth, the side slope ?? of the breach, and the parameter ?? = (V/ D3)(k/???gD), where V = lake volume, D = lake depth, and g is the acceleration due to gravity. Calculations show that peak discharge Qp depends weakly on lake shape r and ??, but strongly on ??, which is the product of a dimensionless lake volume and a dimensionless erosion rate. Qp(??) takes asymptotically distinct forms depending on whether ?? > 1. Theoretical predictions agree well with data from dam failures for which k could be reasonably estimated. The analysis provides a rapid and in many cases graphical way to estimate plausible values of Qp at the breach.

Loss of Life, Evacuation and Emergency Management: Comparison and Application to Case Studies in the USA

DTIC Science & Technology

2013-01-22

eK ay a nd M cC le lla nd G ra ha m Katrina HEC -FIA LifeSim Figure 1: Comparison of loss of life models (based on Johnstone et al., 2005...Katrina HEC FIA Lifesim Application: flood types Levee breaching, river , coastal Levee breaching, river , coastal levee breaching, dam failure...Mortality – Overtopping with breach Center Side of American River (OTSC) Figure 31: Mortality for the HEC -FIA method for the two

Morphologic evolution of the wilderness area breach at Fire Island, New York—2012–15

USGS Publications Warehouse

Hapke, Cheryl J.; Nelson, Timothy R.; Henderson, Rachel E.; Brenner, Owen T.; Miselis, Jennifer L.

2017-09-18

IntroductionHurricane Sandy, which made landfall on October 29, 2012, near Atlantic City, New Jersey, had a significant impact on the coastal system along the south shore of Long Island, New York. A record significant wave height of 9.6 meters (m) was measured at wave buoy 44025, approximately 48 kilometers offshore of Fire Island, New York. Surge and runup during the storm resulted in extensive beach and dune erosion and breaching of the Fire Island barrier island system at two locations, including a breach that formed within the Otis Pike Fire Island High Dune Wilderness area on the eastern side of Fire Island.The U.S. Geological Survey (USGS) has a long history of conducting morphologic change and processes research at Fire Island. One of the primary objectives of the current research effort is to understand the morphologic evolution of the barrier system on a variety of time scales (from storm scale to decade(s) to century). A number of studies that support the project objectives have been published. Prior to Hurricane Sandy, however, little information was available on specific storm-driven change in this region. The USGS received Hurricane Sandy supplemental funding (project GS2–2B: Linking Coastal Processes and Vulnerability, Fire Island, New York, Regional Study) to enhance existing research efforts at Fire Island. The existing research was greatly expanded to include inner continental shelf mapping and investigations of processes of inner shelf sediment transport; beach and dune response and recovery; and observation, analysis, and modeling of the newly formed breach in the Otis Pike High Dune Wilderness area, herein referred to as the wilderness breach. The breach formed at the site of Old Inlet, which was open from 1763 to 1825. The location of the initial island breaching does not directly correspond with topographic lows of the dunes, but instead the breach formed in the location of a cross-island boardwalk that was destroyed during Hurricane Sandy.From 2013 to November 2015, bathymetric data were collected by the USGS St. Petersburg Coastal and Marine Science Center during three surveys of the breach channel and tidal shoals, and shoreline positions on each side of the breach (also collected by the National Park Service). Additionally, pre-storm topography/bathymetry EAARL–B light detection and ranging (lidar) data were collected by the USGS the day prior to Hurricane Sandy’s landfall. These data serve as a baseline for change analyses during four subsequent periods: June 2013, June 2014, October 2014, and May 2015. The June 2013 single-beam bathymetry data were collected in collaboration with the U.S. Army Corps of Engineers (USACE), using the Lighter Amphibious Resupply Cargo (LARC) vessel, and included the ebb shoal and breach channel. The USGS collected and processed the three additional bathymetric datasets using personal watercraft equipped with single-beam echo sounders and backpack Global Positioning System (GPS) over shallow flood shoals.Eastern and western breach shorelines were surveyed weekly to monthly beginning on November 6, 2012 (by the National Park Service [NPS], and USGS St. Petersburg Coastal and Marine Science Center), with measurements made every few weeks for the first year and every few months after October 2013. The NPS and researchers from Stony Brook University monitored the breach by collecting field data of the breach channel bathymetry, conducting aerial photographic overflights, and performing water-quality analyses (see http://po.msrc.sunysb.edu/GSB/). The aerial photography collected and rectified by Stony Brook University is used extensively in our morphologic change description to examine changes to breach shorelines (supplementing shoreline data collected in the field), channel width, and orientation. Due to the uncertainties and the variation in survey methods, a rigorous quantitative analysis was not performed. However, average calculations of various breach metrics allow a qualitative analysis of breach development and evolution.This report presents an overview of the data collected and a summary discussion of the observed changes to the breach system and the seasonal wave climatology associated with the breach morphodynamic response.

16 CFR 318.6 - Content of notice.

Code of Federal Regulations, 2013 CFR

2013-01-01

... of unsecured PHR identifiable health information that were involved in the breach (such as full name... Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS HEALTH BREACH... individuals should take to protect themselves from potential harm resulting from the breach; (d) A brief...

16 CFR 318.6 - Content of notice.

Code of Federal Regulations, 2014 CFR

2014-01-01

... of unsecured PHR identifiable health information that were involved in the breach (such as full name... Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS HEALTH BREACH... individuals should take to protect themselves from potential harm resulting from the breach; (d) A brief...

16 CFR 318.6 - Content of notice.

Code of Federal Regulations, 2012 CFR

2012-01-01

... of unsecured PHR identifiable health information that were involved in the breach (such as full name... Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS HEALTH BREACH... individuals should take to protect themselves from potential harm resulting from the breach; (d) A brief...

An outlet breaching algorithm for the treatment of closed depressions in a raster DEM

NASA Astrophysics Data System (ADS)

Martz, Lawrence W.; Garbrecht, Jurgen

1999-08-01

Automated drainage analysis of raster DEMs typically begins with the simulated filling of all closed depressions and the imposition of a drainage pattern on the resulting flat areas. The elimination of closed depressions by filling implicitly assumes that all depressions are caused by elevation underestimation. This assumption is difficult to support, as depressions can be produced by overestimation as well as by underestimation of DEM values.This paper presents a new algorithm that is applied in conjunction with conventional depression filling to provide a more realistic treatment of those depressions that are likely due to overestimation errors. The algorithm lowers the elevation of selected cells on the edge of closed depressions to simulate breaching of the depression outlets. Application of this breaching algorithm prior to depression filling can substantially reduce the number and size of depressions that need to be filled, especially in low relief terrain.Removing or reducing the size of a depression by breaching implicitly assumes that the depression is due to a spurious flow blockage caused by elevation overestimation. Removing a depression by filling, on the other hand, implicitly assumes that the depression is a direct artifact of elevation underestimation. Although the breaching algorithm cannot distinguish between overestimation and underestimation errors in a DEM, a constraining parameter for breaching length can be used to restrict breaching to closed depressions caused by narrow blockages along well-defined drainage courses. These are considered the depressions most likely to have arisen from overestimation errors. Applying the constrained breaching algorithm prior to a conventional depression-filling algorithm allows both positive and negative elevation adjustments to be used to remove depressions.The breaching algorithm was incorporated into the DEM pre-processing operations of the TOPAZ software system. The effect of the algorithm is illustrated by the application of TOPAZ to a DEM of a low-relief landscape. The use of the breaching algorithm during DEM pre-processing substantially reduced the number of cells that needed to be subsequently raised in elevation to remove depressions. The number and kind of depression cells that were eliminated by the breaching algorithm suggested that the algorithm effectively targeted those topographic situations for which it was intended. A detailed inspection of a portion of the DEM that was processed using breaching algorithm in conjunction with depression-filling also suggested the effects of the algorithm were as intended.The breaching algorithm provides an empirically satisfactory and robust approach to treating closed depressions in a raster DEM. It recognises that depressions in certain topographic settings are as likely to be due to elevation overestimation as to elevation underestimation errors. The algorithm allows a more realistic treatment of depressions in these situations than conventional methods that rely solely on depression-filling.

75 FR 13138 - Grand Ditch Breach Restoration Environmental Impact Statement, Rocky Mountain National Park, CO

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-18

... DEPARTMENT OF THE INTERIOR National Park Service Grand Ditch Breach Restoration Environmental... Restoration, Rocky Mountain National Park, Colorado. SUMMARY: Pursuant to the National Environmental Policy... Statement for the Grand Ditch Breach Restoration, Rocky Mountain National Park, Colorado. This effort will...

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes.

PubMed

Kisekka, Victoria; Giboney, Justin Scott

2018-04-11

The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs' success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients' frequency of accessing health records, patients' positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. ©Victoria Kisekka, Justin Scott Giboney. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 11.04.2018.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Once More unto the Breaching Experiment: Reconsidering a Popular Pedagogical Tool

ERIC Educational Resources Information Center

Braswell, Matthew

2014-01-01

Instructors frequently utilize breaching experiments in an attempt to "bring sociology to life." However, an uncritical embrace of breaching experiments obscures the complexity of their possible effects on participants and subjects. These experiments have real potential to inflict deleterious consequences on individuals and groups.…

75 FR 45685 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-03

... list (see current List 7 titled Misrepresentation/Omissions, List 9 titled Negligence/Breach of... claims alleging misrepresentation/ omissions (see current List 8, Item 1), negligence/breach of fiduciary... claims alleging misrepresentation/ omission (see current List 8, Item 2), negligence/breach of fiduciary...

"Financial Emergency" and the Faculty Furlough: A Breach of Contract.

ERIC Educational Resources Information Center

Richards, Mary Sanders

1984-01-01

The power of the university to breach faculty contracts in order to meet its temporary cash-flow problems and the rights of faculty when this breach occurs are discussed. To avoid litigation, a university must have established internal guidelines which can be incorporated into an employment contract. (MLW)

Identity Theft: Trends and Issues

DTIC Science & Technology

2010-01-05

mitigate the effects of identity theft, one option Congress may consider is whether to strengthen data breach notification requirements. Such requirements...identity theft complaints to the FTC as well as in the number of reported data breaches placing personally identifiable information at risk. This report...23 Effects of Data Breaches ..................................................................................................... 24

BREACHING THE SEXUAL BOUNDARIES IN THE DOCTOR–PATIENT RELATIONSHIP: SHOULD ENGLISH LAW RECOGNISE FIDUCIARY DUTIES?

PubMed Central

Ost, Suzanne

2016-01-01

In this article, I argue that sexual exploitation in the doctor–patient relationship would be dealt with more appropriately by the law in England and Wales on the basis of a breach of fiduciary duty. Three different types of sexual boundary breaches are discussed, and the particular focus is on breaches where the patient's consent is obtained through inducement. I contend that current avenues of redress do not clearly catch this behaviour and, moreover, they fail to capture the essence of the wrong committed by the doctor—the knowing breach of trust for self-gain—and the calculated way in which consent is induced. Finally, I demonstrate that the fiduciary approach is compatible with the contemporary pro-patient autonomy model of the doctor–patient relationship. PMID:26846652

Toward a better understanding of psychological contract breach: a study of customer service employees.

PubMed

Deery, Stephen J; Iverson, Roderick D; Walsh, Janet T

2006-01-01

Experiences of psychological contract breach have been associated with a range of negative behavior. However, much of the research has focused on master of business administration alumni and managers and made use of self-reported outcomes. Studying a sample of customer service employees, the research found that psychological contract breach was related to lower organizational trust, which, in turn was associated with perceptions of less cooperative employment relations and higher levels of absenteeism. Furthermore, perceptions of external market pressures moderated the effect of psychological contract breach on absenteeism. The study indicated that psychological contract breach can arise when employees perceive discrepancies between an organization's espoused behavioral standards and its actual behavioral standards, and this can affect discretionary absence. (c) 2006 APA, all rights reserved.

The effects of artificial sandbar breaching on the macrophyte communities of an intermittently open estuary

NASA Astrophysics Data System (ADS)

Ribeiro, Jose Pedro N.; Saggio, Ângelo; Lima, Maria Inês Salgueiro

2013-04-01

Artificial sandbar opening of intermittently open estuaries is a practice utilised worldwide to improve water quality, fishing, and recreational amenities and to prevent the flooding of adjacent properties. Breaching causes the water level to drop drastically, exposing plants to two water level extremes. With some exceptions, estuarine communities are adversely affected by this practice. Although breaching can happen naturally, artificial breaching is on the rise, and the impact of manipulating water levels on estuarine communities needs to be investigated. In this work, we described the breaching cycles of the Massaguaçu River Estuary and proposed flooding scenarios for the estuary's macrophyte banks based on our data. We calculated the relationship between plant distribution and flooding conditions and used our calculations to predict the estuary community's composition depending on the water level at breaching time. We discovered a strong relationship between plant distribution and flooding conditions, and we predicted that the estuarine community would be markedly different between flooding scenarios. Low frequency flooding scenarios would be related to submerged macrophytes and, as the flooding frequency increases, macrophytes would be replaced by amphibious plants, and eventually by the arboreal stratus. Therefore, we concluded that an increase in artificial breaching cycles would have a detrimental impact on the estuary community.

Who breaches the four-hour emergency department wait time target? A retrospective analysis of 374,000 emergency department attendances between 2008 and 2013 at a type 1 emergency department in England.

PubMed

Bobrovitz, Niklas; Lasserson, Daniel S; Briggs, Adam D M

2017-11-02

The four-hour target is a key hospital emergency department performance indicator in England and one that drives the physical and organisational design of the ED. Some studies have identified time of presentation as a key factor affecting waiting times. Few studies have investigated other determinants of breaching the four-hour target. Therefore, our objective was to describe patterns of emergency department breaches of the four-hour wait time target and identify patients at highest risk of breaching. This was a retrospective cohort study of a large type 1 Emergency department at an NHS teaching hospital in Oxford, England. We analysed anonymised individual level patient data for 378,873 emergency department attendances, representing all attendances between April 2008 and April 2013. We examined patient characteristics and emergency department presentation circumstances associated with the highest likelihood of breaching the four-hour wait time target. We used 374,459 complete cases for analysis. In total, 8.3% of all patients breached the four-hour wait time target. The main determinants of patients breaching the four-hour wait time target were hour of arrival to the ED, day of the week, patient age, ED referral source, and the types of investigations patients receive (p < 0.01 for all associations). Patients most likely to breach the four-hour target were older, presented at night, presented on Monday, received multiple types of investigation in the emergency department, and were not self-referred (p < 0.01 for all associations). Patients attending from October to February had a higher odds of breaching compared to those attending from March to September (OR 1.63, 95% CI 1.59 to 1.66). There are a number of independent patient and circumstantial factors associated with the probability of breaching the four-hour ED wait time target including patient age, ED referral source, the types of investigations patients receive, as well as the hour, day, and month of arrival to the ED. Efforts to reduce the number of breaches could explore late-evening/overnight staffing, access to diagnostic tests, rapid discharge facilities, and early assessment and input on diagnostic and management strategies from a senior practitioner.

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Accuracy of robot-assisted pedicle screw placement for adolescent idiopathic scoliosis in the pediatric population.

PubMed

Macke, Jeremy J; Woo, Raymund; Varich, Laura

2016-06-01

This is a retrospective review of pedicle screw placement in adolescent idiopathic scoliosis (AIS) patients under 18 years of age who underwent robot-assisted corrective surgery. Our primary objective was to characterize the accuracy of pedicle screw placement with evaluation by computed tomography (CT) after robot-assisted surgery in AIS patients. Screw malposition is the most frequent complication of pedicle screw placement and is more frequent in AIS. Given the potential for serious complications, the need for improved accuracy of screw placement has spurred multiple innovations including robot-assisted guidance devices. No studies to date have evaluated this robot-assisted technique using CT exclusively within the AIS population. Fifty patients were included in the study. All operative procedures were performed at a single institution by a single pediatric orthopedic surgeon. We evaluated the grade of screw breach, the direction of screw breach, and the positioning of the patient for preoperative scan (supine versus prone). Of 662 screws evaluated, 48 screws (7.2 %) demonstrated a breach of greater than 2 mm. With preoperative prone position CT scanning, only 2.4 % of screws were found to have this degree of breach. Medial malposition was found in 3 % of screws, a rate which decreased to 0 % with preoperative prone position scanning. Based on our results, we conclude that the proper use of image-guided robot-assisted surgery can improve the accuracy and safety of thoracic pedicle screw placement in patients with adolescent idiopathic scoliosis. This is the first study to evaluate the accuracy of pedicle screw placement using CT assessment in robot-assisted surgical correction of patients with AIS. In our study, the robot-assisted screw misplacement rate was lower than similarly constructed studies evaluating conventional (non-robot-assisted) procedures. If patients are preoperatively scanned in the prone position, the misplacement rate is further decreased.

Observation and modeling of the evolution of an ephemeral storm-induced inlet: Pea Island Breach, North Carolina, USA

NASA Astrophysics Data System (ADS)

Velasquez Montoya, Liliana; Sciaudone, Elizabeth J.; Mitasova, Helena; Overton, Margery F.

2018-03-01

The Outer Banks of North Carolina is a wave-dominated barrier island system that has experienced the opening and closure of numerous inlets in the last four centuries. The most recent of those inlets formed after the breaching of Pea Island during Hurricane Irene in 2011. The Pea Island Breach experienced a rapid evolution including episodic curvature of the main channel, rotation of the ebb channel, shoaling, widening by Hurricane Sandy in 2012, and finally closing before the summer of 2013. Studying the life cycle of Pea Island Breach contributes to understanding the behavior of ephemeral inlets in breaching-prone regions. This topic has gained relevance due to rising sea levels, a phenomenon that increases the chances of ephemeral inlet formation during extreme events. This study explores the spatiotemporal effects of tides, waves, and storms on flow velocities and morphology of the breach by means of remotely sensed data, geospatial metrics, and a numerical model. The combined use of observations and results from modeling experiments allowed building a conceptual model to explain the life cycle of Pea Island Breach. Wave seasonality dominated the morphological evolution of the inlet by controlling the magnitude and direction of the longshore current that continuously built transient spits at both sides of the breach. Sensitivity analysis to external forcings indicates that ocean waves can modify water levels and velocities in the back barrier. Sound-side storm surge regulates overall growth rate, duration, and decay of peak water levels entering the inlet during extreme events.

Identifying Levee Breach Hotspots via Fine Resolution 2D Hydrodynamic Modeling - a Case Study in the Obion River

NASA Astrophysics Data System (ADS)

Bhuyian, M. N. M.; Kalyanapu, A. J.; Dullo, T. T.; VandenBerge, D.

2017-12-01

The Obion River, located in North-West Tennessee was channelized in last century to increase flow capacity and reduce flooding. Upstream of the river mainly consists of multiple tributaries that merge near Rives. The lowest water level (LWL) downstream of Rives has increased about four feet since 1980. It is estimated that this phenomenon could reduce 20% of channel conveyance if water surface slope is assumed same as channel slope. Reduction in conveyance would result in a frequent exposure to flood stage and higher stage for a given flood. Bed level change and exposure to flood stage are critical to levee safety. In the Obion River, levee breach was responsible for flooding in instances even when flood stage was lower than the levee crest. In such a circumstance, accurate simulation of inundation extent via conventional flood model is challenging because, the flood models consider ground data as static and cannot accommodate breaching unless the location of breaching is specified. Therefore, the objective of this study is to propose an approach for determining hotspots of levee breach via fine resolution hydrodynamic modeling to reduce uncertainty in flood inundation modeling. A two-dimensional LiDAR based hydrodynamic model for the Obion River would be used to determine levee breach hotspots using simulated flow parameters (i.e. current velocity, change in stage, time of exposure to high stage etc.) for a design flood event. Identifying breaching hotspots would allow determining probabilistic flood extent under probable breaching conditions. This should reduce uncertainty in inundation mapping in a channelized riverine system.

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 50 Wildlife and Fisheries 9 2012-10-01 2012-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 50 Wildlife and Fisheries 9 2013-10-01 2013-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 50 Wildlife and Fisheries 8 2011-10-01 2011-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 50 Wildlife and Fisheries 9 2014-10-01 2014-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

Testing the Differential Effects of Changes in Psychological Contract Breach and Fulfillment

ERIC Educational Resources Information Center

Conway, Neil; Guest, David; Trenberth, Linda

2011-01-01

Rousseau (1989 and elsewhere) argued that a defining feature of psychological contract breach was that once a promise had been broken it could not easily be repaired and therefore that the effects of psychological contract breach outweighed those of psychological contract fulfillment. Using two independent longitudinal surveys, this paper…

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Fission gas release restrictor for breached fuel rod

DOEpatents

Kadambi, N. Prasad; Tilbrook, Roger W.; Spencer, Daniel R.; Schwallie, Ambrose L.

1986-01-01

In the event of a breach in the cladding of a rod in an operating liquid metal fast breeder reactor, the rapid release of high-pressure gas from the fission gas plenum may result in a gas blanketing of the breached rod and rods adjacent thereto which impairs the heat transfer to the liquid metal coolant. In order to control the release rate of fission gas in the event of a breached rod, the substantial portion of the conventional fission gas plenum is formed as a gas bottle means which includes a gas pervious means in a small portion thereof. During normal reactor operation, as the fission gas pressure gradually increases, the gas pressure interiorly of and exteriorly of the gas bottle means equalizes. In the event of a breach in the cladding, the gas pervious means in the gas bottle means constitutes a sufficient restriction to the rapid flow of gas therethrough that under maximum design pressure differential conditions, the fission gas flow through the breach will not significantly reduce the heat transfer from the affected rod and adjacent rods to the liquid metal heat transfer fluid flowing therebetween.

Numerical modelling of glacial lake outburst floods using physically based dam-breach models

NASA Astrophysics Data System (ADS)

Westoby, M. J.; Brasington, J.; Glasser, N. F.; Hambrey, M. J.; Reynolds, J. M.; Hassan, M. A. A. M.; Lowe, A.

2015-03-01

The instability of moraine-dammed proglacial lakes creates the potential for catastrophic glacial lake outburst floods (GLOFs) in high-mountain regions. In this research, we use a unique combination of numerical dam-breach and two-dimensional hydrodynamic modelling, employed within a generalised likelihood uncertainty estimation (GLUE) framework, to quantify predictive uncertainty in model outputs associated with a reconstruction of the Dig Tsho failure in Nepal. Monte Carlo analysis was used to sample the model parameter space, and morphological descriptors of the moraine breach were used to evaluate model performance. Multiple breach scenarios were produced by differing parameter ensembles associated with a range of breach initiation mechanisms, including overtopping waves and mechanical failure of the dam face. The material roughness coefficient was found to exert a dominant influence over model performance. The downstream routing of scenario-specific breach hydrographs revealed significant differences in the timing and extent of inundation. A GLUE-based methodology for constructing probabilistic maps of inundation extent, flow depth, and hazard is presented and provides a useful tool for communicating uncertainty in GLOF hazard assessment.

Modeling of molecular and particulate transport in dry spent nuclear fuel canisters

NASA Astrophysics Data System (ADS)

Casella, Andrew M.

2007-09-01

The transportation and storage of spent nuclear fuel is one of the prominent issues facing the commercial nuclear industry today, as there is still no general consensus regarding the near- and long-term strategy for managing the back-end of the nuclear fuel cycle. The debate continues over whether the fuel cycle should remain open, in which case spent fuel will be stored at on-site reactor facilities, interim facilities, or a geologic repository; or if the fuel cycle should be closed, in which case spent fuel will be recycled. Currently, commercial spent nuclear fuel is stored at on-site reactor facilities either in pools or in dry storage containers. Increasingly, spent fuel is being moved to dry storage containers due to decreased costs relative to pools. As the number of dry spent fuel containers increases and the roles they play in the nuclear fuel cycle increase, more regulations will be enacted to ensure that they function properly. Accordingly, they will have to be carefully analyzed for normal conditions, as well as any off-normal conditions of concern. This thesis addresses the phenomena associated with one such concern; the formation of a microscopic through-wall breach in a dry storage container. Particular emphasis is placed on the depressurization of the canister, release of radioactivity, and plugging of the breach due to deposition of suspended particulates. The depressurization of a dry storage container upon the formation of a breach depends on the temperature and quantity of the fill gas, the pressure differential across the breach, and the size of the breach. The first model constructed in this thesis is capable of determining the depressurization time for a breached container as long as the associated parameters just identified allow for laminar flow through the breach. The parameters can be manipulated to quantitatively determine their effect on depressurization. This model is expanded to account for the presence of suspended particles. If these particles are transported with the fill gas into the breach, they may be deposited, leading to a restriction of flow and eventually to the plugging of the breach. This model uses an analytical solution to the problem of particle deposition in convective-diffusive fully-developed laminar flow through a straight cylindrical tube. Since the cylindrical flow geometry is a requirement for the use of this equation, it is assumed that all deposited particles are distributed uniformly both axially and circumferentially along the breach. The model is capable of monitoring the pressure, temperature, quantity of fill gas, breach radius, particle transmission fraction, and flow velocity through the breach as functions of time. The depressurization time can be significantly affected by the release of fission gases or helium generated from alpha decay if the cladding of a fuel rod within the canister is breached. To better quantify this phenomenon, a Monte Carlo model of molecular transport through nano-scale flow pathways in the spent fuel is developed in this thesis. This model is applied to cylindrical, conical, elliptical, and helical pathways. Finally, in order to remove some of the restrictions of the model of canister depressurization accounting for suspended particles, a Monte Carlo program was written to model the movement of particles through the breach. This program is capable of accounting for any transport mechanism specified but is focused in this work on laminar convective-diffusive flow. Each test particle is tracked as it is carried through the breach and if it impacts the breach wall, the three-dimensional location of the impact is recorded. In this way, the axial and circumferential deposition patterns can be recorded. This program can model any flow geometry as long as a velocity profile can be provided. In this thesis, the program is expanded to account for flow through straight and torroidal cylindrical tubes.

Coastal bathymetry data collected in June 2014 from Fire Island, New York—The wilderness breach and shoreface

USGS Publications Warehouse

Nelson, Timothy R.; Miselis, Jennifer L.; Hapke, Cheryl J.; Wilson, Kathleen E.; Henderson, Rachel E.; Brenner, Owen T.; Reynolds, Billy J.; Hansen, Mark E.

2016-08-02

Scientists from the U.S. Geological Survey St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, collected bathymetric data along the upper shoreface and within the wilderness breach at Fire Island, New York, in June 2014. The U.S. Geological Survey is involved in a post-Hurricane Sandy effort to map and monitor the morphologic evolution of the shoreface along Fire Island and model the evolution of the wilderness breach as a part of the Hurricane Sandy Supplemental Project GS2-2B. During this study, bathymetry was collected with single-beam echo sounders and global positioning systems, mounted to personal watercraft, along the Fire Island shoreface and within the wilderness breach. Additional bathymetry was collected using backpack global positioning systems along the flood shoals and shallow channels within the wilderness breach.

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

Sensitivity of outflow peaks and flood stages to the selection of dam breach parameters and simulation models

NASA Astrophysics Data System (ADS)

Singh, Krishan P.; Snorrason, Arni

1984-02-01

Important breach parameters were identified and their ranges were estimated from a detailed study of historical earthdam failures due to overtopping. The U.S. Army Corps of Engineers Hydrologic Engineering Center (HEC) and the National Weather Service (NWS) dam breach models were chosen for evaluation and simulation. Both models use similar input data and breach descriptions, but the HEC uses the hydrologic routing method (modified Puls method), whereas the NWS uses the St. Vénant equations for routing. Information on eight dams in Illinois was taken from the Corps of Engineers inspection reports, and surveyed cross-sections of the downstream channels were supplied by the Division of Water Resources of the Illinois Department of Transportation. Various combinations of breach parameters (failure time, TF; depth of overtopping, hf; and breach size, B) were used for breach simulations by both methods with the 1.00PMF, 0.50PMF and 0.25PMF (probable maximum flood) inflow hydrographs. In general, the flood stage profiles predicted by the NWS were smoother and more reasonable than those predicted by the HEC. For channels with relatively steep slopes, the methods compared fairly well, whereas for the channels with mild slope, the HEC model often predicted oscillating, erratic flood stages, mainly due to its inability to route flood waves satisfactorily in non-prismatic channels. The breach outflow peaks are affected significantly by B but less so by hf. The ratio of outflow peak to inflow peak and the effect of TF on outflow decrease as the drainage area above the dam and impounded storage increase. Flood stage profiles predicted with cross-sections taken from 7.5' maps compared favorably with those predicted using surveyed cross-sections. For the range of breach parameters studied, the range of outflow peaks and flood stages downstream from the dam can be determined for regulatory and disaster prevention measures.

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

The President’s Identity Theft Task Force Report

DTIC Science & Technology

2008-09-01

effeCtIve, RISk-BASed ReSPOnSeS tO dAtA BReACheS SUffeRed By fedeRAl AGenCIeS Issue Data Breach Guidance to Agencies Publish a “Routine Use...and developing a data breach response plan. The FTC will continue to seek opportunities to work with state and local officials and policymakers...of fiscal year 2008. ReCOMMendAtIOn 4: enSURe effeCtIve, RISk-BASed ReSPOnSeS tO dAtA BReACheS SUffeRed By fedeRAl AGenCIeS The Task Force

SEED: A Suite of Instructional Laboratories for Computer Security Education

ERIC Educational Resources Information Center

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

Do Data Breach Disclosure Laws Reduce Identity Theft?

ERIC Educational Resources Information Center

Romanosky, Sasha; Telang, Rahul; Acquisti, Alessandro

2011-01-01

In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or…

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

BREACHING THE SEXUAL BOUNDARIES IN THE DOCTOR-PATIENT RELATIONSHIP: SHOULD ENGLISH LAW RECOGNISE FIDUCIARY DUTIES?

PubMed

Ost, Suzanne

2016-01-01

In this article, I argue that sexual exploitation in the doctor-patient relationship would be dealt with more appropriately by the law in England and Wales on the basis of a breach of fiduciary duty. Three different types of sexual boundary breaches are discussed, and the particular focus is on breaches where the patient's consent is obtained through inducement. I contend that current avenues of redress do not clearly catch this behaviour and, moreover, they fail to capture the essence of the wrong committed by the doctor-the knowing breach of trust for self-gain-and the calculated way in which consent is induced. Finally, I demonstrate that the fiduciary approach is compatible with the contemporary pro-patient autonomy model of the doctor-patient relationship. © The Author 2016. Published by Oxford University Press; all rights reserved. For Permissions, please email: journals.permissions@oup.com.

Are Emotions Transmitted From Work to Family? A Crossover Model of Psychological Contract Breach.

PubMed

Liang, Huai-Liang

2018-01-01

Based on affective events theory and the crossover model, this study examines the effect of psychological contract breach on employee dysfunctional behavior and partner family undermining and explores the crossover effect of employee dysfunctional behavior on partner family undermining in work-family issues. This study collected 370 employee-partner dyads (277 male employees, 93 female employees, M age = 43.59 years) from a large manufacturing organization. The results of this study support the conception that employees' psychological contract breach results in frustration in the workplace. In addition, mediation analysis results reveal that psychological contract breach relates to employee dysfunctional behavior in the workplace. The findings show that partners' psychological strain mediates the relationship between employee dysfunctional behavior and partner family undermining. Furthermore, these findings provide investigations for the crossover model to display the value of psychological contract breach in family issues.

Monitoring Contract Enforcement within Virtual Organizations

NASA Astrophysics Data System (ADS)

Squicciarini, Anna; Paci, Federica

Virtual Organizations (VOs) represent a new collaboration paradigm in which the participating entities pool resources, services, and information to achieve a common goal. VOs are often created on demand and dynamically evolve over time. An organization identifies a business opportunity and creates a VO to meet it. In this paper we develop a system for monitoring the sharing of resources in VO. Sharing rules are defined by a particular, common type of contract in which virtual organization members agree to make available some amount of specified resource over a given time period. The main component of the system is a monitoring tool for policy enforcement, called Security Controller (SC). VO members’ interactions are monitored in a decentralized manner in that each member has one associated SC which intercepts all the exchanged messages. We show that having SCs in VOs prevents from serious security breaches and guarantees VOs correct functioning without degrading the execution time of members’ interactions. We base our discussion on application scenarios and illustrate the SC prototype, along with some performance evaluation.

Counterfeit Drug Penetration into Global Legitimate Medicine Supply Chains: A Global Assessment

PubMed Central

Mackey, Tim K.; Liang, Bryan A.; York, Peter; Kubic, Thomas

2015-01-01

Counterfeit medicines are a global public health risk. We assess counterfeit reports involving the legitimate supply chain using 2009–2011 data from the Pharmaceutical Security Institute Counterfeit Incident System (PSI CIS) database that uses both open and nonpublic data sources. Of the 1,510 identified CIS reports involving counterfeits, 27.6% reported China as the source country of the incident/detection. Further, 51.3% were reported as counterfeit but the specific counterfeit subcategory was not known or verifiable. The most prevalent therapeutic category was anti-infectives (21.1%) with most reports originating from health-related government agencies. Geographically, Asian and Latin American regions and, economically, middle-income markets were most represented. A total of 127 (64.8%) of a total of 196 countries had no legitimate supply chain CIS counterfeit reports. Improvements in surveillance, including detection of security breaches, data collection, analysis, and dissemination are urgently needed to address public health needs to combat the global counterfeit medicines trade. PMID:25897059

Whatever Happened to Formal Methods for Security?

PubMed Central

Voas, J.; Schaffer, K.

2016-01-01

We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We are continually reminded of the 1996 paper by Tony Hoare “How did Software Get So Reliable Without Proof?” [1] In that vein, how did we get so insecure with proof? Given daily press announcements concerning new malware, data breaches, and privacy loss, is FM still relevant or was it ever? Our experts answered with unique personal insights. We were curious as to whether this successful methodology in “safety-critical” has succeeded as well for today’s “build it, hack it, patch it” mindset. Our experts were John McLean (Naval Research Labs), Paul Black (National Institute of Standards and Technology), Karl Levitt (University of California at Davis), Joseph Williams (CloudEconomist.Com), Connie Heitmeyer (Naval Research Labs), Eugene Spafford (Purdue University), and Joseph Kiniry (Galois, Inc.). The questions and responses follow. PMID:27890940

Counterfeit drug penetration into global legitimate medicine supply chains: a global assessment.

PubMed

Mackey, Tim K; Liang, Bryan A; York, Peter; Kubic, Thomas

2015-06-01

Counterfeit medicines are a global public health risk. We assess counterfeit reports involving the legitimate supply chain using 2009-2011 data from the Pharmaceutical Security Institute Counterfeit Incident System (PSI CIS) database that uses both open and nonpublic data sources. Of the 1,510 identified CIS reports involving counterfeits, 27.6% reported China as the source country of the incident/detection. Further, 51.3% were reported as counterfeit but the specific counterfeit subcategory was not known or verifiable. The most prevalent therapeutic category was anti-infectives (21.1%) with most reports originating from health-related government agencies. Geographically, Asian and Latin American regions and, economically, middle-income markets were most represented. A total of 127 (64.8%) of a total of 196 countries had no legitimate supply chain CIS counterfeit reports. Improvements in surveillance, including detection of security breaches, data collection, analysis, and dissemination are urgently needed to address public health needs to combat the global counterfeit medicines trade. © The American Society of Tropical Medicine and Hygiene.

Electronic Clinical Trial Protocol Distribution via the World-Wide Web

PubMed Central

Afrin, Lawrence B.; Kuppuswamy, Valarmathi; Slater, Barbara; Stuart, Robert K.

1997-01-01

Clinical trials today typically are inefficient, paper-based operations. Poor community physician awareness of available trials and difficult referral mechanisms also contribute to poor accrual. The Physicians Research Network (PRN) web was developed for more efficient trial protocol distribution and eligibility inquiries. The Medical University of South Carolina's Hollings Cancer Center trials program and two community oncology practices served as a testbed. In 581 man-hours over 18 months, 147 protocols were loaded into PRN. The trials program eliminated all protocol hardcopies except the masters, reduced photocopier use 59%, and saved 1.0 full-time equivalents (FTE), but 1.0 FTE was needed to manage PRN. There were no known security breaches, downtime, or content-related problems. Therefore, PRN is a paperless, user-preferred, reliable, secure method for distributing protocols and reducing distribution errors and delays because only a single copy of each protocol is maintained. Furthermore, PRN is being extended to serve other aspects of trial operations. PMID:8988471

Fiber optic perimeter system for security in smart city

NASA Astrophysics Data System (ADS)

Cubik, Jakub; Kepak, Stanislav; Nedoma, Jan; Fajkus, Marcel; Zboril, Ondrej; Novak, Martin; Jargus, Jan; Vasinek, Vladimir

2017-10-01

Protection of persons and assets is the key challenge of Smart City safeguards technologies. Conventional security technologies are often outdated and easy to breach. Therefore, new technologies that could complement existing systems or replace them are developed. The use of optical fibers and their subsequent application in sensing is a trend of recent years. This article discusses the use of fiber-optic sensors in perimeter protection. The sensor consists of optical fibers and couplers only and being constructed without wires and metal parts bring many advantages. These include an absence of interference with electromagnetic waves, system presence can be difficult to detect as well as affect its operation. Testing installation of perimeter system was carried out under reinforced concrete structure. Subjects walked over the bridge at different speeds and over the different routes. The task for the system was an absolute detection of all subjects. The proposed system should find application mainly in areas with the presence of volatile substances, strong electromagnetic fields, or in explosive areas.

Design and evaluation of the ReKon : an integrated detection and assessment perimeter system.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dabling, Jeffrey Glenn; Andersen, Jason Jann; McLaughlin, James O.

2013-02-01

Kontek Industries (Kannapolis, NC) and their subsidiary, Stonewater Control Systems (Kannapolis, NC), have entered into a cooperative research and development agreement with Sandia to jointly develop and evaluate an integrated perimeter security system solution, one that couples access delay with detection and assessment. This novel perimeter solution was designed to be configurable for use at facilities ranging from high-security military sites to commercial power plants, to petro/chemical facilities of various kinds. A prototype section of the perimeter has been produced and installed at the Sandia Test and Evaluation Center in Albuquerque, NM. This prototype system integrated fiber optic break sensors,more » active infrared sensors, fence disturbance sensors, video motion detection, and ground sensors. This report documents the design, testing, and performance evaluation of the developed ReKon system. The ability of the system to properly detect pedestrian or vehicle attempts to bypass, breach, or otherwise defeat the system is characterized, as well as the Nuisance Alarm Rate.« less

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

Spinal intra-operative three-dimensional navigation with infra-red tool tracking: correlation between clinical and absolute engineering accuracy

NASA Astrophysics Data System (ADS)

Guha, Daipayan; Jakubovic, Raphael; Gupta, Shaurya; Yang, Victor X. D.

2017-02-01

Computer-assisted navigation (CAN) may guide spinal surgeries, reliably reducing screw breach rates. Definitions of screw breach, if reported, vary widely across studies. Absolute quantitative error is theoretically a more precise and generalizable metric of navigation accuracy, but has been computed variably and reported in fewer than 25% of clinical studies of CAN-guided pedicle screw accuracy. We reviewed a prospectively-collected series of 209 pedicle screws placed with CAN guidance to characterize the correlation between clinical pedicle screw accuracy, based on postoperative imaging, and absolute quantitative navigation accuracy. We found that acceptable screw accuracy was achieved for significantly fewer screws based on 2mm grade vs. Heary grade, particularly in the lumbar spine. Inter-rater agreement was good for the Heary classification and moderate for the 2mm grade, significantly greater among radiologists than surgeon raters. Mean absolute translational/angular accuracies were 1.75mm/3.13° and 1.20mm/3.64° in the axial and sagittal planes, respectively. There was no correlation between clinical and absolute navigation accuracy, in part because surgeons appear to compensate for perceived translational navigation error by adjusting screw medialization angle. Future studies of navigation accuracy should therefore report absolute translational and angular errors. Clinical screw grades based on post-operative imaging, if reported, may be more reliable if performed in multiple by radiologist raters.

Psychological Contract Breach and Job Attitudes: A Meta-Analysis of Age as a Moderator

ERIC Educational Resources Information Center

Bal, P. Matthijs; De Lange, Annet H.; Jansen, Paul G. W.; Van Der Velde, Mandy E. G.

2008-01-01

The aim of this study was to examine the influence of age in the relation between psychological contract breach and the development of job attitudes. Based on affective events, social exchange, and lifespan theory, we hypothesized that (1) psychological contract breach would be related negatively to job attitudes, and (2) that age would moderate…

Battling Data Breaches: For Higher Education Institutions, Data Breach Prevention is More Complex than for Industry and Business

ERIC Educational Resources Information Center

Patton, Madeline

2015-01-01

Data breach prevention is a battle, rarely plain and never simple. For higher education institutions, the Sisyphean aspects of the task are more complex than for industry and business. Two-year colleges have payrolls and vendor contracts like those enterprises. They also have public record and student confidentiality requirements. Colleges must…

The President’s Identity Theft Task Force: Combating Identity Theft a Strategic Plan

DTIC Science & Technology

2007-04-11

27 a. Safeguarding of Information in the Public Sector ............... 27 b. Responding to Data Breaches in the Public...72 APPENDICES Appendix A: Identity Theft Task Force’s Guidance Memorandum on Data Breach Protocol...government, and the private sector. Consumers, overwhelmed with weekly media reports of data breaches , feel vulnerable and uncertain of how to protect

State Methods for a Cyber Incident

DTIC Science & Technology

2012-03-01

Glossary S905 - Incident Submission and Response Standard S910 - Data Breach Notification Standard E-5 Our state characterizes information system...Office of Management and Budget. (2011a). Legislative Language Data Breach Notification. Retrieved September 20, 2010, from http://www.whitehouse.gov...sites/default/files/omb/legislative/letters/ data - breach -notification.pdf Executive Office of the President. Office of Management and Budget

Recommendations for a barrier island breach management plan for Fire Island National Seashore, including the Otis Pike High Dune Wilderness Area, Long Island, New York

USGS Publications Warehouse

Williams, S. Jeffress; Foley, Mary K.

2007-01-01

4. Economic costs and benefits of artificial closure. This report for breach management presents protocols which specify when breach closures within the FIIS might be desirable and necessary, as well as provides recommendations for structural breach closure engineering operations which are indented to minimize negative impacts to the natural wilderness values and cultural resources within the FIIS, particularly the Otis Pike Wilderness Area. The goal of the plan is to strike a balance between protecting natural resources and allowing natural processes to operate and avoiding loss of life and excessive property damage.

Do promises matter? An exploration of the role of promises in psychological contract breach.

PubMed

Montes, Samantha D; Zweig, David

2009-09-01

Promises are positioned centrally in the study of psychological contract breach and are argued to distinguish psychological contracts from related constructs, such as employee expectations. However, because the effects of promises and delivered inducements are confounded in most research, the role of promises in perceptions of, and reactions to, breach remains unclear. If promises are not an important determinant of employee perceptions, emotions, and behavioral intentions, this would suggest that the psychological contract breach construct might lack utility. To assess the unique role of promises, the authors manipulated promises and delivered inducements separately in hypothetical scenarios in Studies 1 (558 undergraduates) and 2 (441 employees), and they measured them separately (longitudinally) in Study 3 (383 employees). The authors' results indicate that breach perceptions do not represent a discrepancy between what employees believe they were promised and were given. In fact, breach perceptions can exist in the absence of promises. Further, promises play a negligible role in predicting feelings of violation and behavioral intentions. Contrary to the extant literature, the authors' findings suggest that promises may matter little; employees are concerned primarily with what the organization delivers.

Exploring the relationship between ADHD symptoms and prison breaches of discipline amongst youths in four Scottish prisons.

PubMed

Gordon, V; Williams, D J; Donnelly, P D

2012-04-01

To explore the relationship between attention deficit hyperactivity disorder (ADHD) symptoms (inattention, hyperactivity and impulsivity) and violent and non-violent prison breaches of discipline in incarcerated male youths aged 18-21 years. A case-control study of 169 male youth offenders incarcerated in Scottish prisons and classified as 'symptomatic' or 'non-symptomatic' of inattentive and hyperactive/impulsive ADHD symptoms. ADHD symptoms were measured using the Conners' Adult ADHD Rating Scales-Self Report: Long Version, and prison breaches of discipline were gathered from the Scottish Prison Service's Prisoner Records System. Youths who were symptomatic of Diagnostic and Statistical Manual of Mental Disorders, 4th Edition (DSM-IV) ADHD total symptoms had a significantly higher number of prison breaches of discipline than those who were non-symptomatic. Youths who were symptomatic of DSM-IV hyperactive/impulsive symptoms had a significantly higher number of violent and non-violent prison breaches of discipline than those who were non-symptomatic. However, no such significant difference was found between youths who were symptomatic and non-symptomatic of DSM-IV inattentive symptoms. Young male offenders who are symptomatic of ADHD have a higher number of prison breaches of discipline. In particular, symptoms of hyperactivity/impulsivity are associated with breaches of both a violent and non-violent nature. Implications of such symptoms on rehabilitation and recidivism are discussed. Copyright © 2012 The Royal Society for Public Health. Published by Elsevier Ltd. All rights reserved.

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

Photonic sensor opportunities for distributed and wireless systems in security applications

NASA Astrophysics Data System (ADS)

Krohn, David

2006-10-01

There are broad ranges of homeland security sensing applications that can be facilitated by distributed fiber optic sensors and photonics integrated wireless systems. These applications include [1]: Pipeline, (Monitoring, Security); Smart structures (Bridges, Tunnels, Dams, Public spaces); Power lines (Monitoring, Security); Transportation security; Chemical/biological detection; Wide area surveillance - perimeter; and Port Security (Underwater surveillance, Cargo container). Many vital assets which cover wide areas, such as pipeline and borders, are under constant threat of being attacked or breached. There is a rapidly emerging need to be able to provide identification of intrusion threats to such vital assets. Similar problems exit for monitoring the basic infrastructure such as water supply, power utilities, communications systems as well as transportation. There is a need to develop a coordinated and integrated solution for the detection of threats. From a sensor standpoint, consideration must not be limited to detection, but how does detection lead to intervention and deterrence. Fiber optic sensor technology must be compatible with other surveillance technologies such as wireless mote technology to facilitate integration. In addition, the multi-functionality of fiber optic sensors must be expanded to include bio-chemical detection. There have been a number of barriers for the acceptance and broad use of smart fiber optic sensors. Compared to telecommunications, the volume is low. This fact coupled with proprietary and custom specifications has kept the price of fiber optic sensors high. There is a general lack of a manufacturing infrastructure and lack of standards for packaging and reliability. Also, there are several competing technologies; some photonic based and other approaches based on conventional non-photonic technologies.

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Analyzing Cyber-Physical Threats on Robotic Platforms.

PubMed

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms †

PubMed Central

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

25 CFR 224.88 - What must the Director do after receiving notice of a violation or breach from the tribe?

Code of Federal Regulations, 2010 CFR

2010-04-01

... receiving notice of a violation or breach from the tribe, the Director will: (a) Review the notice and... review of relevant records, including transactions and reports. (b) If the Director determines, after the investigation, that a violation or breach is not causing or will not cause imminent jeopardy to a physical trust...

The Relationship between Psychological Contract Breach and Organizational Commitment: Exchange Imbalance as a Moderator of the Mediating Role of Violation

ERIC Educational Resources Information Center

Cassar, Vincent; Briner, Rob B.

2011-01-01

This study tested the mediating role of violation in the relationship between breach and both affective and continuance commitment and the extent to which this mediating role is moderated by exchange imbalance amongst a sample of 103 sales personnel. Results suggest that violation mediated the relationship between breach and commitment. Also,…

Lab Note: Training the Cyber Defensive Line

DTIC Science & Technology

2016-05-02

available at http://www.nextgov.com/cybersecurity/2013/03/how-many-cyberattacks-hit-united-states-last- year/61775/. 2 “Verizon 2015 Data Breach Investigation...at http://www.prnewswire.com/news-releases/verizon-2015- data - breach -investigations-report-finds- cyberthreats-are-increasing-in-sophistication-yet...Verizon’s Data Breach Investigations Report (available on request from http://www.verizonenterprise.com/DBIR/). The blue team must ensure that their

Preventing Point-of-Sale System Intrusions

DTIC Science & Technology

2014-06-01

executives from Target and Nieman Marcus prepared written testimonials in advance of several congressional hearings on retail data breaches the week...of February 05, 2014 (Associated Press, 2014; United States Senate, 2014). While the Target data breach attracted significant national attention due...other parts of the world, and whether Congress should pass a federal data breach notification law that would require businesses to notify customers if

Sports Law: Tort Liability of the College and University Athletic Department Administrator.

ERIC Educational Resources Information Center

Nolte, M. Chester

A tort is an actionable wrong, other than breach of contract, that the courts will recognize and intervene to equalize. There are three questions the court will ask: Did someone owe someone else a duty? Was there a breach of duty owed? Was the breach the proximate cause of the plaintiff's injury? The grounds for injury actions may be classified as…

Managing breaches of containment and eradication of invasive plant populations.

PubMed

Fletcher, Cameron S; Westcott, David A; Murphy, Helen T; Grice, Anthony C; Clarkson, John R

2015-02-01

Containment can be a viable strategy for managing invasive plants, but it is not always cheaper than eradication. In many cases, converting a failed eradication programme to a containment programme is not economically justified. Despite this, many contemporary invasive plant management strategies invoke containment as a fallback for failed eradication, often without detailing how containment would be implemented.We demonstrate a generalized analysis of the costs of eradication and containment, applicable to any plant invasion for which infestation size, dispersal distance, seed bank lifetime and the economic discount rate are specified. We estimate the costs of adapting eradication and containment in response to six types of breach and calculate under what conditions containment may provide a valid fallback to a breached eradication programme.We provide simple, general formulae and plots that can be applied to any invasion and show that containment will be cheaper than eradication only when the size of the occupied zone exceeds a multiple of the dispersal distance determined by seed bank longevity and the discount rate. Containment becomes proportionally cheaper than eradication for invaders with smaller dispersal distances, longer lived seed banks, or for larger discount rates.Both containment and eradication programmes are at risk of breach. Containment is less exposed to risk from reproduction in the 'occupied zone' and three types of breach that lead to a larger 'occupied zone', but more exposed to one type of breach that leads to a larger 'buffer zone'.For a well-specified eradication programme, only the three types of breach leading to reproduction in or just outside the buffer zone can justify falling back to containment, and only if the expected costs of eradication and containment were comparable before the breach. Synthesis and applications . Weed management plans must apply a consistent definition of containment and provide sufficient implementation detail to assess its feasibility. If the infestation extent, dispersal capacity, seed bank longevity and economic discount rate are specified, the general results presented here can be used to assess whether containment can outperform eradication, and under what conditions it would provide a valid fallback to a breached eradication programme.

Managing breaches of containment and eradication of invasive plant populations

PubMed Central

Fletcher, Cameron S; Westcott, David A; Murphy, Helen T; Grice, Anthony C; Clarkson, John R

2015-01-01

Containment can be a viable strategy for managing invasive plants, but it is not always cheaper than eradication. In many cases, converting a failed eradication programme to a containment programme is not economically justified. Despite this, many contemporary invasive plant management strategies invoke containment as a fallback for failed eradication, often without detailing how containment would be implemented. We demonstrate a generalized analysis of the costs of eradication and containment, applicable to any plant invasion for which infestation size, dispersal distance, seed bank lifetime and the economic discount rate are specified. We estimate the costs of adapting eradication and containment in response to six types of breach and calculate under what conditions containment may provide a valid fallback to a breached eradication programme. We provide simple, general formulae and plots that can be applied to any invasion and show that containment will be cheaper than eradication only when the size of the occupied zone exceeds a multiple of the dispersal distance determined by seed bank longevity and the discount rate. Containment becomes proportionally cheaper than eradication for invaders with smaller dispersal distances, longer lived seed banks, or for larger discount rates. Both containment and eradication programmes are at risk of breach. Containment is less exposed to risk from reproduction in the ‘occupied zone’ and three types of breach that lead to a larger ‘occupied zone’, but more exposed to one type of breach that leads to a larger ‘buffer zone’. For a well-specified eradication programme, only the three types of breach leading to reproduction in or just outside the buffer zone can justify falling back to containment, and only if the expected costs of eradication and containment were comparable before the breach. Synthesis and applications. Weed management plans must apply a consistent definition of containment and provide sufficient implementation detail to assess its feasibility. If the infestation extent, dispersal capacity, seed bank longevity and economic discount rate are specified, the general results presented here can be used to assess whether containment can outperform eradication, and under what conditions it would provide a valid fallback to a breached eradication programme. PMID:25678718

Sécurité au-delà des mythes et des croyances [Security beyond myths and beliefs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Koch, Stephane

2010-06-24

Présentation orale en français, support visuel en français et en anglais. La pire des failles de sécurité est l'impression de sécurité. Le décalage entre la compréhension que l’on a des technologies utilisées, et leurs potentiels réels, ainsi que l'impact potentiellement négatif qu'elles peuvent avoir sur nos vies, n'est pas toujours compris, ou pris en compte par la plupart d'entre-nous. On se contente de nos perceptions pour ne pas avoir à se confronter à la réalité... Alors qu'en est-il vraiment ? En matière de sécurité qui de l'humain ou des technologies a le contrôle ? [Oral presentation in French, visual supportmore » in French and English. The worst security breach and the impression of security. The gap between our understanding of the technologies used, and their actual potentials, as well as the potentially negative impact they may have on our lives, is not always understood, or taken into account by most of us. We are content with our perceptions to avoid having to confront the reality ... So what is it really? In terms of security is it humans or technology which has control?]« less

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

An inverse method to estimate the flow through a levee breach

NASA Astrophysics Data System (ADS)

D'Oria, Marco; Mignosa, Paolo; Tanda, Maria Giovanna

2015-08-01

We propose a procedure to estimate the flow through a levee breach based on water levels recorded in river stations downstream and/or upstream of the failure site. The inverse problem is solved using a Bayesian approach and requires the execution of several forward unsteady flow simulations. For this purpose, we have used the well-known 1-D HEC-RAS model, but any unsteady flow model could be adopted in the same way. The procedure has been tested using four synthetic examples. Levee breaches with different characteristics (free flow, flow with tailwater effects, etc.) have been simulated to collect the synthetic level data used at a later stage in the inverse procedure. The method was able to accurately reproduce the flow through the breach in all cases. The practicability of the procedure was then confirmed applying it to the inundation of the Polesine Region (Northern Italy) which occurred in 1951 and was caused by three contiguous and almost simultaneous breaches on the left embankment of the Po River.

The Effect of Perceived Privacy Breaches on Continued Technology Use and Individual Psychology: The Construct, Instrument Development, and an Application Using Internet Search Engines

ERIC Educational Resources Information Center

Ahmad, Altaf

2010-01-01

This dissertation involved the development of a new construct, perceived privacy breach (PPB), to evaluate how a person perceives breaches of privacy in terms of whether they perceive any exchange of information was fair or not and how they believe it will impact people whose information has been shared. . This instrument assists researchers to…

Data breaches. Final rule.

PubMed

2008-04-11

This document adopts, without change, the interim final rule that was published in the Federal Register on June 22, 2007, addressing data breaches of sensitive personal information that is processed or maintained by the Department of Veterans Affairs (VA). This final rule implements certain provisions of the Veterans Benefits, Health Care, and Information Technology Act of 2006. The regulations prescribe the mechanisms for taking action in response to a data breach of sensitive personal information.

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Computational Linguistics in Military Operations

DTIC Science & Technology

2010-01-01

information dominance at the operational and tactical level of war in future warfare. Discussion: Mastering culture and language in a foreign country is decisive to understand the operational environment. In addition, the ability to understand and speak a foreign language is a prerequisite to achieve truly comprehension of an unfamiliar culture. Lasting operations in Afghanistan and Iraq and the necessity to breach the language gap lead to progress in the field of Machine Translation and the development of technical solutions to close the gap in the past decade. This paper

Flood Control Project Lac Qui Parle, Emergency Plan

DTIC Science & Technology

1988-10-01

elevation of the breach (924.0 as shown in Table 1), is approximately 22.2 feet. The value of the envelope curve shown on Plate D-10 for a hydraulic...approximately 83% of the computed maximum outflow. Several failure scenarios for Lac qui Parle Dam were studied. The case of failure concurrent with a PKF ...discharge would plot very close to Lac qui Parle in Plate D-10. Plate D-10 shows that the value of the envelope curve for a hydraulic depth of 18.8 feet

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Methods for predicting peak discharge of floods caused by failure of natural and constructed earthen dams

USGS Publications Warehouse

Walder, Joseph S.; O'Connor, Jim E.

1997-01-01

Floods from failures of natural and constructed dams constitute a widespread hazard to people and property. Expeditious means of assessing flood hazards are necessary, particularly in the case of natural dams, which may form suddenly and unexpectedly. We revise statistical relations (derived from data for past constructed and natural dam failures) between peak discharge (Qp) and water volume released (V0) or drop in lake level (d) but assert that such relations, even when cast into a dimensionless form, are of limited utility because they fail to portray the effect of breach-formation rate. We then analyze a simple, physically based model of dam-breach formation to show that the hydrograph at the breach depends primarily on a dimensionless parameter η=kV0/gl/2d7/2, where k is the mean erosion rate of the breach and g is acceleration due to gravity. The functional relationship between Qp and η takes asymptotically distinct forms depending on whether η ≪ 1 (relatively slow breach formation or small lake volume) or η ≫ 1 (relatively fast breach formation or large lake volume). Theoretical predictions agree well with data from dam failures for which k, and thus η, can be estimated. The theory thus provides a rapid means of predicting the plausible range of values of peak discharge at the breach in an earthen dam as long as the impounded water volume and the water depth at the dam face can be estimated.

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

Lattice Boltzmann Study on Seawall-Break Flows under the Influence of Breach and Buildings

NASA Astrophysics Data System (ADS)

Mei, Qiu-Ying; Zhang, Wen-Huan; Wang, Yi-Hang; Chen, Wen-Wen

2017-10-01

In the process of storm surge, the seawater often overflows and even destroys the seawall. The buildings near the shore are usually inundated by the seawater through the breach. However, at present, there is little study focusing on the effects of buildings and breach on the seawall-break flows. In this paper, the lattice Boltzmann (LB) model with nine velocities in two dimensions (D2Q9) for the shallow water equations is adopted to simulate the seawall-break flows. The flow patterns and water depth distributions for the seawall-break flows under various densities, layouts and shapes of buildings and different breach discharges, sizes and locations are investigated. It is found that when buildings with a high enough density are perpendicular to the main flow direction, an obvious backwater phenomenon appears near buildings while this phenomenon does not occur when buildings with the same density are parallel to the main flow direction. Moreover, it is observed that the occurrence of backwater phenomenon is independent of the building shape. As to the effects of breach on the seawall-break flows, it is found that only when the breach discharge is large enough or the breach size is small enough, the effects of asymmetric distribution of buildings on the seawall-break flows become important. The breach location only changes the flow pattern in the upstream area of the first building that seawater meets, but has little impact on the global water depth distribution. Supported by the National Natural Science Foundation of China under Grant No. 11502124, the Natural Science Foundation of Zhejiang Province under Grant No. LQ16A020001, the Scientific Research Fund of Zhejiang Provincial Education Department under Grant No. Y201533808, the Natural Science Foundation of Ningbo under Grant No. 2016A610075, and is sponsored by K.C. Wong Magna Fund in Ningbo University.

Confidentiality breaches in clinical practice: what happens in hospitals?

PubMed

Beltran-Aroca, Cristina M; Girela-Lopez, Eloy; Collazo-Chao, Eliseo; Montero-Pérez-Barquero, Manuel; Muñoz-Villanueva, Maria C

2016-09-02

Respect for confidentiality is important to safeguard the well-being of patients and ensure the confidence of society in the doctor-patient relationship. The aim of our study is to examine real situations in which there has been a breach of confidentiality, by means of direct observation in clinical practice. By means of direct observation, our study examines real situations in which there has been a breach of confidentiality in a tertiary hospital. To observe and collect data on these situations, we recruited students enrolled in the Medical Degree Program at the University of Cordoba. The observers recorded their entries on standardized templates during clinical internships in different departments: Internal Medicine; Gynecology and Obstetrics; Pediatrics; Emergency Medicine; General and Digestive Surgery; Maxillofacial Surgery; Plastic Surgery; Orthopedics and Traumatology; Digestive; Dermatology; Rheumatology; Mental Health; Nephrology; Pneumology; Neurology; and Ophthalmology. Following 7138 days and 33157 h of observation, we found an estimated Frequency Index of one breach per 62.5 h. As regards the typology of the observed breaches, the most frequent (54,6 %) were related to the consultation and/or disclosure of clinical and/or personal data to medical personnel not involved in the patient's clinical care, as well as people external to the hospital. As regards their severity, severe breaches were the most frequent, accounting for 46.7 % of all incidents. Most of the reported incidents were observed in public areas (37.9 %), such as corridors, elevators, the cafeteria, stairs, and locker rooms. In addition to aspects related to hospital organization or infrastructure, we have shown that all healthcare personnel are involved in confidentiality breaches, especially physicians. While most are committed unintentionally, a non-negligible number are severe, repeated breaches (9.5 %), thus suggesting a certain carelessness, perhaps through ignorance about certain behaviors that can jeopardize patient confidentiality.

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

Resident Use of Text Messaging for Patient Care: Ease of Use or Breach of Privacy?

PubMed

Prochaska, Micah T; Bird, Amber-Nicole; Chadaga, Amar; Arora, Vineet M

2015-11-26

Short message service (SMS) text messaging is an efficient form of communication and pervasive in health care, but may not securely protect patient information. It is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care. We sought to compare residents' preferences for SMS text messaging compared with other forms of in-hospital communication when considering security versus ease of use. This study was a cross-sectional multi-institutional survey of internal medicine residents. Residents ranked different communication modalities based on efficiency, ease of use, and security using a Likert scale. Communication options included telephone, email, hospital paging, and SMS text messaging. Respondents also reported whether they had received confidential patient identifiers through any of these modalities. SMS text messaging was preferred by 71.7% (94/131) of respondents because of its efficiency and by 79.8% (103/129) of respondents because of its ease of use. For security, 82.5% (104/126) of respondents preferred the hospital paging system, whereas only 20.6% (26/126) of respondents preferred SMS text messaging for secure communication. In all, 70.9% (93/131) of respondents reported having received patient identifiers (first and/or last name), 81.7% (107/131) reported receiving patient initials, and 50.4% (66/131) reported receiving a patient's medical record number through SMS text messages. Residents prefer in-hospital communication through SMS text messaging because of its ease of use and efficiency. Despite security concerns, the majority of residents reported receiving confidential patient information through SMS text messaging. For providers, it is possible that the benefits of improved in-hospital communication with SMS text messaging and the presumed improvement in the coordination and delivery of patient care outweigh security concerns they may have. The tension between the security and convenience of SMS text messaging may represent an educational opportunity to ensure the compliance of mobile technology in the health care setting.

Tidal flow dynamics and background fluorescence of the Atlantic Intracoastal Waterway in the vicinity of Sullivan’s Island and the Isle of Palms, South Carolina, 2011-12

USGS Publications Warehouse

Conrads, Paul; Journey, Celeste A.; Clark, Jimmy M.; Levesque, Victor A.

2013-01-01

To effectively plan site-specific studies to understand the connection between wastewater effluent and shellfish beds, data are needed concerning flow dynamics and background fluorescence in the Atlantic Intracoastal Waterway near the effluent outfalls on Sullivan’s Island and the Isle of Palms. Tidal flows were computed by the U.S. Geological Survey for three stations and longitudinal water-quality profiles were collected at high and low tide. Flows for the three U.S. Geological Survey stations, the Atlantic Intracoastal Waterway by the Isle of Palms Marina, the Atlantic Intracoastal Waterway by the Ben M. Sawyer Memorial Bridge at Sullivan’s Island, and Breach Inlet, were computed for the 53-day period from December 4, 2011, to January 26, 2012. The largest flows occurred at Breach Inlet and ranged from -58,600 cubic feet per second (ft3/s) toward the Atlantic Intracoastal Waterway to 63,300 ft3/s toward the Atlantic Ocean. Of the two stations on the Atlantic Intracoastal Waterway, the Sullivan’s Island station had the larger flows and ranged from -6,360 ft3/s to the southwest (toward Charleston Harbor) to 8,930 ft3/s to the northeast. Computed tidal flow at the Isle of Palms station ranged from -3,460 ft3/s toward the southwest to 6,410 ft3/s toward the northeast. The synoptic water-quality study showed that the stations were well mixed vertically and horizontally. All fluorescence measurements (recorded as rhodamine concentration) were below the accuracy of the sensor and the background fluorescence would not likely interfere with a dye-tracer study.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Hatteras Breach, North Carolina

DTIC Science & Technology

2010-07-01

1400 EST. Cross channel ADCP transects were also made from an instrumented Zodiac inflatable boat on 16, 17, and 24 October. The ADCP employed for...of the breach, near the middle, and on the sound side (Figure 11). The Zodiac crabbed (at an angle to the cur- rent) across the breach at a best...Coastal and Hydraulics Engineering Technical Note (CHETN) is intended to document the rapid response of the U.S. Army Corps of Engineers to engineer and

Followup to Columbia Investigation: Reinforced Carbon/Carbon From the Breach Location in the Wing Leading Edge Studied

NASA Technical Reports Server (NTRS)

Jacobson, Nathan S.; Opila, Elizabeth J.; Tallant, David

2005-01-01

Initial estimates on the temperature and conditions of the breach in the Space Shuttle Columbia's wing focused on analyses of the slag deposits. These deposits are complex mixtures of the reinforced carbon/carbon (RCC) constituents, insulation material, and wing structural materials. Identification of melted/solidified Cerachrome insulation (Thermal Ceramics, Inc., Augusta, GA) indicated that the temperatures at the breach had exceeded 1760 C.

Fatal collision? Are wireless headsets a risk in treating patients?

PubMed

Sage, Cindy; Hardell, Lennart

2018-02-05

Wireless-enabled headsets that connect to the internet can provide remote transcribing of patient examination notes. Audio and video can be captured and transmitted by wireless signals sent from the computer screen in the frame of the glasses. But using wireless glass-type devices can expose the user to a specific absorption rates (SAR) of 1.11-1.46 W/kg of radiofrequency radiation. That RF intensity is as high as or higher than RF emissions of some cell phones. Prolonged use of cell phones used ipsilaterally at the head has been associated with statistically significant increased risk of glioma and acoustic neuroma. Using wireless glasses for extended periods to teach, to perform surgery, or conduct patient exams will expose the medical professional to similar RF exposures which may impair brain performance, cognition and judgment, concentration and attention and increase the risk for brain tumors. The quality of medical care may be compromised by extended use of wireless-embedded devices in health care settings. Both medical professionals and their patients should know the risks of such devices and have a choice about allowing their use during patient exams. Transmission of sensitive patient data over wireless networks may increase the risk of hacking and security breaches leading to losses of private patient medical and financial data that are strictly protected under HIPPA health information privacy laws.

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will... conditions under which SSA will disclose Social Security benefit data to OPM via direct computer link. OPM...

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

7 CFR 3431.21 - Breach.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SERVICE, DEPARTMENT OF AGRICULTURE VETERINARY MEDICINE LOAN REPAYMENT PROGRAM Administration of the Veterinary Medicine Loan Repayment Program § 3431.21 Breach. (a) General. If a program participant fails to...

Experiences of using UAVs for monitoring levee breaches

NASA Astrophysics Data System (ADS)

Brauneck, J.; Pohl, R.; Juepner, R.

2016-11-01

During floods technical protection facilities are subjected to high loads and might fail as several examples have shown in the past. During the major 2002 and 2013 floods in the catchment area of the Elbe River (Germany), some breaching levees caused large inundations in the hinterland. In such situations the emergency forces need comprehensive and reliable realtime information about the situation, especially the breach enlargement and discharge, the spatial and temporal development of the inundation and the damages. After an impressive progress meanwhile unmanned aerial vehicles (UAV) also called remotely piloted aircraft systems (RPAS) are highly capable to collect and transmit precise information from not accessible areas to the task force very quickly. Using the example of the Breitenhagen levee failure near the Saale-Elbe junction in Germany in June 2013 the processing steps will be explained that are needed to come from the visual UAV-flight information to a hydronumeric model. Modelling of the breach was implemented using photogrammetric ranging methods, such as structure from motion and dense image matching. These methods utilize conventional digital multiple view images or videos recorded by either a moving aerial platform or terrestrial photography and allow the construction of 3D point clouds, digital surface models and orthophotos. At Breitenhagen, a UAV recorded the beginning of the levee failure. Due to the dynamic character of the breach and the moving areal platform, 4 different surface models show valid data with extrapolated breach widths of 9 to 40 meters. By means of these calculations the flow rate through the breach has been determined. In addition the procedure has been tested in a physical model, whose results will be presented too.

Inter- and intra-observer reliability of measurement of pedicle screw breach assessed by postoperative CT scans.

PubMed

Lavelle, William F; Ranade, Ashish; Samdani, Amer F; Gaughan, John P; D'Andrea, Linda P; Betz, Randal R

2014-01-01

Pedicle screws are used increasingly in spine surgery. Concerns of complications associated with screw breach necessitates accurate pedicle screw placement. Postoperative CT imaging helps to detect screw malposition and assess its severity. However, accuracy is dependent on the reading of the CT scans. Inter- and intra-observer variability could affect the reliability of CT scans to assess multiple screw types and sites. The purpose of this study was to assess the reliability of multi-observer analysis of CT scans for determining pedicle screw breach for various screw types and sites in patients with spinal deformity or degenerative pathologies. Axial CT scan images of 23 patients (286 screws) were read by four experienced spine surgeons. Pedicle screw placement was considered 'In' when the screw was fully contained and/or the pedicle wall breach was ≤2 mm. 'Out' was defined as a breach in the medial or lateral pedicle wall >2 mm. Intra-class coefficients (ICC) were calculated to assess the inter- and intra-observer reliability. Marked inter- and intra-observer variability was noticed. The overall inter-observer ICC was 0.45 (95% confidence limits 0.25 to 0.65). The intra-observer ICC was 0.49 (95% confidence limits 0.29 to 0.69). Underlying spinal pathology, screw type, and patient age did not seem to impact the reliability of our CT assessments. Our results indicate the evaluation of pedicle screw breach on CT by a single surgeon is highly variable, and care should be taken when using individual CT evaluations of millimeters of breach as a basis for screw removal. This was a Level III study.

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

[Comment on the ruling about the appeal against the Directive on biotechnological inventions].

PubMed

Fernando Magarzo, M R

2001-01-01

The author examines the content of the European Court of Justice ruling which dismisses the appeal lodged by the Netherlands against Directive 98/44 concerning the legal protection of biotechnological inventions. The main grounds for the appeal were as follows: inappropriate choice of points of law; breach of the principle of subsidiarity; violation of the principle of legal certainty; breach of International Law obligations; undermining of human dignity; breach of the principle of collegiality.

Whip Rule Breaches in a Major Australian Racing Jurisdiction: Welfare and Regulatory Implications

PubMed Central

Hood, Jennifer; McDonald, Carolyn; Wilson, Bethany; McManus, Phil; McGreevy, Paul

2017-01-01

Simple Summary An evidence-based analysis of whip rule breaches in horse racing is needed to address community expectations that racehorses are treated humanely. The study provides the first peer-reviewed characterisation of whip rule breaches and their regulatory outcomes in horseracing, and considers the relationship between rules affecting racing integrity and the welfare of racehorses in a major Australian racing jurisdiction. Abstract Whip use in horseracing is increasingly being questioned on ethical, animal welfare, social sustainability, and legal grounds. Despite this, there is weak evidence for whip use and its regulation by Stewards in Australia. To help address this, we characterised whip rule breaches recorded by Stewards using Stewards Reports and Race Diaries from 2013 and 2016 in New South Wales (NSW) and the Australian Capital Territory (ACT). There were more recorded breaches at Metropolitan (M) than Country (C) or Provincial (P) locations, and by riders of horses that finished first, second, or third than by riders of horses that finished in other positions. The most commonly recorded breaches were forehand whip use on more than five occasions before the 100-metre (m) mark (44%), and whip use that raises the jockey’s arm above shoulder height (24%). It is recommended that racing compliance data be analysed annually to inform the evidence-base for policy, education, and regulatory change, and ensure the welfare of racehorses and racing integrity. PMID:28275207

I Am So Tired… How Fatigue May Exacerbate Stress Reactions to Psychological Contract Breach

PubMed Central

Achnak, Safâa; Griep, Yannick; Vantilborgh, Tim

2018-01-01

Previous research showed that perceptions of psychological contract (PC) breach have undesirable individual and organizational consequences. Surprisingly, the PC literature has paid little to no attention to the relationship between PC breach perceptions and stress. A better understanding of how PC breach may elicit stress seems crucial, given that stress plays a key role in employees' physical and mental well-being. Based on Conservation of Resources Theory, we suggest that PC breach perceptions represent a perceived loss of valued resources, subsequently leading employees to experience higher stress levels resulting from emerging negative emotions. Moreover, we suggest that this mediated relationship is moderated by initial levels of fatigue, due to fatigue lowering the personal resources necessary to cope with breach events. To tests our hypotheses, we analyzed the multilevel data we obtained from two experience sampling designs (Study 1: 51 Belgian employees; Study 2: 53 US employees). Note that the unit of analysis is “observations” rather than “respondents,” resulting in an effective sample size of 730 (Study 1) and 374 (Study 2) observations. In both studies, we found evidence for the mediating role of negative emotions in the PC breach—stress relationship. In the second study, we also found evidence for the moderating role of fatigue in the mediated PC breach—stress relationship. Implications for research and practice are discussed. PMID:29559935

Controls on the breach geometry and flood hydrograph during overtopping of non-cohesive earthen dams

USGS Publications Warehouse

Walder, Joseph S.; Iverson, Richard M.; Godt, Jonathan W.; Logan, Matthew; Solovitz, Stephen A.

2015-01-01

Overtopping failure of non-cohesive earthen dams was investigated in 13 large-scale experiments with dams built of compacted, damp, fine-grained sand. Breaching was initiated by cutting a notch across the dam crest and allowing water escaping from a finite upstream reservoir to form its own channel. The channel developed a stepped profile, and upstream migration of the steps, which coalesced into a headcut, led to the establishment of hydraulic control (critical flow) at the channel head, or breach crest, an arcuate erosional feature that functions hydraulically as a weir. Novel photogrammetric methods, along with underwater videography, revealed that the retreating headcut maintained a slope near the angle of friction of the sand, while the cross section at the breach crest maintained a geometrically similar shape through time. That cross-sectional shape was nearly unaffected by slope failures, contrary to the assumption in many models of dam breaching. Flood hydrographs were quite reproducible--for sets of dams ranging in height from 0.55 m to 0.98 m--when the time datum was chosen as the time that the migrating headcut intersected the breach crest. Peak discharge increased almost linearly as a function of initial dam height. Early-time variability between flood hydrographs for nominally identical dams is probably a reflection of subtle experiment-to-experiment differences in groundwater hydrology and the interaction between surface water and groundwater.

Perceived Control and Psychological Contract Breach as Explanations of the Relationships Between Job Insecurity, Job Strain and Coping Reactions: Towards a Theoretical Integration.

PubMed

Vander Elst, Tinne; De Cuyper, Nele; Baillien, Elfi; Niesen, Wendy; De Witte, Hans

2016-04-01

This study aims to further knowledge on the mechanisms through which job insecurity is related to negative outcomes. Based on appraisal theory, two explanations-perceived control and psychological contract breach-were theoretically integrated in a comprehensive model and simultaneously examined as mediators of the job insecurity-outcome relationship. Different categories of outcomes were considered, namely work-related (i.e. vigour and need for recovery) and general strain (i.e. mental and physical health complaints), as well as psychological (i.e. job satisfaction and organizational commitment) and behavioural coping reactions (i.e. self-rated performance and innovative work behaviour). The hypotheses were tested using data of a heterogeneous sample of 2413 Flemish employees by means of both single and multiple mediator structural equation modelling analyses (bootstrapping method). Particularly, psychological contract breach accounted for the relationship between job insecurity and strain. Both perceived control and psychological contract breach mediated the relationships between job insecurity and psychological coping reactions, although the indirect effects were larger for psychological contract breach. Finally, perceived control was more important than psychological contract breach in mediating the relationships between job insecurity and behavioural coping reactions. This study meets previous calls for a theoretical integration regarding mediators of the job insecurity-outcome relationship. Copyright © 2014 John Wiley & Sons, Ltd.

Flood hydrology and dam-breach hydraulic analyses of five reservoirs in Colorado

USGS Publications Warehouse

Stevens, Michael R.; Hoogestraat, Galen K.

2013-01-01

The U.S. Department of Agriculture Forest Service has identified hazard concerns for areas downstream from five Colorado dams on Forest Service land. In 2009, the U.S. Geological Survey, in cooperation with the Forest Service, initiated a flood hydrology analysis to estimate the areal extent of potential downstream flood inundation and hazard to downstream life, property, and infrastructure if dam breach occurs. Readily available information was used for dam-breach assessments of five small Colorado reservoirs (Balman Reservoir, Crystal Lake, Manitou Park Lake, McGinnis Lake, and Million Reservoir) that are impounded by an earthen dam, and no new data were collected for hydraulic modeling. For each reservoir, two dam-breach scenarios were modeled: (1) the dam is overtopped but does not fail (break), and (2) the dam is overtopped and dam-break occurs. The dam-breach scenarios were modeled in response to the 100-year recurrence, 500-year recurrence, and the probable maximum precipitation, 24-hour duration rainstorms to predict downstream flooding. For each dam-breach and storm scenario, a flood inundation map was constructed to estimate the extent of flooding in areas of concern downstream from each dam. Simulation results of the dam-break scenarios were used to determine the hazard classification of the dam structure (high, significant, or low), which is primarily based on the potential for loss of life and property damage resulting from the predicted downstream flooding.

Estimated loads of suspended sediment and selected trace elements transported through the Clark Fork basin, Montana, in selected periods before and after the breach of Milltown Dam (water years 1985-2009)

USGS Publications Warehouse

Sando, Steven K.; Lambing, John H.

2011-01-01

Milltown Reservoir is a National Priorities List Superfund site in the upper Clark Fork basin of western Montana where sediments enriched in trace elements from historical mining and ore processing have been deposited since the completion of Milltown Dam in 1908. Milltown Dam was breached on March 28, 2008, as part of Superfund remediation activities to remove the dam and excavate contaminated sediment that had accumulated in Milltown Reservoir. In preparation for the breach of Milltown Dam, permanent drawdown of Milltown Reservoir began on June 1, 2006, and lowered the water-surface elevation by about 10 to 12 feet. After the breach of Milltown Dam, the water-surface elevation was lowered an additional 17 feet. Hydrologic data-collection activities were conducted by the U.S. Geological Survey in cooperation with U.S. Environmental Protection Agency to estimate loads of suspended sediment and trace elements transported through the Clark Fork basin before and after the breach of Milltown Dam. This report presents selected results of the data-collection activities.

The Risks to Patient Privacy from Publishing Data from Clinical Anesthesia Studies.

PubMed

O'Neill, Liam; Dexter, Franklin; Zhang, Nan

2016-06-01

In this article, we consider the privacy implications of posting data from small, randomized trials, observational studies, or case series in anesthesia from a few (e.g., 1-3) hospitals. Prior to publishing such data as supplemental digital content, the authors remove attributes that could be used to re-identify individuals, a process known as "anonymization." Posting health information that has been properly "de-identified" is assumed to pose no risks to patient privacy. Yet, computer scientists have demonstrated that this assumption is flawed. We consider various realistic scenarios of how the publication of such data could lead to breaches of patient privacy. Several examples of successful privacy attacks are reviewed, as well as the methods used. We survey the latest models and methods from computer science for protecting health information and their application to posting data from small anesthesia studies. To illustrate the vulnerability of such published data, we calculate the "population uniqueness" for patients undergoing one or more surgical procedures using data from the State of Texas. For a patient selected uniformly at random, the probability that an adversary could match this patient's record to a unique record in the state external database was 42.8% (SE < 0.1%). Despite the 42.8% being an unacceptably high level of risk, it underestimates the risk for patients from smaller states or provinces. We propose an editorial policy that greatly reduces the likelihood of a privacy breach, while supporting the goal of transparency of the research process.

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

How to securely replicate services

NASA Technical Reports Server (NTRS)

Reiter, Michael; Birman, Kenneth

1992-01-01

A method is presented for constructing replicated services that retain their availability and integrity despite several servers and clients corrupted by an intruder, in addition to others failing benignly. More precisely, a service is replicated by n servers in such a way that a correct client will accept a correct server's response if, for some prespecified parameter k, at least k servers are correct and fewer than k servers are corrupt. The issue of maintaining causality among client requests is also addressed. A security breach resulting from an intruder's ability to effect a violation of causality in the sequence of requests processed by the service is illustrated. An approach to counter this problem is proposed that requires fewer than k servers to be corrupt and that is live if at least k+b servers are correct, where b is the assumed maximum total number of corrupt servers in any system run. An important and novel feature of these schemes is that the client need not be able to identify or authenticate even a single server. Instead, the client is required only to possess at most two public keys for the service. The practicality of these schemes is illustrated through a discussion of several issues pertinent to their implementation and use, and their intended role in a secure version of the Isis system is also described.

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

Coastal bathymetry data collected in May 2015 from Fire Island, New York—Wilderness breach and shoreface

USGS Publications Warehouse

Nelson, Timothy R.; Miselis, Jennifer L.; Hapke, Cheryl J.; Brenner, Owen T.; Henderson, Rachel E.; Reynolds, Billy J.; Wilson, Kathleen E.

2017-05-12

Scientists from the U.S. Geological Survey (USGS) St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, conducted a bathymetric survey of Fire Island from May 6-20, 2015. The USGS is involved in a post-Hurricane Sandy effort to map and monitor the morphologic evolution of the wilderness breach as a part of the Hurricane Sandy Supplemental Project GS2-2B. During this study, bathymetry data were collected with single-beam echo sounders and Global Positioning Systems, which were mounted to personal watercraft, along the Fire Island shoreface and within the wilderness breach. Additional bathymetry and elevation data were collected using backpack Global Positioning Systems on flood shoals and in shallow channels within the wilderness breach.

6 CFR 13.27 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Computation of time. 13.27 Section 13.27 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.27 Computation of time. (a) In computing any period of time under this part or in an order issued...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

An Exploratory Analysis of Waterfront Force Protection Measures Using Simulation

DTIC Science & Technology

2002-03-01

LEFT BLANK 75 APPENDIX B. DESIGN POINT DATA Table 16. Design Point One Data breach - count leakers- count numberAv ailablePBs- mean numberInI...0.002469 0.006237 27.63104 7144.875 0.155223 76 Table 17. Design Point Two Data breach - count leakers- count numberAv ailablePBs- mean numberInI...0.001163 4.67E-12 29.80891 6393.874 0.188209 77 Table 18. Design Point Three Data breach - count leakers- count numberAv ailablePBs- mean