State Security Breach Response Laws: State-by-State Summary Table. Using Data to Improve Education: A Legal Reference Guide to Protecting Student Privacy and Data Security

ERIC Educational Resources Information Center

Data Quality Campaign, 2011

2011-01-01

Under security breach response laws, businesses--and sometimes state and governmental agencies--are required to inform individuals when the security, confidentiality or integrity of their personal information has been compromised. This resource provides a state-by-state analysis of security breach response laws. [The Data Quality Campaign has…

Software For Computer-Security Audits

NASA Technical Reports Server (NTRS)

Arndt, Kate; Lonsford, Emily

1994-01-01

Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

14 CFR § 1274.936 - Breach of safety or security.

Code of Federal Regulations, 2014 CFR

2014-01-01

... environment. Safety is essential to NASA and is a material part of this contract. NASA's safety priority is to... Occupational Safety and Health Administration (OSHA) or by a state agency operating under an OSHA approved plan... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Breach of safety or security. § 1274.936...

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Vehicle assisted harpoon breaching tool

DOEpatents

Pacheco, James E [Albuquerque, NM; Highland, Steven E [Albuquerque, NM

2011-02-15

A harpoon breaching tool that allows security officers, SWAT teams, police, firemen, soldiers, or others to forcibly breach metal doors or walls very quickly (in a few seconds), without explosives. The harpoon breaching tool can be mounted to a vehicle's standard receiver hitch.

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2012-07-01 2012-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2014-07-01 2014-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2013-07-01 2013-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2011-07-01 2011-07-01 false Data breach. 75.113...) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach occurs under this subpart if there is a loss or theft of...

38 CFR 75.113 - Data breach.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Data breach. 75.113 Section 75.113 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.113 Data breach. Consistent with the definition of data breach in § 75.112 of this subpart, a data breach...

Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

PubMed

Collmann, Jeff; Cooper, Ted

2007-01-01

This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

What caused the breach? An examination of use of information technology and health data breaches.

PubMed

Wikina, Suanu Bliss

2014-01-01

Data breaches arising from theft, loss, unauthorized access/disclosure, improper disclosure, or hacking incidents involving personal health information continue to increase every year. As of September 2013, reported breaches affecting individuals reached close to 27 million since 2009, when compilation of records on breaches began. These breaches, which involved 674 covered entities and 153 business associates, involved computer systems and networks, desktop computers, laptops, paper, e-mail, electronic health records, and removable/portable devices (CDs, USBs, x-ray films, backup tapes, etc.). Even with the increased use of health information technology by health institutions and allied businesses, theft and loss (not hacking) constitute the major types of data breaches encountered. Removable/portable devices, desktop computers, and laptops were the top sources or locations of the breached information, while the top six states-Virginia, Illinois, California, Florida, New York, and Tennessee-in terms of the number of reported breaches accounted for nearly 75 percent of the total individual breaches, 33 percent of breaches in covered entities, and about 30 percent of the total breaches involving business associates.

What Caused the Breach? An Examination of Use of Information Technology and Health Data Breaches

PubMed Central

Wikina, Suanu Bliss

2014-01-01

Data breaches arising from theft, loss, unauthorized access/disclosure, improper disclosure, or hacking incidents involving personal health information continue to increase every year. As of September 2013, reported breaches affecting individuals reached close to 27 million since 2009, when compilation of records on breaches began. These breaches, which involved 674 covered entities and 153 business associates, involved computer systems and networks, desktop computers, laptops, paper, e-mail, electronic health records, and removable/portable devices (CDs, USBs, x-ray films, backup tapes, etc.). Even with the increased use of health information technology by health institutions and allied businesses, theft and loss (not hacking) constitute the major types of data breaches encountered. Removable/portable devices, desktop computers, and laptops were the top sources or locations of the breached information, while the top six states—Virginia, Illinois, California, Florida, New York, and Tennessee—in terms of the number of reported breaches accounted for nearly 75 percent of the total individual breaches, 33 percent of breaches in covered entities, and about 30 percent of the total breaches involving business associates. PMID:25593574

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Breach to Nowhere

ERIC Educational Resources Information Center

Schaffhauser, Dian

2009-01-01

Will that data breach be the end of a chief security officer (CSO)? Managing information security in higher education requires more than just technical expertise, especially when the heat is cranked up. This article takes a look at how two CSOs deal with hack attacks at their universities. When Purdue University Chief Information Security Officer…

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making

Data breach locations, types, and associated characteristics among US hospitals.

PubMed

Gabriel, Meghan Hufstader; Noblin, Alice; Rutherford, Ashley; Walden, Amanda; Cortelyou-Ward, Kendall

2018-02-01

The objectives of this study were to describe the locations in hospitals where data are breached, the types of breaches that occur most often at hospitals, and hospital characteristics, including health information technology (IT) sophistication and biometric security capabilities, that may be predicting factors of large data breaches that affect 500 or more patients. The Office of Civil Rights breach data from healthcare providers regarding breaches that affected 500 or more individuals from 2009 to 2016 were linked with hospital characteristics from the Health Information Management Systems Society and the American Hospital Association Health IT Supplement databases. Descriptive statistics were used to characterize hospitals with and without breaches, data breach type, and location/mode of data breaches in hospitals. Multivariate logistic regression analysis explored hospital characteristics that were predicting factors of a data breach affecting at least 500 patients, including area characteristics, region, health system membership, size, type, biometric security use, health IT sophistication, and ownership. Of all types of healthcare providers, hospitals accounted for approximately one-third of all data breaches and hospital breaches affected the largest number of individuals. Paper and films were the most frequent location of breached data, occurring in 65 hospitals during the study period, whereas network servers were the least common location but their breaches affected the most patients overall. Adjusted multivariate results showed significant associations among data breach occurrences and some hospital characteristics, including type and size, but not others, including health IT sophistication or biometric use for security. Hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs. Additionally, information security systems should be implemented concurrently with health information technologies. Improving

Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

ERIC Educational Resources Information Center

Coronado, Adolfo S.

2012-01-01

Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

An Analysis of Data Breach Notifications as Negative News

ERIC Educational Resources Information Center

Veltsos, Jennifer R.

2012-01-01

Forty-six states require organizations to notify users when personally identifiable information has been exposed or when the organization's data security measures have been breached. This article describes a qualitative document analysis of 13 data breach notification templates from state and federal agencies. The results confirm much of the…

Just in Time Research: Data Breaches in Higher Education

ERIC Educational Resources Information Center

Grama, Joanna

2014-01-01

This "Just in Time" research is in response to recent discussions on the EDUCAUSE Higher Education Information Security Council (HEISC) discussion list about data breaches in higher education. Using data from the Privacy Rights Clearinghouse, this research analyzes data breaches attributed to higher education. The results from this…

Can Cross-Listing Mitigate the Impact of an Information Security Breach Announcement on a Firm's Values?

NASA Astrophysics Data System (ADS)

Chen, Yong; Dong, Feng; Chen, Hong; Xu, Li

2016-08-01

The increase in globalization in the markets has driven firms to adopt online technologies and to cross-list their stocks. Recent studies have consistently found that the announcements of information security breaches (ISBs) are negatively associated with the market values of the announcing firms during the days surrounding the breach announcements. Given the improvement in firms’ information environments and the better protection for investors generated by cross-listing, does cross-listing help firms to reduce the negative impacts caused by their announcements of ISBs? This paper conducts an event study of 120 publicly traded firms (among which 25 cross-list and 95 do not), in order to explore the answer. The results indicate that the impact of ISB announcements on a firm's stock prices shows no difference between cross-listing firms and non-cross-listing firms. Cross-listing does not mitigate the impact of ISBs announcement on a firm's market value.

Comparison of Dam Breach Parameter Estimators

DTIC Science & Technology

2008-01-01

of the methods, when used in the HEC - RAS simulation model , produced comparable results. The methods tested suggest use of ...characteristics of a dam breach, use of those parameters within the unsteady flow routing model HEC - RAS , and the computation and display of the resulting...implementation of these breach parameters in

Security Management Strategies for Protecting Your Library's Network.

ERIC Educational Resources Information Center

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual

Breaches of health information: are electronic records different from paper records?

PubMed

Sade, Robert M

2010-01-01

Breaches of electronic medical records constitute a type of healthcare error, but should be considered separately from other types of errors because the national focus on the security of electronic data justifies special treatment of medical information breaches. Guidelines for protecting electronic medical records should be applied equally to paper medical records.

Competition, Speculative Risks, and IT Security Outsourcing

NASA Astrophysics Data System (ADS)

Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

A Study on Corporate Security Awareness and Compliance Behavior Intent

ERIC Educational Resources Information Center

Clark, Christine Y.

2013-01-01

Understanding the drivers to encourage employees' security compliance behavior is increasingly important in today's highly networked environment to protect computer and information assets of the company. The traditional approach for corporations to implement technology-based controls, to prevent security breaches is no longer sufficient.…

A physician's role following a breach of electronic health information.

PubMed

Kim, Daniel; Schleiter, Kristin; Crigger, Bette-Jane; McMahon, John W; Benjamin, Regina M; Douglas, Sharon P

2010-01-01

The Council on Ethical and Judicial Affairs of the American Medical Association examines physicians' professional ethical responsibility in the event that the security of patients' electronic records is breached.

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

Impact of Security Awareness Programs on End-User Security Behavior: A Quantitative Study of Federal Workers

ERIC Educational Resources Information Center

Smith, Gwendolynn T.

2012-01-01

The increasing dependence on technology presented more vulnerability to security breaches of information and the need to assess security awareness levels in federal organizations, as well as other organizations. Increased headlines of security breaches of federal employees' security actions prompted this study. The research study reviewed the…

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

The Case for Inclusion of Competitive Teams in Security Education

ERIC Educational Resources Information Center

Serapiglia, Anthony

2016-01-01

Through industry news as well as contemporary reporting, the topic of computer security has become omnipresent in our daily lives. Whether the news is about corporate data breaches, international cyber espionage, or personal data compromises and identity theft--EVERYONE has had to deal with digital security in some way. Because of this, one of the…

Evaluation of Secure Computation in a Distributed Healthcare Setting.

PubMed

Kimura, Eizen; Hamada, Koki; Kikuchi, Ryo; Chida, Koji; Okamoto, Kazuya; Manabe, Shirou; Kuroda, Tomohiko; Matsumura, Yasushi; Takeda, Toshihiro; Mihara, Naoki

2016-01-01

Issues related to ensuring patient privacy and data ownership in clinical repositories prevent the growth of translational research. Previous studies have used an aggregator agent to obscure clinical repositories from the data user, and to ensure the privacy of output using statistical disclosure control. However, there remain several issues that must be considered. One such issue is that a data breach may occur when multiple nodes conspire. Another is that the agent may eavesdrop on or leak a user's queries and their results. We have implemented a secure computing method so that the data used by each party can be kept confidential even if all of the other parties conspire to crack the data. We deployed our implementation at three geographically distributed nodes connected to a high-speed layer two network. The performance of our method, with respect to processing times, suggests suitability for practical use.

A Portable Computer Security Workshop

ERIC Educational Resources Information Center

Wagner, Paul J.; Phillips, Andrew T.

2006-01-01

We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

Fluvial dike breaching due to overtopping: how different is it from dam breaching?

NASA Astrophysics Data System (ADS)

Rifai, Ismail; Erpicum, Sébastien; Archambeau, Pierre; Violeau, Damien; Pirotton, Michel; El kadi Abderrezzak, Kamal; Dewals, Benjamin

2017-04-01

During floods in large rivers, casualties and extent of damage are often aggravated by breach formation across fluvial dikes. The most frequent cause of breaching is flow overtopping. Predicting the breach geometry and associated outflow hydrograph is of critical importance for estimating the inundation characteristics in the floodplain and the resulting flood risk. Because fluvial dikes are built along a main channel that conveys flowing water, fluvial dike breaching differs from dam breaching, in which the embankment is built across the channel downstream of a reservoir. While a vast body of studies exists on dam breaching configuration (e.g., Schmocker et al. 2012, 2014, Müller et al. 2016), little is known on specific aspects of fluvial dike breaching. We performed laboratory experiments that highlight the specific erosion processes governing fluvial dike breaching (Rifai et al. 2017a). The experimental setup includes a 10 m long and 1 m wide main channel, separated from a floodplain by a 0.3 m high dike of trapezoidal cross-section. The dike material was homogeneous and made of uniform sand. A rectangular initial notch was cut in the crest to initiate 3D breaching. The breach development was monitored continuously using a self-developed laser profilometry technique (Rifai et al. 2016). The observations reveal that the breach develops in two stages. First, a combined breach deepening and widening occur, together with a gradual shift of the breach centreline toward the downstream side of the main channel. Later, the breach widening continues only toward the downstream side of the main channel, highlighting a significant influence of flow momentum in the main channel. Moreover, the breach cross-section is tilted toward the downstream end of the main channel, which is a signature of an asymmetric velocity distribution through the breach (Rifai et al. 2017b). When the inflow discharge in the main channel is increased, the breach development becomes much faster (e

Large Earthquakes Disrupt Groundwater System by Breaching Aquitards

NASA Astrophysics Data System (ADS)

Wang, C. Y.; Manga, M.; Liao, X.; Wang, L. P.

2016-12-01

Changes of groundwater system by large earthquakes are widely recognized. Some changes have been attributed to increases in the vertical permeability but basic questions remain: How do increases in the vertical permeability occur? How frequent do they occur? How fast does the vertical permeability recover after the earthquake? Is there a quantitative measure for detecting the occurrence of aquitard breaching? Here we attempt to answer these questions by examining data accumulated in the past 15 years. Analyses of increased stream discharges and their geochemistry after large earthquakes show evidence that the excess water originates from groundwater released from high elevations by large increase of the vertical permeability. Water-level data from a dense network of clustered wells in a sedimentary basin near the epicenter of the 1999 M7.6 Chi-Chi earthquake in western Taiwan show that, while most confined aquifers remained confined after the earthquake, about 10% of the clustered wells show evidence of coseismic breaching of aquitards and a great increase of the vertical permeability. Water level in wells without evidence of coseismic breaching of aquitards show similar tidal response before and after the earthquake; wells with evidence of coseismic breaching of aquitards, on the other hand, show distinctly different tidal response before and after the earthquake and that the aquifers became hydraulically connected for many months thereafter. Breaching of aquitards by large earthquakes has significant implications for a number of societal issues such as the safety of water resources, the security of underground waste repositories, and the production of oil and gas. The method demonstrated here may be used for detecting the occurrence of aquitard breaching by large earthquakes in other seismically active areas.

The extreme risk of personal data breaches and the erosion of privacy

NASA Astrophysics Data System (ADS)

Wheatley, Spencer; Maillart, Thomas; Sornette, Didier

2016-01-01

Personal data breaches from organisations, enabling mass identity fraud, constitute an extreme risk. This risk worsens daily as an ever-growing amount of personal data are stored by organisations and on-line, and the attack surface surrounding this data becomes larger and harder to secure. Further, breached information is distributed and accumulates in the hands of cyber criminals, thus driving a cumulative erosion of privacy. Statistical modeling of breach data from 2000 through 2015 provides insights into this risk: A current maximum breach size of about 200 million is detected, and is expected to grow by fifty percent over the next five years. The breach sizes are found to be well modeled by an extremely heavy tailed truncated Pareto distribution, with tail exponent parameter decreasing linearly from 0.57 in 2007 to 0.37 in 2015. With this current model, given a breach contains above fifty thousand items, there is a ten percent probability of exceeding ten million. A size effect is unearthed where both the frequency and severity of breaches scale with organisation size like s0.6. Projections indicate that the total amount of breached information is expected to double from two to four billion items within the next five years, eclipsing the population of users of the Internet. This massive and uncontrolled dissemination of personal identities raises fundamental concerns about privacy.

Evaluating the effects of dam breach methodologies on Consequence Estimation through Sensitivity Analysis

NASA Astrophysics Data System (ADS)

Kalyanapu, A. J.; Thames, B. A.

2013-12-01

Dam breach modeling often includes application of models that are sophisticated, yet computationally intensive to compute flood propagation at high temporal and spatial resolutions. This results in a significant need for computational capacity that requires development of newer flood models using multi-processor and graphics processing techniques. Recently, a comprehensive benchmark exercise titled the 12th Benchmark Workshop on Numerical Analysis of Dams, is organized by the International Commission on Large Dams (ICOLD) to evaluate the performance of these various tools used for dam break risk assessment. The ICOLD workshop is focused on estimating the consequences of failure of a hypothetical dam near a hypothetical populated area with complex demographics, and economic activity. The current study uses this hypothetical case study and focuses on evaluating the effects of dam breach methodologies on consequence estimation and analysis. The current study uses ICOLD hypothetical data including the topography, dam geometric and construction information, land use/land cover data along with socio-economic and demographic data. The objective of this study is to evaluate impacts of using four different dam breach methods on the consequence estimates used in the risk assessments. The four methodologies used are: i) Froehlich (1995), ii) MacDonald and Langridge-Monopolis 1984 (MLM), iii) Von Thun and Gillete 1990 (VTG), and iv) Froehlich (2008). To achieve this objective, three different modeling components were used. First, using the HEC-RAS v.4.1, dam breach discharge hydrographs are developed. These hydrographs are then provided as flow inputs into a two dimensional flood model named Flood2D-GPU, which leverages the computer's graphics card for much improved computational capabilities of the model input. Lastly, outputs from Flood2D-GPU, including inundated areas, depth grids, velocity grids, and flood wave arrival time grids, are input into HEC-FIA, which provides the

Barrier island vulnerability to breaching: a case study on Dauphin Island, Alabama

USGS Publications Warehouse

Hansen, Mark; Sallenger, Asbury H.

2007-01-01

Breaching of barrier islands can adversely impact society by severing infrastructure, destroying private properties, and altering water quality in back bays and estuaries. This study provides a scheme that assesses the relative vulnerability of a barrier island to breach during storms. Dauphin Island, Alabama was selected for this study because it has a well documented history of island breaches and extensive geological and geomorphic data. To assess the vulnerability of the island, we defined several variables contributing to the risk of breaching: island geology, breaching history, and island topography and geomorphology. These variables were combined to form a breaching index (BI) value for cross island computational bins, each bin every 50 m in the alongshore direction. Results suggest the eastern section of Dauphin Island has the lowest risk of breaching with the remaining portion of the island having a moderate to high risk of breaching. Two reaches in the western section of the island were found to be particularly vulnerable due primarily to their minimal cross-sectional dimensions.

Parallel Processable Cryptographic Methods with Unbounded Practical Security.

ERIC Educational Resources Information Center

Rothstein, Jerome

Addressing the problem of protecting confidential information and data stored in computer databases from access by unauthorized parties, this paper details coding schemes which present such astronomical work factors to potential code breakers that security breaches are hopeless in any practical sense. Two procedures which can be used to encode for…

Comparing process-based breach models for earthen embankments subjected to internal erosion

USDA-ARS?s Scientific Manuscript database

Predicting the potential flooding from a dam site requires prediction of outflow resulting from breach. Conservative estimates from the assumption of instantaneous breach or from an upper envelope of historical cases are readily computed, but these estimates do not reflect the properties of a speci...

The Myth about IT Security

ERIC Educational Resources Information Center

Oblinger, Diana G.; Hawkins, Brian L.

2006-01-01

Seeing an institution's name in the headlines for a security breach may be among a CIO's-- and a president's--worst nightmares. Whether the breached data involves social security numbers, credit card accounts, clinical records, or research, this is bad news. Federal agencies that provide research funding may lose confidence in data integrity,…

Intermittent ephemeral river-breaching

NASA Astrophysics Data System (ADS)

Reniers, A. J.; MacMahan, J. H.; Gallagher, E. L.; Shanks, A.; Morgan, S.; Jarvis, M.; Thornton, E. B.; Brown, J.; Fujimura, A.

2012-12-01

In the summer of 2011 we performed a field experiment in Carmel River State Beach, CA, at a time when the intermittent natural breaching of the ephemeral Carmel River occurred due to an unusually rainy period prior to the experiment associated with El Nino. At this time the river would fill the lagoon over the period of a number of days after which a breach would occur. This allowed us to document a number of breaches with unique pre- and post-breach topographic surveys, accompanying ocean and lagoon water elevations as well as extremely high flow (4m/s) velocities in the river mouth during the breaching event. The topographic surveys were obtained with a GPS-equipped backpack mounted on a walking human and show the evolution of the river breaching with a gradually widening and deepening river channel that cuts through the pre-existing beach and berm. The beach face is qualified as a steep with an average beach slope of 1:10 with significant reflection of the incident waves (MacMahan et al., 2012). The wave directions are generally shore normal as the waves refract over the deep canyon that is located offshore of the beach. The tide is mixed semi-diurnal with a range on the order of one meter. Breaching typically occurred during the low-low tide. Grain size is highly variable along the beach with layers of alternating fine and coarse material that could clearly be observed as the river exit channel was cutting through the beach. Large rocky outcroppings buried under the beach sand are also present along certain stretches of the beach controlling the depth of the breaching channel. The changes in the water level measured within the lagoon and the ocean side allows for an estimate of the volume flux associated with the breach as function of morphology, tidal elevation and wave conditions as well as an assessment of the conditions and mechanisms of breach closure, which occurred on the time scale of O(0.5 days). Exploratory model simulations will be presented at the

Data security101: avoiding the list.

PubMed

Perna, Gabriel

2012-01-01

Thanks to the rampant digitization of healthcare data, breaches have become commonplace in an industry that lacks advanced security practices. In this industry-wide report, those who have dealt with breaches implore others to shore up internal security practices and be transparent. As one CIO keenly notes, "we're all in this together."

Caprock Breach: A Threat to Secure Geologic Sequestration

NASA Astrophysics Data System (ADS)

Selvadurai, A. P.; Dong, W.

2013-12-01

The integrity of caprock in providing a reliable barrier is crucial to several environmental geosciences endeavours related to geologic sequestration of CO2, deep geologic disposal of hazardous wastes and contaminants. The integrity of geologic barriers can be compromised by several factors. The re-activation of dormant fractures and development of new fractures in the caprock during the injection process are regarded as effects that can pose a threat to storage security. Other poromechanical influences of pore structure collapse due to chemically induced erosion of the porous fabric resulting in worm-hole type features can also contribute to compromising storage security. The assessment of the rate of steady or transient seepage through defects in the caprock can allow geoscientists to make prudent evaluations of the effectiveness of a sequestration strategy. While complicated computational simulations can be used to calculate leakage through defects, it is useful to explore alternative analytical results that could be used in providing preliminary estimates of leakage rates through defects in the caprock in a storage setting. The relevance of such developments is underscored by the fact that the permeability characteristics of the storage formation, the fracture and the surficial rocks overlying the caprock can rarely be quantified with certainty. This paper presents the problem of a crack in a caprock that connects to a storage formation and an overburden rock or surficial soil formation. The geologic media are maintained at constant far-field flow potentials and leakage takes place at either steady or transient conditions. The paper develops an analytical result that can be used to estimate the steady seepage through the crack. The analytical result can also be used to estimate the leakage through hydraulically non-intersecting cracks and leakage from caprock-well casing interfaces. The analytical result is used to estimate the accuracy of a computational

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

Simulation of Flow Through Breach in Leading Edge at Mach 24

NASA Technical Reports Server (NTRS)

Gnoffo, Peter A.; Alter, Stephen J.

2004-01-01

A baseline solution for CFD Point 1 (Mach 24) in the STS-107 accident investigation was modified to include effects of holes through the leading edge into a vented cavity. The simulations were generated relatively quickly and early in the investigation by making simplifications to the leading edge cavity geometry. These simplifications in the breach simulations enabled: 1) A very quick grid generation procedure; 2) High fidelity corroboration of jet physics with internal surface impingements ensuing from a breach through the leading edge, fully coupled to the external shock layer flow at flight conditions. These simulations provided early evidence that the flow through a 2 inch diameter (or larger) breach enters the cavity with significant retention of external flow directionality. A normal jet directed into the cavity was not an appropriate model for these conditions at CFD Point 1 (Mach 24). The breach diameters were of the same order or larger than the local, external boundary-layer thickness. High impingement heating and pressures on the downstream lip of the breach were computed. It is likely that hole shape would evolve as a slot cut in the direction of the external streamlines. In the case of the 6 inch diameter breach the boundary layer is fully ingested.

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

Security system

DOEpatents

Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

2016-02-02

A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

PubMed

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

Recognizing and reducing risks: HIPAA privacy and security enforcement.

PubMed

Wachler, Andrew B; Fehn, Amy K

2003-01-01

With the passing of the Health Insurance Portability and Accountability Act (HIPAA) privacy rule deadline and the security rule deadline looming, many covered entities are left wondering if they are doing enough to prevent privacy and security breaches and what type of exposure their organization could face in the event of a breach.

Cognitive Computing for Security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Debenedictis, Erik; Rothganger, Fredrick; Aimone, James Bradley

Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

13 CFR 115.69 - Imminent Breach.

Code of Federal Regulations, 2010 CFR

2010-01-01

... an Imminent Breach of the terms of a Contract covered by an SBA guaranteed bond. The PSB Surety does... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Imminent Breach. 115.69 Section... Surety Bond (PSB) Guarantees § 115.69 Imminent Breach. (a) No prior approval requirement. SBA will...

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

Challenges and Security in Cloud Computing

NASA Astrophysics Data System (ADS)

Chang, Hyokyung; Choi, Euiin

People who live in this world want to solve any problems as they happen then. An IT technology called Ubiquitous computing should help the situations easier and we call a technology which makes it even better and powerful cloud computing. Cloud computing, however, is at the stage of the beginning to implement and use and it faces a lot of challenges in technical matters and security issues. This paper looks at the cloud computing security.

What to do when trust has been breached in your practice.

PubMed

Hills, Laura

2013-01-01

We've all experienced gossiping, missed deadlines, someone taking credit for another's work, and little white lies. These and other breaches of trust are commonplace. However, they do more damage in the medical practice than many practice managers realize. This article argues that medical practice employees need to trust their managers, patients, doctors, one another, and even the security of their jobs so they are able to focus on their daily tasks and perform well. It defines trust as both a logical and emotional act and describes common breaches of workplace trust. It defines three characteristics of high-trust organizations and illustrates through examples how practice managers can demonstrate their trustworthiness through their actions, not only through their words. This article also offers seven steps for rebuilding trust that has been breached. It offers readers two instruments: a survey tool practice managers can use to assess the trust in their practices and a self-quiz practice managers can take to assess their own trustworthiness. Finally, this article offers research about the impact of trust on the bottom line and 10 truths about trust that medical practice managers can share with their employees.

Privacy Breach Analysis in Social Networks

NASA Astrophysics Data System (ADS)

Nagle, Frank

This chapter addresses various aspects of analyzing privacy breaches in social networks. We first review literature that defines three types of privacy breaches in social networks: interactive, active, and passive. We then survey the various network anonymization schemes that have been constructed to address these privacy breaches. After exploring these breaches and anonymization schemes, we evaluate a measure for determining the level of anonymity inherent in a network graph based on its topological structure. Finally, we close by emphasizing the difficulty of anonymizing social network data while maintaining usability for research purposes and offering areas for future work.

Preventing a data breach from becoming a disaster.

PubMed

Goldberg, Ed

2013-01-01

Organisations have traditionally dealt with data breaches by investing in protective measures without a great deal of attention to mitigation of breach consequences and response. Conversely, business continuity (BC) planning has traditionally focused on mitigating disasters, not on preventing them. From a BC planning perspective, organisations need to assume that a data breach is inevitable and plan accordingly. The spate of data breaches in these past few years hit many organisations that were well protected. Those that suffered disastrous consequences as a result of a data breach lacked effective mitigation and response, not protection. The complexity and speed of an effective data breach response require that detailed planning takes place in advance of a breach.

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Visualization Tools for Teaching Computer Security

ERIC Educational Resources Information Center

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

Psychological contract breach among allied health professionals.

PubMed

Rodwell, John; Gulyas, Andre

2015-01-01

Allied health professionals are vital for effective healthcare yet there are continuing shortages of these employees. Building on work with other healthcare professionals, the purpose of this paper is to investigate the influence of psychological contract (PC) breach and types of organisational justice on variables important to retention among allied health professionals: mental health and organisational commitment. The potential effects of justice on the negative outcomes of breach were examined. Multiple regressions analysed data from 113 allied health professionals working in a medium-large Australian healthcare organisation. The main negative impacts on respondents' mental health and commitment were from high PC breach, low procedural and distributive justice and less respectful treatment from organisational representatives. The interaction between procedural justice and breach illustrates that breach may be forgivable if processes are fair. Surprisingly, a betrayal or "aggravated breach effect" may occur after a breach when interpersonal justice is high. Further, negative affectivity was negatively related to respondents' mental health (affective outcomes) but not commitment (work-related attitude). Healthcare organisations should ensure the fairness of decisions and avoid breaking promises within their control. If promises cannot reasonably be kept, transparency of processes behind the breach may allow allied health professionals to understand that the organisation did not purposefully fail to fulfil expectations. This study offers insights into how breach and four types of justice interact to influence employee mental health and work attitudes among allied health professionals.

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

ERIC Educational Resources Information Center

Okolo, Nkiru Benjamin

2016-01-01

Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

Computer Security: The Human Element.

ERIC Educational Resources Information Center

Guynes, Carl S.; Vanacek, Michael T.

1981-01-01

The security and effectiveness of a computer system are dependent on the personnel involved. Improved personnel and organizational procedures can significantly reduce the potential for computer fraud. (Author/MLF)

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

Can EHRs and HIEs get along with HIPAA security requirements?

PubMed

Sarrico, Christine; Hauenstein, Jim

2011-02-01

For Enloe Medical Center in California, a good-faith effort to self-report a breach in the privacy of a patient's medical record resulted in a six-figure fine imposed by a state regulatory agency. Hospitals face a "catch-22" situation in responding to the conflicting mandates of developing electronic health records that allow information sharing across institutions versus ensuring absolute protection and security of patients' individual health information. Some industry analysts suggest that the sanctions for security breaches such as the one experienced by Enloe will have the unintended effect of discouraging self-reporting of breaches.

An extreme breaching of a barrier spit: insights on large breach formation and its impact on barrier dynamics

NASA Astrophysics Data System (ADS)

Iulian Zăinescu, Florin; Vespremeanu-Stroe, Alfred; Tătui, Florin

2017-04-01

In this study, we document a case of exceptionally large natural breaching of a sandy spit (Sacalin barrier, Danube delta) using Lidar data and satellite imagery, annual (and seasonal) surveys of topography and bathymetry on successive cross-barrier profiles, and hourly datasets of wind and waves. The breach morphology and dynamics was monitored and described from its inception to closure, together with its impact on the adjoining features (upper shoreface, back-barrier lagoon, downdrift coast) and on the local sediment budgets. Breaching is first observed to occur on a beach-length of 0.5 km in April 2012 and two years later reached 3.5 km (May 2014). The barrier translates to a recovery stage dominated by continuous back-barrier deposition through subaqueous cross-breach sediment transport. Soon, the barrier widening triggers a negative feedback which limits the back-barrier sediment transfer. As a result, back-barrier deposition decreases whilst the barrier aggradation through overwash becomes more frequent. The event was found to be a natural experiment which switched the barrier's decadal evolution from low cross-shore transport to high cross-shore transport over the barrier. Although previously considered as constant, the cross-shore transport recorded during the large breach lifespan is an order of magnitude larger than in the non-breach period. 3 x 106 m3 of sediment were deposited in three years which is equivalent to the modelled longshore transport in the region. Nevertheless, the sediment circuits are more complex involving exchanges with the upper shoreface, as indicated by the extensive erosion down to -4m. In the absence of tides, the Sacalin breach closed naturally in 3 years and brings a valuable contribution on how breaches may evolve, as only limited data has been internationally reported until now. The very high deposition rate of sediment in the breach is a testimony of the high sediment volumes supplied by the longshore transport and the high

Data breaches. Final rule.

PubMed

2008-04-11

This document adopts, without change, the interim final rule that was published in the Federal Register on June 22, 2007, addressing data breaches of sensitive personal information that is processed or maintained by the Department of Veterans Affairs (VA). This final rule implements certain provisions of the Veterans Benefits, Health Care, and Information Technology Act of 2006. The regulations prescribe the mechanisms for taking action in response to a data breach of sensitive personal information.

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Hatteras Breach, North Carolina

DTIC Science & Technology

2010-07-01

1400 EST. Cross channel ADCP transects were also made from an instrumented Zodiac inflatable boat on 16, 17, and 24 October. The ADCP employed for...of the breach, near the middle, and on the sound side (Figure 11). The Zodiac crabbed (at an angle to the cur- rent) across the breach at a best...Coastal and Hydraulics Engineering Technical Note (CHETN) is intended to document the rapid response of the U.S. Army Corps of Engineers to engineer and

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

Bigdata Driven Cloud Security: A Survey

NASA Astrophysics Data System (ADS)

Raja, K.; Hanifa, Sabibullah Mohamed

2017-08-01

Cloud Computing (CC) is a fast-growing technology to perform massive-scale and complex computing. It eliminates the need to maintain expensive computing hardware, dedicated space, and software. Recently, it has been observed that massive growth in the scale of data or big data generated through cloud computing. CC consists of a front-end, includes the users’ computers and software required to access the cloud network, and back-end consists of various computers, servers and database systems that create the cloud. In SaaS (Software as-a-Service - end users to utilize outsourced software), PaaS (Platform as-a-Service-platform is provided) and IaaS (Infrastructure as-a-Service-physical environment is outsourced), and DaaS (Database as-a-Service-data can be housed within a cloud), where leading / traditional cloud ecosystem delivers the cloud services become a powerful and popular architecture. Many challenges and issues are in security or threats, most vital barrier for cloud computing environment. The main barrier to the adoption of CC in health care relates to Data security. When placing and transmitting data using public networks, cyber attacks in any form are anticipated in CC. Hence, cloud service users need to understand the risk of data breaches and adoption of service delivery model during deployment. This survey deeply covers the CC security issues (covering Data Security in Health care) so as to researchers can develop the robust security application models using Big Data (BD) on CC (can be created / deployed easily). Since, BD evaluation is driven by fast-growing cloud-based applications developed using virtualized technologies. In this purview, MapReduce [12] is a good example of big data processing in a cloud environment, and a model for Cloud providers.

Experimental investigation of fluvial dike breaching due to flow overtopping

NASA Astrophysics Data System (ADS)

El Kadi Abderrezzak, K.; Rifai, I.; Erpicum, S.; Archambeau, P.; Violeau, D.; Pirotton, M.; Dewals, B.

2017-12-01

The failure of fluvial dikes (levees) often leads to devastating floods that cause loss of life and damages to public infrastructure. Overtopping flows have been recognized as one of the most frequent cause of dike erosion and breaching. Fluvial dike breaching is different from frontal dike (embankments) breaching, because of specific geometry and boundary conditions. The current knowledge on the physical processes underpinning fluvial dike failure due to overtopping remains limited. In addition, there is a lack of a continuous monitoring of the 3D breach formation, limiting the analysis of the key mechanisms governing the breach development and the validation of conceptual or physically-based models. Laboratory tests on breach growth in homogeneous, non-cohesive sandy fluvial dikes due to flow overtopping have been performed. Two experimental setups have been constructed, permitting the investigation of various hydraulic and geometric parameters. Each experimental setup includes a main channel, separated from a floodplain by a dike. A rectangular initial notch is cut in the crest to initiate dike breaching. The breach development is monitored continuously using a specific developed laser profilometry technique. The observations have shown that the breach develops in two stages: first the breach deepens and widens with the breach centerline being gradually shifted toward the downstream side of the main channel. This behavior underlines the influence of the flow momentum component parallel to the dike crest. Second, the dike geometry upstream of the breach stops evolving and the breach widening continues only toward the downstream side of the main channel. The breach evolution has been found strongly affected by the flow conditions (i.e. inflow discharge in the main channel, downstream boundary condition) and floodplain confinement. The findings of this work shed light on key mechanisms of fluvial dike breaching, which differ substantially from those of dam

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Three Essays on Information Security Policies

ERIC Educational Resources Information Center

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Analysis of flood hazard under consideration of dike breaches

NASA Astrophysics Data System (ADS)

Vorogushyn, S.; Apel, H.; Lindenschmidt, K.-E.; Merz, B.

2009-04-01

The study focuses on the development and application of a new modelling system which allows a comprehensive flood hazard assessment along diked river reaches under consideration of dike failures. The proposed Inundation Hazard Assessment Model (IHAM) represents a hybrid probabilistic-deterministic model. It comprises three models interactively coupled at runtime. These are: (1) 1D unsteady hydrodynamic model of river channel and floodplain flow between dikes, (2) probabilistic dike breach model which determines possible dike breach locations, breach widths and breach outflow discharges, and (3) 2D raster-based diffusion wave storage cell model of the hinterland areas behind the dikes. Due to the unsteady nature of the 1D and 2D coupled models, the dependence between hydraulic load at various locations along the reach is explicitly considered. The probabilistic dike breach model describes dike failures due to three failure mechanisms: overtopping, piping and slope instability caused by the seepage flow through the dike core (micro-instability). Dike failures for each mechanism are simulated based on fragility functions. The probability of breach is conditioned by the uncertainty in geometrical and geotechnical dike parameters. The 2D storage cell model driven by the breach outflow boundary conditions computes an extended spectrum of flood intensity indicators such as water depth, flow velocity, impulse, inundation duration and rate of water rise. IHAM is embedded in a Monte Carlo simulation in order to account for the natural variability of the flood generation processes reflected in the form of input hydrographs and for the randomness of dike failures given by breach locations, times and widths. The scenario calculations for the developed synthetic input hydrographs for the main river and tributary were carried out for floods with return periods of T = 100; 200; 500; 1000 a. Based on the modelling results, probabilistic dike hazard maps could be generated that

Computational Approach for Securing Radiology-Diagnostic Data in Connected Health Network using High-Performance GPU-Accelerated AES.

PubMed

Adeshina, A M; Hashim, R

2017-03-01

Diagnostic radiology is a core and integral part of modern medicine, paving ways for the primary care physicians in the disease diagnoses, treatments and therapy managements. Obviously, all recent standard healthcare procedures have immensely benefitted from the contemporary information technology revolutions, apparently revolutionizing those approaches to acquiring, storing and sharing of diagnostic data for efficient and timely diagnosis of diseases. Connected health network was introduced as an alternative to the ageing traditional concept in healthcare system, improving hospital-physician connectivity and clinical collaborations. Undoubtedly, the modern medicinal approach has drastically improved healthcare but at the expense of high computational cost and possible breach of diagnosis privacy. Consequently, a number of cryptographical techniques are recently being applied to clinical applications, but the challenges of not being able to successfully encrypt both the image and the textual data persist. Furthermore, processing time of encryption-decryption of medical datasets, within a considerable lower computational cost without jeopardizing the required security strength of the encryption algorithm, still remains as an outstanding issue. This study proposes a secured radiology-diagnostic data framework for connected health network using high-performance GPU-accelerated Advanced Encryption Standard. The study was evaluated with radiology image datasets consisting of brain MR and CT datasets obtained from the department of Surgery, University of North Carolina, USA, and the Swedish National Infrastructure for Computing. Sample patients' notes from the University of North Carolina, School of medicine at Chapel Hill were also used to evaluate the framework for its strength in encrypting-decrypting textual data in the form of medical report. Significantly, the framework is not only able to accurately encrypt and decrypt medical image datasets, but it also

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

41 CFR 50-201.201 - Breach of stipulations.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 41 Public Contracts and Property Management 1 2010-07-01 2010-07-01 true Breach of stipulations... Public Contracts PUBLIC CONTRACTS, DEPARTMENT OF LABOR 201-GENERAL REGULATIONS § 50-201.201 Breach of... determination of a breach of stipulations is made, the Secretary of Labor will furnish to the contracting agency...

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

Security : breaches at federal agencies and airports

DOT National Transportation Integrated Search

2000-01-01

This is the statement of Robert H. Hast, Assistance Comptroller General for Investigations, Office of Special Investigations before the Subcommittee on Crime, House Committee on the Judiciary about potential security risks to the United States. The G...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Data security and patient confidentiality: the manager's role.

PubMed

Fisher, F; Madge, B

1996-10-01

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their 'need to know' clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients

Motivating Contributions for Home Computer Security

ERIC Educational Resources Information Center

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

SEED: A Suite of Instructional Laboratories for Computer Security Education

ERIC Educational Resources Information Center

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template.

PubMed

He, Ying; Johnson, Chris

2015-11-01

The recurrence of past security breaches in healthcare showed that lessons had not been effectively learned across different healthcare organisations. Recent studies have identified the need to improve learning from incidents and to share security knowledge to prevent future attacks. Generic Security Templates (GSTs) have been proposed to facilitate this knowledge transfer. The objective of this paper is to evaluate whether potential users in healthcare organisations can exploit the GST technique to share lessons learned from security incidents. We conducted a series of case studies to evaluate GSTs. In particular, we used a GST for a security incident in the US Veterans' Affairs Administration to explore whether security lessons could be applied in a very different Chinese healthcare organisation. The results showed that Chinese security professional accepted the use of GSTs and that cyber security lessons could be transferred to a Chinese healthcare organisation using this approach. The users also identified the weaknesses and strengths of GSTs, providing suggestions for future improvements. Generic Security Templates can be used to redistribute lessons learned from security incidents. Sharing cyber security lessons helps organisations consider their own practices and assess whether applicable security standards address concerns raised in previous breaches in other countries. The experience gained from this study provides the basis for future work in conducting similar studies in other healthcare organisations. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

16 CFR 318.3 - Breach notification requirement.

Code of Federal Regulations, 2010 CFR

2010-01-01

... identification of each customer of the vendor of personal health records or PHR related entity whose unsecured... deemed to have knowledge of a breach if such breach is known, or reasonably should have been known, to...

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

A laser profilometry technique for monitoring fluvial dike breaching in laboratory experiments

NASA Astrophysics Data System (ADS)

Dewals, Benjamin; Rifai, Ismail; Erpicum, Sébastien; Archambeau, Pierre; Violeau, Damien; Pirotton, Michel; El kadi Abderrezzak, Kamal

2017-04-01

A challenging aspect for experimental modelling of fluvial dike breaching is the continuous monitoring of the transient breach geometry. In dam breaching cases induced by flow overtopping over the whole breach crest (plane erosion), a side view through a glass wall is sufficient to monitor the breach formation. This approach can be extended for 3D dam breach tests (spatial erosion) if the glass wall is located along the breach centreline. In contrast, using a side view does not apply for monitoring fluvial dike breaching, because the breach is not symmetric in this case. We present a non-intrusive, high resolution technique to record the breach development in experimental models of fluvial dikes by means of a laser profilometry (Rifai et al. 2016). Most methods used for monitoring dam and dike breaching involve the projection of a pattern (fringes, grid) on the dam or dike body and the analysis of its deformation on images recorded during the breaching (e.g., Pickert et al. 2011, Frank and Hager 2014). A major limitation of these methods stems from reflection on the water surface, particularly in the vicinity of the breach where the free surface is irregular and rippled. This issue was addressed by Spinewine et al. (2004), who used a single laser sheet so that reflections on the water surface were strongly limited and did not hamper the accurate processing of each image. We have developed a similar laser profilometry technique tailored for laboratory experiments on fluvial dike breaching. The setup is simple and relatively low cost. It consists of a digital video camera (resolution of 1920 × 1080 pixels at 60 frames per second) and a swiping red diode 30 mW laser that enables the projection of a laser sheet over the dike body. The 2D image coordinates of each deformed laser profile incident on the dike are transformed into 3D object coordinates using the Direct Linear Transformation (DLT) algorithm. All 3D object coordinates computed over a swiping cycle of the

Hydraulics of embankment-dam breaching

NASA Astrophysics Data System (ADS)

Walder, J. S.; Iverson, R. M.; Logan, M.; Godt, J. W.; Solovitz, S.

2012-12-01

Constructed or natural earthen dams can pose hazards to downstream communities. Experiments to date on earthen-dam breaching have focused on dam geometries relevant to engineering practice. We have begun experiments with dam geometries more like those of natural dams. Water was impounded behind dams constructed at the downstream end of the USGS debris-flow flume. Dams were made of compacted, well-sorted, moist beach sand (D50=0.21 mm), 3.5 m from toe to toe, but varying in height from 0.5 to 1 m; the lower the dam, the smaller the reservoir volume and the broader the initially flat crest. Breaching was started by cutting a slot 30-40 mm wide and deep in the dam crest after filling the reservoir. Water level and pore pressure within the dam were monitored. Experiments were also recorded by an array of still- and video cameras above the flume and a submerged video camera pointed at the upstream dam face. Photogrammetric software was used to create DEMs from stereo pairs, and particle-image velocimetry was used to compute the surface-velocity field from the motion of tracers scattered on the water surface. As noted by others, breaching involves formation and migration of a knickpoint (or several). Once the knickpoint reaches the upstream dam face, it takes on an arcuate form whose continued migration we determined by measuring the onset of motion of colored markers on the dam face. The arcuate feature, which can be considered the head of the "breach channel", is nearly coincident with the transition from subcritical to supercritical flow; that is, it acts as a weir that hydraulically controls reservoir emptying. Photogenic slope failures farther downstream, although the morphologically dominant process at work, play no role at all in hydraulic control aside from rare instances in which they extend upstream so far as to perturb the weir, where the flow cross section is nearly self-similar through time. The domain downstream of the critical-flow section does influence

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Model Experiment on the Temporary Closure of a Breached Bank

NASA Astrophysics Data System (ADS)

Shimada, T.; Maeda, S.; Nakashima, Y.

2016-12-01

In recent years, the possibility of river bank failures has been rising due to increased occurrences of floods from localized torrential downpours and typhoons. To mitigate bank failure damage, we made an experiment to simulate the flood discharge reduction effect of a temporary closure at an opening in a breached bank. A scale river model was used. A bank was made and then breached. Then, model blocks were placed to close the breach, to observe the flood discharge reduction afforded by the closure. We assumed that the blocks would be placed by a crane or from a helicopter, so we placed the model blocks accordingly. Regardless of the placement method, the flood discharge reduction was about 20% when about 50% of the breach was closed by the placement of blocks starting from the upstream-most portion of the breach. That result was because the water flow hit the tip of the placed closure, scoured the bed near the tip, and lowered the bed at the remaining part of the breach opening, after which the area where water flows out did not decrease at the same rate as the rate of longitudinal closure for the breach. In addition, with each successive length of breach closure, the required number of blocks increased and the closure progress decreased, because of the bed degradation. The results show that it is possible to reduce the flood flow from a bank breach effectively while closing the opening by taking measures to reduce bed scouring near the breach.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

New security infrastructure model for distributed computing systems

NASA Astrophysics Data System (ADS)

Dubenskaya, J.; Kryukov, A.; Demichev, A.; Prikhodko, N.

2016-02-01

At the paper we propose a new approach to setting up a user-friendly and yet secure authentication and authorization procedure in a distributed computing system. The security concept of the most heterogeneous distributed computing systems is based on the public key infrastructure along with proxy certificates which are used for rights delegation. In practice a contradiction between the limited lifetime of the proxy certificates and the unpredictable time of the request processing is a big issue for the end users of the system. We propose to use unlimited in time hashes which are individual for each request instead of proxy certificate. Our approach allows to avoid using of the proxy certificates. Thus the security infrastructure of distributed computing system becomes easier for development, support and use.

Institutionalization of Information Security: Case of the Indonesian Banking Sector

ERIC Educational Resources Information Center

Nasution, Muhamad Faisal Fariduddin Attar

2012-01-01

This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

Fulfill Promises and Avoid Breaches to Retain Satisfied, Committed Nurses.

PubMed

Rodwell, John; Ellershaw, Julia

2016-07-01

This study examines two commonly proposed mechanisms, violation and trust, to see if they mediate the relationships between the components of the psychological contract (i.e., promises, fulfillment, and breach) and their impact on the work-related outcomes of job satisfaction, intent to quit, and organizational commitment. Online surveys were completed by 459 Australian nurses. Structural equation modeling revealed that breach and fulfillment have direct and mediated effects on the outcomes, whereas promises had no impact. Violation partially mediated the relationship between breach and job satisfaction and intent to quit, while trust partially mediated the relationships between fulfillment and organizational commitment, and breach and organizational commitment. Negative experiences (i.e., breaches) were related to both increased feelings of violation and decreased feelings of trust. In contrast, positive experiences (i.e., fulfillment) increased trust but did not significantly reduce feelings of violation. Nurse and organizational managers can use these findings to improve communication with nurses so as to minimize the negative effects of breach and maximize the positive effects of fulfillment and thus improve attitudes. Nurse managers need to be careful to make promises regarding their nurses' employment that they can fulfill and to particularly avoid breaking the psychological contract. The potentially disproportionate negative effect of breach means that a breach can undo a lot of efforts to fulfill employment-related promises. © 2016 Sigma Theta Tau International.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

The Role Of Moral Awareness In Computer Security

NASA Astrophysics Data System (ADS)

Stawinski, Arthur

1984-08-01

Maintaining security of databases and other computer systems requires constraining the behavior of those persons who are able to access these systems so that they do not obtain, alter, or abuse the information contained in these systems. Three types of constraints are available: Physical contraints are obstructions designed to prevent (or at least make difficult) access to data by unauthorized persons; external constraints restrict behavior through threat of detection and punishment; internal constraints are self-imposed limitations on behavior which are derived from a person's moral standards. This paper argues that an effective computer security program will require attention to internal constraints as well as physical and external ones. Recent developments in moral philosophy and the psychology of moral development have given us new understanding of how individuals grow in moral awareness and how this growth can be encouraged. These insights are the foundation for some practical proposals for encouraging morally responsible behavior by computer professionals and others with access to confidential data. The aim of this paper is to encourage computer security professionals to discuss, refine and incorporate systems of internal constraints in developing methods of maintaining security.

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

Fission gas release restrictor for breached fuel rod

DOEpatents

Kadambi, N. Prasad; Tilbrook, Roger W.; Spencer, Daniel R.; Schwallie, Ambrose L.

1986-01-01

In the event of a breach in the cladding of a rod in an operating liquid metal fast breeder reactor, the rapid release of high-pressure gas from the fission gas plenum may result in a gas blanketing of the breached rod and rods adjacent thereto which impairs the heat transfer to the liquid metal coolant. In order to control the release rate of fission gas in the event of a breached rod, the substantial portion of the conventional fission gas plenum is formed as a gas bottle means which includes a gas pervious means in a small portion thereof. During normal reactor operation, as the fission gas pressure gradually increases, the gas pressure interiorly of and exteriorly of the gas bottle means equalizes. In the event of a breach in the cladding, the gas pervious means in the gas bottle means constitutes a sufficient restriction to the rapid flow of gas therethrough that under maximum design pressure differential conditions, the fission gas flow through the breach will not significantly reduce the heat transfer from the affected rod and adjacent rods to the liquid metal heat transfer fluid flowing therebetween.

Mobile Device Security: Perspectives of Future Healthcare Workers

PubMed Central

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority. PMID:28566992

Mobile Device Security: Perspectives of Future Healthcare Workers.

PubMed

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

25 CFR 163.42 - Obligated service and breach of contract.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 25 Indians 1 2010-04-01 2010-04-01 false Obligated service and breach of contract. 163.42 Section... breach of contract. (a) Obligated service. (1) Individuals completing forestry education programs with an... request for waiver. (b) Breach of contract. Any individual who has participated in and accepted financial...

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

41 CFR 50-203.1 - Reports of breach or violation.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 41 Public Contracts and Property Management 1 2010-07-01 2010-07-01 true Reports of breach or... of the Walsh-Healey Public Contracts Act § 50-203.1 Reports of breach or violation. (a) Any employer... violation, or apparent breach or violation of the Walsh-Healey Public Contracts Act of June 30, 1936 (49...

The inadvertent breach of confidentiality.

PubMed

Erlen, J A

1998-01-01

Patients believe that personal information that they share with their health care providers will be kept strictly confidential. Safeguarding a confidence has been and continues to be an expected professional behavior. Yet, a common ethical problem that nurses face in their everyday practice is the inadvertent disclosure of private information about particular patients to individuals who have no need for this information. This article discusses the inadvertent breach of confidentiality and its related ethical concepts: privacy, respect for persons, trust and fidelity, and the potential for harm or injury. Recommendations are provided to enable nurses to avoid and manage situations that involve an inadvertent breach of confidentiality.

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Privacy, security, and the public health researcher in the era of electronic health record research

PubMed Central

Sarwate, Anand D.

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools. PMID:28210428

Privacy, security, and the public health researcher in the era of electronic health record research.

PubMed

Goldstein, Neal D; Sarwate, Anand D

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

USDOT guidance summary for connected vehicle pilot site deployments: security operational concept : final report.

DOT National Transportation Integrated Search

2016-07-01

This document provides guidance material in regards to security for the CV Pilots Deployment Concept Development Phase. An approach for developing the security operational concept is presented based on identifying the impacts of security breaches reg...

Lock It Up! Computer Security.

ERIC Educational Resources Information Center

Wodarz, Nan

1997-01-01

The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

Experiences of using UAVs for monitoring levee breaches

NASA Astrophysics Data System (ADS)

Brauneck, J.; Pohl, R.; Juepner, R.

2016-11-01

During floods technical protection facilities are subjected to high loads and might fail as several examples have shown in the past. During the major 2002 and 2013 floods in the catchment area of the Elbe River (Germany), some breaching levees caused large inundations in the hinterland. In such situations the emergency forces need comprehensive and reliable realtime information about the situation, especially the breach enlargement and discharge, the spatial and temporal development of the inundation and the damages. After an impressive progress meanwhile unmanned aerial vehicles (UAV) also called remotely piloted aircraft systems (RPAS) are highly capable to collect and transmit precise information from not accessible areas to the task force very quickly. Using the example of the Breitenhagen levee failure near the Saale-Elbe junction in Germany in June 2013 the processing steps will be explained that are needed to come from the visual UAV-flight information to a hydronumeric model. Modelling of the breach was implemented using photogrammetric ranging methods, such as structure from motion and dense image matching. These methods utilize conventional digital multiple view images or videos recorded by either a moving aerial platform or terrestrial photography and allow the construction of 3D point clouds, digital surface models and orthophotos. At Breitenhagen, a UAV recorded the beginning of the levee failure. Due to the dynamic character of the breach and the moving areal platform, 4 different surface models show valid data with extrapolated breach widths of 9 to 40 meters. By means of these calculations the flow rate through the breach has been determined. In addition the procedure has been tested in a physical model, whose results will be presented too.

Conscientiousness and reactions to psychological contract breach: a longitudinal field study.

PubMed

Orvis, Karin A; Dudley, Nicole M; Cortina, Jose M

2008-09-01

The authors examined the role of employee conscientiousness as a moderator of the relationships between psychological contract breach and employee behavioral and attitudinal reactions to the breach. They collected data from 106 newly hired employees within the 1st month of employment (Time 1), 3 months later (Time 2), and 8 months after Time 1 (Time 3) to observe the progression through contract development, breach, and reaction. Results suggest that conscientiousness is a significant moderator for 4 of the 5 contract breach-employee reaction relationships examined (turnover intentions, organizational loyalty, job satisfaction, and 1 of 2 facets of job performance). Specifically, employees who were lower in conscientiousness had more negative reactions to perceived breach with respect to turnover intentions, organizational loyalty, and job satisfaction. In contrast, employees who were higher in conscientiousness reduced their job performance to a greater degree in response to contract breach. Future research directions are discussed.

Security of electronic mental health communication and record-keeping in the digital age.

PubMed

Elhai, Jon D; Frueh, B Christopher

2016-02-01

The mental health field has seen a trend in recent years of the increased use of information technology, including mobile phones, tablets, and laptop computers, to facilitate clinical treatment delivery to individual patients and for record keeping. However, little attention has been paid to ensuring that electronic communication with patients is private and secure. This is despite potentially deleterious consequences of a data breach, which are reported in the news media very frequently in modern times. In this article, we present typical security concerns associated with using technology in clinical services or research. We also discuss enhancing the privacy and security of electronic communication with clinical patients and research participants. We offer practical, easy-to-use software application solutions for clinicians and researchers to secure patient communication and records. We discuss such issues as using encrypted wireless networks, secure e-mail, encrypted messaging and videoconferencing, privacy on social networks, and others. © Copyright 2015 Physicians Postgraduate Press, Inc.

Fully integrated automated security surveillance system: managing a changing world through managed technology and product applications

NASA Astrophysics Data System (ADS)

Francisco, Glen; Brown, Todd

2012-06-01

Integrated security systems are essential to pre-empting criminal assaults. Nearly 500,000 sites have been identified (source: US DHS) as critical infrastructure sites that would suffer severe damage if a security breach should occur. One major breach in any of 123 U.S. facilities, identified as "most critical", threatens more than 1,000,000 people. The vulnerabilities of critical infrastructure are expected to continue and even heighten over the coming years.

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Enhancing Security by System-Level Virtualization in Cloud Computing Environments

NASA Astrophysics Data System (ADS)

Sun, Dawei; Chang, Guiran; Tan, Chunguang; Wang, Xingwei

Many trends are opening up the era of cloud computing, which will reshape the IT industry. Virtualization techniques have become an indispensable ingredient for almost all cloud computing system. By the virtual environments, cloud provider is able to run varieties of operating systems as needed by each cloud user. Virtualization can improve reliability, security, and availability of applications by using consolidation, isolation, and fault tolerance. In addition, it is possible to balance the workloads by using live migration techniques. In this paper, the definition of cloud computing is given; and then the service and deployment models are introduced. An analysis of security issues and challenges in implementation of cloud computing is identified. Moreover, a system-level virtualization case is established to enhance the security of cloud computing environments.

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 50 Wildlife and Fisheries 9 2012-10-01 2012-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 50 Wildlife and Fisheries 9 2013-10-01 2013-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 50 Wildlife and Fisheries 8 2011-10-01 2011-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 50 Wildlife and Fisheries 9 2014-10-01 2014-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE NATIONAL WILDLIFE REFUGE SYSTEM MIDWAY ATOLL NATIONAL WILDLIFE REFUGE Prohibitions § 38.9 Breach of the...

Computer-Aided Sensor Development Focused on Security Issues.

PubMed

Bialas, Andrzej

2016-05-26

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Confidentiality breaches in clinical practice: what happens in hospitals?

PubMed

Beltran-Aroca, Cristina M; Girela-Lopez, Eloy; Collazo-Chao, Eliseo; Montero-Pérez-Barquero, Manuel; Muñoz-Villanueva, Maria C

2016-09-02

Respect for confidentiality is important to safeguard the well-being of patients and ensure the confidence of society in the doctor-patient relationship. The aim of our study is to examine real situations in which there has been a breach of confidentiality, by means of direct observation in clinical practice. By means of direct observation, our study examines real situations in which there has been a breach of confidentiality in a tertiary hospital. To observe and collect data on these situations, we recruited students enrolled in the Medical Degree Program at the University of Cordoba. The observers recorded their entries on standardized templates during clinical internships in different departments: Internal Medicine; Gynecology and Obstetrics; Pediatrics; Emergency Medicine; General and Digestive Surgery; Maxillofacial Surgery; Plastic Surgery; Orthopedics and Traumatology; Digestive; Dermatology; Rheumatology; Mental Health; Nephrology; Pneumology; Neurology; and Ophthalmology. Following 7138 days and 33157 h of observation, we found an estimated Frequency Index of one breach per 62.5 h. As regards the typology of the observed breaches, the most frequent (54,6 %) were related to the consultation and/or disclosure of clinical and/or personal data to medical personnel not involved in the patient's clinical care, as well as people external to the hospital. As regards their severity, severe breaches were the most frequent, accounting for 46.7 % of all incidents. Most of the reported incidents were observed in public areas (37.9 %), such as corridors, elevators, the cafeteria, stairs, and locker rooms. In addition to aspects related to hospital organization or infrastructure, we have shown that all healthcare personnel are involved in confidentiality breaches, especially physicians. While most are committed unintentionally, a non-negligible number are severe, repeated breaches (9.5 %), thus suggesting a certain carelessness, perhaps through ignorance about

Secure distributed genome analysis for GWAS and sequence comparison computation.

PubMed

Zhang, Yihua; Blanton, Marina; Almashaqbeh, Ghada

2015-01-01

The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice.

An Examination of Issues Surrounding Information Security in California Colleges

ERIC Educational Resources Information Center

Butler, Robert D.

2013-01-01

Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2010 CFR

2010-07-01

... postal administration; or has been submitted for approval by the provider to the Postal Service or other foreign postal administration(s). (2) All potential security weaknesses or methods of tampering with the... security breaches of the Computerized Meter Resetting System (CMRS) or databases housing confidential...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2011 CFR

2011-07-01

... postal administration; or has been submitted for approval by the provider to the Postal Service or other foreign postal administration(s). (2) All potential security weaknesses or methods of tampering with the... security breaches of the Computerized Meter Resetting System (CMRS) or databases housing confidential...

Barrier island breach evolution: Alongshore transport and bay-ocean pressure gradient interactions

USGS Publications Warehouse

Safak, Ilgar; Warner, John C.; List, Jeffrey

2016-01-01

Physical processes controlling repeated openings and closures of a barrier island breach between a bay and the open ocean are studied using aerial photographs and atmospheric and hydrodynamic observations. The breach site is located on Pea Island along the Outer Banks, separating Pamlico Sound from the Atlantic Ocean. Wind direction was a major control on the pressure gradients between the bay and the ocean to drive flows that initiate or maintain the breach opening. Alongshore sediment flux was found to be a major contributor to breach closure. During the analysis period from 2011 to 2016, three hurricanes had major impacts on the breach. First, Hurricane Irene opened the breach with wind-driven flow from bay to ocean in August 2011. Hurricane Sandy in October 2012 quadrupled the channel width from pressure gradient flows due to water levels that were first higher on the ocean side and then higher on the bay side. The breach closed sometime in Spring 2013, most likely due to an event associated with strong alongshore sediment flux but minimal ocean-bay pressure gradients. Then, in July 2014, Hurricane Arthur briefly opened the breach again from the bay side, in a similar fashion to Irene. In summary, opening and closure of breaches are shown to follow a dynamic and episodic balance between along-channel pressure gradient driven flows and alongshore sediment fluxes.

Inversion Method for Early Detection of ARES-1 Case Breach Failure

NASA Technical Reports Server (NTRS)

Mackey, Ryan M.; Kulikov, Igor K.; Bajwa, Anupa; Berg, Peter; Smelyanskiy, Vadim

2010-01-01

A document describes research into the problem of detecting a case breach formation at an early stage of a rocket flight. An inversion algorithm for case breach allocation is proposed and analyzed. It is shown how the case breach can be allocated at an early stage of its development by using the rocket sensor data and the output data from the control block of the rocket navigation system. The results are simulated with MATLAB/Simulink software. The efficiency of an inversion algorithm for a case breach location is discussed. The research was devoted to the analysis of the ARES-l flight during the first 120 seconds after the launch and early prediction of case breach failure. During this time, the rocket is propelled by its first-stage Solid Rocket Booster (SRB). If a breach appears in SRB case, the gases escaping through it will produce the (side) thrust directed perpendicular to the rocket axis. The side thrust creates torque influencing the rocket attitude. The ARES-l control system will compensate for the side thrust until it reaches some critical value, after which the flight will be uncontrollable. The objective of this work was to obtain the start time of case breach development and its location using the rocket inertial navigation sensors and GNC data. The algorithm was effective for the detection and location of a breach in an SRB field joint at an early stage of its development.

7 CFR 3431.21 - Breach.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SERVICE, DEPARTMENT OF AGRICULTURE VETERINARY MEDICINE LOAN REPAYMENT PROGRAM Administration of the Veterinary Medicine Loan Repayment Program § 3431.21 Breach. (a) General. If a program participant fails to...

Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

PubMed Central

Wen, Qiaoyan; Zhang, Hua; Jin, Zhengping; Li, Wenmin

2014-01-01

We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function. PMID:24982949

Two-cloud-servers-assisted secure outsourcing multiparty computation.

PubMed

Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Zhang, Hua; Jin, Zhengping; Li, Wenmin

2014-01-01

We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.

Do Data Breach Disclosure Laws Reduce Identity Theft?

ERIC Educational Resources Information Center

Romanosky, Sasha; Telang, Rahul; Acquisti, Alessandro

2011-01-01

In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or…

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Computer access security code system

NASA Technical Reports Server (NTRS)

Collins, Earl R., Jr. (Inventor)

1990-01-01

A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

Outcomes associated with breach and fulfillment of the psychological contract of safety.

PubMed

Walker, Arlene

2013-12-01

The study investigated the outcomes associated with breach and fulfillment of the psychological contract of safety. The psychological contract of safety is defined as the beliefs of individuals about reciprocal employer and employee safety obligations inferred from implicit or explicit promises. When employees perceive that safety obligations promised by the employer have not been met, a breach of the psychological contract occurs, termed employer breach of obligations. The extent to which employees fulfill their safety obligations to the employer is termed employee fulfillment of obligations. Structural equation modeling was used to test a model of safety that investigated the positive and negative outcomes associated with breach and fulfillment of the psychological contract of safety. Participants were 424 health care workers recruited from two hospitals in the State of Victoria, Australia. Following slight modification of the hypothesized model, a good fitting model resulted. Being injured in the workplace was found to lower perceptions of trust in the employer and increase perceptions of employer breach of safety obligations. Trust in the employer significantly influenced perceived employer breach of safety obligations such that lowered trust resulted in higher perceptions of breach. Perceptions of employer breach significantly impacted employee fulfillment of safety obligations with high perceptions of breach resulting in low employee fulfillment of obligations. Trust and perceptions of breach significantly influenced safety attitudes, but not safety behavior. Fulfillment of employee safety obligations significantly impacted safety behavior, but not safety attitudes. Implications of these findings for safety and psychological contract research are explored. A positive emphasis on social exchange relationships in organizations will have positive outcomes for safety climate and safety behavior. © 2013.

Secure Genomic Computation through Site-Wise Encryption

PubMed Central

Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

2015-01-01

Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients’ genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds. PMID:26306278

Secure Genomic Computation through Site-Wise Encryption.

PubMed

Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

2015-01-01

Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients' genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds.

Extreme Scale Computing to Secure the Nation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brown, D L; McGraw, J R; Johnson, J R

2009-11-10

Since the dawn of modern electronic computing in the mid 1940's, U.S. national security programs have been dominant users of every new generation of high-performance computer. Indeed, the first general-purpose electronic computer, ENIAC (the Electronic Numerical Integrator and Computer), was used to calculate the expected explosive yield of early thermonuclear weapons designs. Even the U. S. numerical weather prediction program, another early application for high-performance computing, was initially funded jointly by sponsors that included the U.S. Air Force and Navy, agencies interested in accurate weather predictions to support U.S. military operations. For the decades of the cold war, national securitymore » requirements continued to drive the development of high performance computing (HPC), including advancement of the computing hardware and development of sophisticated simulation codes to support weapons and military aircraft design, numerical weather prediction as well as data-intensive applications such as cryptography and cybersecurity U.S. national security concerns continue to drive the development of high-performance computers and software in the U.S. and in fact, events following the end of the cold war have driven an increase in the growth rate of computer performance at the high-end of the market. This mainly derives from our nation's observance of a moratorium on underground nuclear testing beginning in 1992, followed by our voluntary adherence to the Comprehensive Test Ban Treaty (CTBT) beginning in 1995. The CTBT prohibits further underground nuclear tests, which in the past had been a key component of the nation's science-based program for assuring the reliability, performance and safety of U.S. nuclear weapons. In response to this change, the U.S. Department of Energy (DOE) initiated the Science-Based Stockpile Stewardship (SBSS) program in response to the Fiscal Year 1994 National Defense Authorization Act, which requires, 'in the absence of

Towards An Engineering Discipline of Computational Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mili, Ali; Sheldon, Frederick T; Jilani, Lamia Labed

2007-01-01

George Boole ushered the era of modern logic by arguing that logical reasoning does not fall in the realm of philosophy, as it was considered up to his time, but in the realm of mathematics. As such, logical propositions and logical arguments are modeled using algebraic structures. Likewise, we submit that security attributes must be modeled as formal mathematical propositions that are subject to mathematical analysis. In this paper, we approach this problem by attempting to model security attributes in a refinement-like framework that has traditionally been used to represent reliability and safety claims. Keywords: Computable security attributes, survivability, integrity,more » dependability, reliability, safety, security, verification, testing, fault tolerance.« less

Computer-Aided Sensor Development Focused on Security Issues

PubMed Central

Bialas, Andrzej

2016-01-01

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research. PMID:27240360

Secure distributed genome analysis for GWAS and sequence comparison computation

PubMed Central

2015-01-01

Background The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. Methods In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. Results We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. Conclusions This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice. PMID:26733307

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

Quantum And Relativistic Protocols For Secure Multi-Party Computation

NASA Astrophysics Data System (ADS)

Colbeck, Roger

2009-11-01

After a general introduction, the thesis is divided into four parts. In the first, we discuss the task of coin tossing, principally in order to highlight the effect different physical theories have on security in a straightforward manner, but, also, to introduce a new protocol for non-relativistic strong coin tossing. This protocol matches the security of the best protocol known to date while using a conceptually different approach to achieve the task. In the second part variable bias coin tossing is introduced. This is a variant of coin tossing in which one party secretly chooses one of two biased coins to toss. It is shown that this can be achieved with unconditional security for a specified range of biases, and with cheat-evident security for any bias. We also discuss two further protocols which are conjectured to be unconditionally secure for any bias. The third section looks at other two-party secure computations for which, prior to our work, protocols and no-go theorems were unknown. We introduce a general model for such computations, and show that, within this model, a wide range of functions are impossible to compute securely. We give explicit cheating attacks for such functions. In the final chapter we discuss the task of expanding a private random string, while dropping the usual assumption that the protocol's user trusts her devices. Instead we assume that all quantum devices are supplied by an arbitrarily malicious adversary. We give two protocols that we conjecture securely perform this task. The first allows a private random string to be expanded by a finite amount, while the second generates an arbitrarily large expansion of such a string.

Usable SPACE: Security, Privacy, and Context for the Mobile User

NASA Astrophysics Data System (ADS)

Jutla, Dawn

Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

NASA Astrophysics Data System (ADS)

Fleischmann, Kenneth R.

The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

Uncertainties and constraints on breaching and their implications for flood loss estimation.

PubMed

Muir Wood, Robert; Bateman, William

2005-06-15

Around the coasts of the southern North Sea, flood risk is mediated everywhere by the performance of natural and man-made flood defences. Under the conditions of extreme surge with tide water levels, the performance of the defences determines the extent of inland flooding. Sensitivity tests reveal the enormous increase in the volume of water that can pass through a defence once breaching is initiated, with a 1m reduction in sill elevation doubling the loss. Empirical observations of defence performance in major storm surges around the North Sea reveal some of the principal controls on breaching. For the same defence type, the maximum size and depth of a breach is a function of the integral of the hydraulic gradient across the defence, which is in turn determined by the elevation of the floodplain and the degree to which water can continue to flow inland away from the breach. The most extensive and lowest floodplains thereby "generate" the largest breaches. For surges that approach the crest height, the weaker the protection of the defence, the greater the number of breaches. Defence reinforcement reduces both the number and size of the breaches.

High stakes. HITECH's privacy provisions will make costly security breaches even more painful to bear.

PubMed

Gamble, Kate Huvane

2009-07-01

* The HITECH section of ARRA includes provisions relating to protected health information that could significantly alter the C-suite leader's strategy. * Patients will be entitled to request an accounting of disclosure for up to three years after the date of request. The onus will be on hospital leaders to put in place a process that makes accounting available without disrupting operations or patient care. * Because of the increased risks hospitals now face, it is critical that executives are aware of the new requirements, and are either involved in or have a solid understanding of the organization's breach notification policies.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Mitigating Security Issues: The University of Memphis Case.

ERIC Educational Resources Information Center

Jackson, Robert; Frolick, Mark N.

2003-01-01

Studied a server security breach at the University of Memphis, Tennessee, to highlight personnel roles, detection of the compromised server, policy enforcement, forensics, and the proactive search for other servers threatened in the same way. (SLD)

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

Security Meets Real-World Computing. Building Digital Libraries

ERIC Educational Resources Information Center

Huwe, Terence K.

2005-01-01

The author of this column describes several instances in which secure data on computers were compromised. In each of these instances, a different route was involved in gaining access to the secure data--one by office-based theft, one by hacking, and one by burglary. Is is proposed that the most difficult factor to guarantee in the protection of…

48 CFR 52.233-4 - Applicable Law for Breach of Contract Claim.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Provisions and Clauses 52.233-4 Applicable Law for Breach of Contract Claim. As prescribed in 33.215(b), insert the following clause: Applicable Law for Breach of Contract Claim (OCT 2004) United States law... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Applicable Law for Breach...

Secure data exchange between intelligent devices and computing centers

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2005-03-01

The advent of reliable spontaneous networking technologies (commonly known as wireless ad-hoc networks) has ostensibly raised stakes for the conception of computing intensive environments using intelligent devices as their interface with the external world. These smart devices are used as data gateways for the computing units. These devices are employed in highly volatile environments where the secure exchange of data between these devices and their computing centers is of paramount importance. Moreover, their mission critical applications require dependable measures against the attacks like denial of service (DoS), eavesdropping, masquerading, etc. In this paper, we propose a mechanism to assure reliable data exchange between an intelligent environment composed of smart devices and distributed computing units collectively called 'computational grid'. The notion of infosphere is used to define a digital space made up of a persistent and a volatile asset in an often indefinite geographical space. We study different infospheres and present general evolutions and issues in the security of such technology-rich and intelligent environments. It is beyond any doubt that these environments will likely face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. It would be better to build in the ability to uniformly deal with these systems. As a solution, we propose a concept of virtualization of security services. We try to solve the difficult problems of implementation and maintenance of trust on the one hand, and those of security management in heterogeneous infrastructure on the other hand.

Use of Computer-Generated Holograms in Security Hologram Applications

NASA Astrophysics Data System (ADS)

Bulanovs, A.; Bakanas, R.

2016-10-01

The article discusses the use of computer-generated holograms (CGHs) for the application as one of the security features in the relief-phase protective holograms. An improved method of calculating CGHs is presented, based on ray-tracing approach in the case of interference of parallel rays. Software is developed for the calculation of multilevel phase CGHs and their integration in the application of security holograms. Topology of calculated computer-generated phase holograms was recorded on the photoresist by the optical greyscale lithography. Parameters of the recorded microstructures were investigated with the help of the atomic-force microscopy (AFM) and scanning electron microscopy (SEM) methods. The results of the research have shown highly protective properties of the security elements based on CGH microstructures. In our opinion, a wide use of CGHs is very promising in the structure of complex security holograms for increasing the level of protection against counterfeit.

Managing breaches of containment and eradication of invasive plant populations

PubMed Central

Fletcher, Cameron S; Westcott, David A; Murphy, Helen T; Grice, Anthony C; Clarkson, John R

2015-01-01

Containment can be a viable strategy for managing invasive plants, but it is not always cheaper than eradication. In many cases, converting a failed eradication programme to a containment programme is not economically justified. Despite this, many contemporary invasive plant management strategies invoke containment as a fallback for failed eradication, often without detailing how containment would be implemented. We demonstrate a generalized analysis of the costs of eradication and containment, applicable to any plant invasion for which infestation size, dispersal distance, seed bank lifetime and the economic discount rate are specified. We estimate the costs of adapting eradication and containment in response to six types of breach and calculate under what conditions containment may provide a valid fallback to a breached eradication programme. We provide simple, general formulae and plots that can be applied to any invasion and show that containment will be cheaper than eradication only when the size of the occupied zone exceeds a multiple of the dispersal distance determined by seed bank longevity and the discount rate. Containment becomes proportionally cheaper than eradication for invaders with smaller dispersal distances, longer lived seed banks, or for larger discount rates. Both containment and eradication programmes are at risk of breach. Containment is less exposed to risk from reproduction in the ‘occupied zone’ and three types of breach that lead to a larger ‘occupied zone’, but more exposed to one type of breach that leads to a larger ‘buffer zone’. For a well-specified eradication programme, only the three types of breach leading to reproduction in or just outside the buffer zone can justify falling back to containment, and only if the expected costs of eradication and containment were comparable before the breach. Synthesis and applications. Weed management plans must apply a consistent definition of containment and provide sufficient

Managing breaches of containment and eradication of invasive plant populations.

PubMed

Fletcher, Cameron S; Westcott, David A; Murphy, Helen T; Grice, Anthony C; Clarkson, John R

2015-02-01

Containment can be a viable strategy for managing invasive plants, but it is not always cheaper than eradication. In many cases, converting a failed eradication programme to a containment programme is not economically justified. Despite this, many contemporary invasive plant management strategies invoke containment as a fallback for failed eradication, often without detailing how containment would be implemented.We demonstrate a generalized analysis of the costs of eradication and containment, applicable to any plant invasion for which infestation size, dispersal distance, seed bank lifetime and the economic discount rate are specified. We estimate the costs of adapting eradication and containment in response to six types of breach and calculate under what conditions containment may provide a valid fallback to a breached eradication programme.We provide simple, general formulae and plots that can be applied to any invasion and show that containment will be cheaper than eradication only when the size of the occupied zone exceeds a multiple of the dispersal distance determined by seed bank longevity and the discount rate. Containment becomes proportionally cheaper than eradication for invaders with smaller dispersal distances, longer lived seed banks, or for larger discount rates.Both containment and eradication programmes are at risk of breach. Containment is less exposed to risk from reproduction in the 'occupied zone' and three types of breach that lead to a larger 'occupied zone', but more exposed to one type of breach that leads to a larger 'buffer zone'.For a well-specified eradication programme, only the three types of breach leading to reproduction in or just outside the buffer zone can justify falling back to containment, and only if the expected costs of eradication and containment were comparable before the breach. Synthesis and applications . Weed management plans must apply a consistent definition of containment and provide sufficient implementation

Psychological contract breaches, organizational commitment, and innovation-related behaviors: a latent growth modeling approach.

PubMed

Ng, Thomas W H; Feldman, Daniel C; Lam, Simon S K

2010-07-01

This study examined the relationships among psychological contract breaches, organizational commitment, and innovation-related behaviors (generating, spreading, implementing innovative ideas at work) over a 6-month period. Results indicate that the effects of psychological contract breaches on employees are not static. Specifically, perceptions of psychological contract breaches strengthened over time and were associated with decreased levels of affective commitment over time. Further, increased perceptions of psychological contract breaches were associated with decreases in innovation-related behaviors. We also found evidence that organizational commitment mediates the relationship between psychological contract breaches and innovation-related behaviors. These results highlight the importance of examining the nomological network of psychological contract breaches from a change perspective.

Computer Security: the Achilles’ Heel of the Electronic Air Force?

DTIC Science & Technology

2013-02-01

commercials not enough. In the Pentagon a General Electric system called “GCOS” provided classified (secret) com- putation for the Air Staff and others...necessary computer function. January–February 2013 Air & Space Power Journal | 169 Historical Highlight Government designers not perfect. After the Pentagon ...laboratory computer to evaluate Multics as a potential multilevel secure computer for the Pentagon . Although it had the best security design of any system

Bathymetry of the Wilderness breach at Fire Island, New York, June 2013

USGS Publications Warehouse

Brownell, Andrew T.; Hapke, Cheryl J.; Spore, Nicholas J.; McNinch, Jesse E.

2015-01-01

The U.S. Geological Survey (USGS) St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, collaborated with the U.S. Army Corps of Engineers Field Research Facility in Duck, North Carolina, to collect shallow water bathymetric data of the Wilderness breach on Fire Island, New York, in June 2013. The breach formed in October 2012 during Hurricane Sandy, and the USGS is involved in a post-Sandy effort to map, monitor, and model the morphologic evolution of the breach as part of Hurricane Sandy Supplemental Project GS2-2B: Linking Coastal Vulnerability and Process, Fire Island. This publication includes a bathymetric dataset of the breach and the adjacent nearshore on the ocean side of the island. The objective of the data collection and analysis is to map the bathymetry of the primary breach channel, ebb shoal, and nearshore bar system.

Computer simulation of functioning of elements of security systems

NASA Astrophysics Data System (ADS)

Godovykh, A. V.; Stepanov, B. P.; Sheveleva, A. A.

2017-01-01

The article is devoted to issues of development of the informational complex for simulation of functioning of the security system elements. The complex is described from the point of view of main objectives, a design concept and an interrelation of main elements. The proposed conception of the computer simulation provides an opportunity to simulate processes of security system work for training security staff during normal and emergency operation.

Determining the right level for your IT security investment.

PubMed

Claunch, Don; McMillan, Mac

2013-05-01

Investing sufficiently in IT security not only is essential for a healthcare organization's protection, but also is a responsibility to patients, and its success depends on its being addressed at all levels of management. Hospital data security breaches have the potential to cost as much as $7 million, including fines, litigation, and damaged reputation. Response and cleanup alone can cost hundreds of thousands of dollars. Developing and following an annual action plan for IT security can lower hospitals' IT security costs in the long run.

A Test-Bed of Secure Mobile Cloud Computing for Military Applications

DTIC Science & Technology

2016-09-13

searching databases. This kind of applications is a typical example of mobile cloud computing (MCC). MCC has lots of applications in the military...Release; Distribution Unlimited UU UU UU UU 13-09-2016 1-Aug-2014 31-Jul-2016 Final Report: A Test-bed of Secure Mobile Cloud Computing for Military...Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-2211 Test-bed, Mobile Cloud Computing , Security, Military Applications REPORT

Going Beyond Compliance: A Strategic Framework for Promoting Information Security in Hospitals.

PubMed

Zandona, David J; Thompson, Jon M

In the past decade, public and private organizations have experienced a significant and alarming rise in the number of data breaches. Across all sectors, there seems to be no safe haven for the protection of information. In the health care industry, the trend is even worse. Information security is at an unbelievable low point, and it is unlikely that government oversight can fix this issue. Health care organizations have ramped up their approaches to addressing the problem; however, these initiatives are often incremental rather than transformational. Hospitals need an overall organization-wide strategy to prevent breaches from occurring and to minimize effects if they do occur. This article provides an analysis of the literature related to health information security and offers a suggested strategy for hospital administrators to follow in order to create a more secure environment for patient health information.

Security Attacks and Solutions in Electronic Health (E-health) Systems.

PubMed

Zeadally, Sherali; Isaac, Jesús Téllez; Baig, Zubair

2016-12-01

For centuries, healthcare has been a basic service provided by many governments to their citizens. Over the past few decades, we have witnessed a significant transformation in the quality of healthcare services provided by healthcare organizations and professionals. Recent advances have led to the emergence of Electronic Health (E-health), largely made possible by the massive deployment and adoption of information and communication technologies (ICTs). However, cybercriminals and attackers are exploiting vulnerabilities associated primarily with ICTs, causing data breaches of patients' confidential digital health information records. Here, we review recent security attacks reported for E-healthcare and discuss the solutions proposed to mitigate them. We also identify security challenges that must be addressed by E-health system designers and implementers in the future, to respond to threats that could arise as E-health systems become integrated with technologies such as cloud computing, the Internet of Things, and smart cities.

Secure Enclaves: An Isolation-centric Approach for Creating Secure High Performance Computing Environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aderholdt, Ferrol; Caldwell, Blake A.; Hicks, Susan Elaine

High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data at various security levels but in so doing are often enclaved at the highest security posture. This approach places significant restrictions on the users of the system even when processing data at a lower security level and exposes data at higher levels of confidentiality to a much broader population than otherwise necessary. The traditional approach of isolation, while effective in establishing security enclaves poses significant challenges formore » the use of shared infrastructure in HPC environments. This report details current state-of-the-art in virtualization, reconfigurable network enclaving via Software Defined Networking (SDN), and storage architectures and bridging techniques for creating secure enclaves in HPC environments.« less

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

NASA Astrophysics Data System (ADS)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

Information Security in the Age of Cloud Computing

ERIC Educational Resources Information Center

Sims, J. Eric

2012-01-01

Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

DOT National Transportation Integrated Search

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

"Financial Emergency" and the Faculty Furlough: A Breach of Contract.

ERIC Educational Resources Information Center

Richards, Mary Sanders

1984-01-01

The power of the university to breach faculty contracts in order to meet its temporary cash-flow problems and the rights of faculty when this breach occurs are discussed. To avoid litigation, a university must have established internal guidelines which can be incorporated into an employment contract. (MLW)

Barrier breaching device

DOEpatents

Honodel, Charles A.

1985-01-01

A barrier breaching device that is designed primarily for opening holes in interior walls of buildings uses detonating fuse for explosive force. The fuse acts as the ribs or spokes of an umbrella-like device that may be opened up to form a cone. The cone is placed against the wall so that detonating fuse that rings the base of the device and which is ignited by the spoke-like fuses serves to cut a circular hole in the wall.

Barrier breaching device

DOEpatents

Honodel, C.A.

1983-06-01

A barrier breaching device that is designed primarily for opening holes in interior walls of buildings uses detonating fuse for explosive force. The fuse acts as the ribs or spokes of an umbrella-like device that may be opened up to form a cone. The cone is placed against the wall so that detonating fuse that rings the base of the device and which is ignited by the spoke-like fuses serves to cut a circular hole in the wall.

Secure entanglement distillation for double-server blind quantum computation.

PubMed

Morimae, Tomoyuki; Fujii, Keisuke

2013-07-12

Blind quantum computation is a new secure quantum computing protocol where a client, who does not have enough quantum technologies at her disposal, can delegate her quantum computation to a server, who has a fully fledged quantum computer, in such a way that the server cannot learn anything about the client's input, output, and program. If the client interacts with only a single server, the client has to have some minimum quantum power, such as the ability of emitting randomly rotated single-qubit states or the ability of measuring states. If the client interacts with two servers who share Bell pairs but cannot communicate with each other, the client can be completely classical. For such a double-server scheme, two servers have to share clean Bell pairs, and therefore the entanglement distillation is necessary in a realistic noisy environment. In this Letter, we show that it is possible to perform entanglement distillation in the double-server scheme without degrading the security of blind quantum computing.

Can Cyberloafing and Internet Addiction Affect Organizational Information Security?

PubMed

Hadlington, Lee; Parsons, Kathryn

2017-09-01

Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.

Bibliography for computer security, integrity, and safety

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports.

7 CFR 3431.21 - Breach.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 15 2014-01-01 2014-01-01 false Breach. 3431.21 Section 3431.21 Agriculture Regulations of the Department of Agriculture (Continued) NATIONAL INSTITUTE OF FOOD AND AGRICULTURE VETERINARY MEDICINE LOAN REPAYMENT PROGRAM Administration of the Veterinary Medicine Loan Repayment Program § 3431.21...

7 CFR 3431.21 - Breach.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 15 2013-01-01 2013-01-01 false Breach. 3431.21 Section 3431.21 Agriculture Regulations of the Department of Agriculture (Continued) NATIONAL INSTITUTE OF FOOD AND AGRICULTURE VETERINARY MEDICINE LOAN REPAYMENT PROGRAM Administration of the Veterinary Medicine Loan Repayment Program § 3431.21...

7 CFR 3431.21 - Breach.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 15 2012-01-01 2012-01-01 false Breach. 3431.21 Section 3431.21 Agriculture Regulations of the Department of Agriculture (Continued) NATIONAL INSTITUTE OF FOOD AND AGRICULTURE VETERINARY MEDICINE LOAN REPAYMENT PROGRAM Administration of the Veterinary Medicine Loan Repayment Program § 3431.21...

7 CFR 3431.21 - Breach.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 15 2011-01-01 2011-01-01 false Breach. 3431.21 Section 3431.21 Agriculture Regulations of the Department of Agriculture (Continued) NATIONAL INSTITUTE OF FOOD AND AGRICULTURE VETERINARY MEDICINE LOAN REPAYMENT PROGRAM Administration of the Veterinary Medicine Loan Repayment Program § 3431.21...

Ethical Guidelines for Computer Security Researchers: "Be Reasonable"

NASA Astrophysics Data System (ADS)

Sassaman, Len

For most of its existence, the field of computer science has been lucky enough to avoid ethical dilemmas by virtue of its relatively benign nature. The subdisciplines of programming methodology research, microprocessor design, and so forth have little room for the greater questions of human harm. Other, more recently developed sub-disciplines, such as data mining, social network analysis, behavioral profiling, and general computer security, however, open the door to abuse of users by practitioners and researchers. It is therefore the duty of the men and women who chart the course of these fields to set rules for themselves regarding what sorts of actions on their part are to be considered acceptable and what should be avoided or handled with caution out of ethical concerns. This paper deals solely with the issues faced by computer security researchers, be they vulnerability analysts, privacy system designers, malware experts, or reverse engineers.

School Security Gap (with Related Video)

ERIC Educational Resources Information Center

Skurnac, Steve

2012-01-01

Data security breaches in the educational sector can be devastating to institutions and the students and employees they serve. They carry the potential for identity theft, violations of federal and state laws, and loss of trust of students, alumni and employees. The Identity Theft Resource Center says that as of October 2011, education…

Reactions to psychological contract breaches and organizational citizenship behaviours: An experimental manipulation of severity.

PubMed

Atkinson, Theresa P; Matthews, Russell A; Henderson, Alexandra A; Spitzmueller, Christiane

2018-01-30

Grounded in affective events theory, we investigated the effects of experimentally manipulated psychological contract breaches on participants' feelings of violation, subsequent perceptions of psychological contract strength, and organizational citizenship behaviours in a sample of working adults. Results support previous findings that pre-existing relational psychological contract strength interacts with severity of unmet promises or expectations. Specifically, individuals with high relational contracts who experience low severity of unmet promises/expectations have the lowest breach perceptions, whereas individuals with high relational contracts who experience more severe levels unmet promises/expectations experience the highest level of breach perceptions. Results also support the concept of a breach spiral in that prior perceptions of breach led to an increased likelihood of subsequent perceptions of breach following the experimental manipulation. Furthermore, consistent with affective events theory, results support the argument that a psychological contract breach's effect on specific organizational citizenship behaviours is mediated by feelings of violation and the reassessment of relational contracts. These effects were present even after controlling for the direct effects of the manipulated severity of unmet promises/expectations. Copyright © 2018 John Wiley & Sons, Ltd.

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

The effectiveness of the department of defense's field manual 3-11 in detecting, deterring and degrading the breach of a combat base by a human-borne with bioagent (HBBA): perceptions of security personnel.

PubMed

Alakpa, George Edafese; Collins, John W

2015-01-01

The department of defense's FM 3-11 is among the military's field manuals for preparing for, reacting to and recovering from chemical, biological, radiological and nuclear attacks. Since post 9-11, U.S. military service members have been deployed in the global war on terrorism. This study attempted to determine the effectiveness of the FM 3-11 in detecting, deterring or preventing a human-borne with bioagent (HBBA) terrorist breach at an entry control point (ECP). This time-specific, cross-sectional study disseminated a validated survey tool with Cronbach's α > 0.82 to respondents who have had antiterrorism training and combat ECP experience. The return rate was greater than 75.0 %; however, many of the respondents failed to meet the inclusion criteria. Consequently, only 26 questionnaires were included in the sample. The results revealed that while over 60.0 % of the respondents either strongly agreed or agreed that biointelligence, the deployment of biodetectors and the use of biowarning systems could be effective in preventing an ECP breach by a terrorist with a bioagent, the use of protective equipment and immunization to decontaminate service members or other TTPs would never prevent a breach. A large percentage of respondents claimed that soldiers at the ECP lacked the devices or the knowledge to detect an HBBA at an ECP, and 72.0 % suggested modifying current ECP TTPs to include education, training and equipment for security personnel at military base ECPs. If obtained from appropriate sources and communicated to the personnel at the ECP in an effective or timely manner, the possible effectiveness of certain TTPs in the FM 3-11, specifically FM 3-11.86 (intelligence), might increase.

A review of the security of insulin pump infusion systems.

PubMed

Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

2011-11-01

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. © 2011 Diabetes Technology Society.

A Review of the Security of Insulin Pump Infusion Systems

PubMed Central

Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

2011-01-01

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. PMID:22226278

Securing Secrets and Managing Trust in Modern Computing Applications

ERIC Educational Resources Information Center

Sayler, Andy

2016-01-01

The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control…

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497

A security mechanism based on evolutionary game in fog computing.

PubMed

Sun, Yan; Lin, Fuhong; Zhang, Nan

2018-02-01

Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

Lessons learned from a privacy breach at an academic health science centre.

PubMed

Malonda, Jacqueline; Campbell, Janice; Crivianu-Gaita, Daniela; Freedman, Melvin H; Stevens, Polly; Laxer, Ronald M

2009-01-01

In 2007, the Hospital for Sick Children experienced a serious privacy breach when a laptop computer containing the personal health information of approximately 3,000 patients and research subjects was stolen from a physician-researcher's vehicle. This incident was reported to the information and privacy commissioner of Ontario (IPC). The IPC issued an order that required the hospital to examine and revise its policies, practices and research protocols related to the protection of personal health information and to educate staff on privacy-related matters.

Physical security, HIPPA, and the HHS wall of shame.

PubMed

Sage, April

2014-01-01

In this article, the author a healthcare IT expert, reveals what experts have discovered in analyzing HIPPA data breaches. Most are the result of theft or loss. She explains why this is so, and offers a solution--improved physical security.

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Decrease the Number of Glovebox Glove Breaches and Failures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurtle, Jackie C.

2013-12-24

Los Alamos National Laboratory (LANL) is committed to the protection of the workers, public, and environment while performing work and uses gloveboxes as engineered controls to protect workers from exposure to hazardous materials while performing plutonium operations. Glovebox gloves are a weak link in the engineered controls and are a major cause of radiation contamination events which can result in potential worker exposure and localized contamination making operational areas off-limits and putting programmatic work on hold. Each day of lost opportunity at Technical Area (TA) 55, Plutonium Facility (PF) 4 is estimated at $1.36 million. Between July 2011 and Junemore » 2013, TA-55-PF-4 had 65 glovebox glove breaches and failures with an average of 2.7 per month. The glovebox work follows the five step safety process promoted at LANL with a decision diamond interjected for whether or not a glove breach or failure event occurred in the course of performing glovebox work. In the event that no glove breach or failure is detected, there is an additional decision for whether or not contamination is detected. In the event that contamination is detected, the possibility for a glove breach or failure event is revisited.« less

How Attitude toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention

ERIC Educational Resources Information Center

Johnson, David P.

2017-01-01

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human…

Method and apparatus for diagnosing breached fuel elements

DOEpatents

Gross, K.C.; Lambert, J.D.B.; Nomura, S.

1987-03-02

The invention provides an apparatus and method for diagnosing breached fuel elements in a nuclear reactor. A detection system measures the activity of isotopes from the cover gas in the reactor. A data acquisition and processing system monitors the detection system and corrects for the effects of the cover-gas clean up system on the measured activity and further calculates the derivative curve of the corrected activity as a function of time. A plotting system graphs the derivative curve, which represents the instantaneous release rate of fission gas from a breached fuel element. 8 figs.

The A to Z of healthcare data breaches.

PubMed

Kobus, Theodore J

2012-01-01

There currently exists a myriad of privacy laws that impact a healthcare entity, including more than 47 notification laws that require notification when a data breach occurs, as well as the breach notification requirements of the Health Information Technology for Economic and Clinical Health Act. Given the plethora of issues a healthcare entity faces, there are certain principles that can be built into an organization's philosophy that will comply with the law and help protect it from reputational harm. © 2012 American Society for Healthcare Risk Management of the American Hospital Association.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

Identifying psychological contract breaches to guide improvements in faculty recruitment, retention, and development.

PubMed

Peirce, Gretchen L; Desselle, Shane P; Draugalis, JoLaine R; Spies, Alan R; Davis, Tamra S; Bolino, Mark

2012-08-10

To identify pharmacy faculty members' perceptions of psychological contract breaches that can be used to guide improvements in faculty recruitment, retention, and development. A list of psychological contract breaches was developed using a Delphi procedure involving a panel of experts assembled through purposive sampling. The Delphi consisted of 4 rounds, the first of which elicited examples of psychological contract breaches in an open-ended format. The ensuing 3 rounds consisting of a survey and anonymous feedback on aggregated group responses. Usable responses were obtained from 11 of 12 faculty members who completed the Delphi procedure. The final list of psychological contract breaches included 27 items, after modifications based on participant feedback in subsequent rounds. The psychological contract breach items generated in this study provide guidance for colleges and schools of pharmacy regarding important aspects of faculty recruitment, retention, and development.

Preparing Information Systems (IS) Graduates to Meet the Challenges of Global IT Security: Some Suggestions

ERIC Educational Resources Information Center

Sauls, Jeff; Gudigantala, Naveen

2013-01-01

Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are investing heavily in IT resources to keep up with the challenges of managing their IT security and…

Once More unto the Breaching Experiment: Reconsidering a Popular Pedagogical Tool

ERIC Educational Resources Information Center

Braswell, Matthew

2014-01-01

Instructors frequently utilize breaching experiments in an attempt to "bring sociology to life." However, an uncritical embrace of breaching experiments obscures the complexity of their possible effects on participants and subjects. These experiments have real potential to inflict deleterious consequences on individuals and groups.…

Antecedents of Psychological Contract Breach: The Role of Job Demands, Job Resources, and Affect

PubMed Central

Vantilborgh, Tim; Bidee, Jemima; Pepermans, Roland; Griep, Yannick; Hofmans, Joeri

2016-01-01

While it has been shown that psychological contract breach leads to detrimental outcomes, relatively little is known about factors leading to perceptions of breach. We examine if job demands and resources predict breach perceptions. We argue that perceiving high demands elicits negative affect, while perceiving high resources stimulates positive affect. Positive and negative affect, in turn, influence the likelihood that psychological contract breaches are perceived. We conducted two experience sampling studies to test our hypotheses: the first using daily surveys in a sample of volunteers, the second using weekly surveys in samples of volunteers and paid employees. Our results confirm that job demands and resources are associated with negative and positive affect respectively. Mediation analyses revealed that people who experienced high job resources were less likely to report psychological contract breach, because they experienced high levels of positive affect. The mediating role of negative affect was more complex, as it increased the likelihood to perceive psychological contract breach, but only in the short-term. PMID:27171275

Antecedents of Psychological Contract Breach: The Role of Job Demands, Job Resources, and Affect.

PubMed

Vantilborgh, Tim; Bidee, Jemima; Pepermans, Roland; Griep, Yannick; Hofmans, Joeri

2016-01-01

While it has been shown that psychological contract breach leads to detrimental outcomes, relatively little is known about factors leading to perceptions of breach. We examine if job demands and resources predict breach perceptions. We argue that perceiving high demands elicits negative affect, while perceiving high resources stimulates positive affect. Positive and negative affect, in turn, influence the likelihood that psychological contract breaches are perceived. We conducted two experience sampling studies to test our hypotheses: the first using daily surveys in a sample of volunteers, the second using weekly surveys in samples of volunteers and paid employees. Our results confirm that job demands and resources are associated with negative and positive affect respectively. Mediation analyses revealed that people who experienced high job resources were less likely to report psychological contract breach, because they experienced high levels of positive affect. The mediating role of negative affect was more complex, as it increased the likelihood to perceive psychological contract breach, but only in the short-term.

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

Identifying Psychological Contract Breaches to Guide Improvements in Faculty Recruitment, Retention, and Development

PubMed Central

Desselle, Shane P.; Draugalis, JoLaine R.; Spies, Alan R.; Davis, Tamra S.; Bolino, Mark

2012-01-01

Objective. To identify pharmacy faculty members’ perceptions of psychological contract breaches that can be used to guide improvements in faculty recruitment, retention, and development. Methods. A list of psychological contract breaches was developed using a Delphi procedure involving a panel of experts assembled through purposive sampling. The Delphi consisted of 4 rounds, the first of which elicited examples of psychological contract breaches in an open-ended format. The ensuing 3 rounds consisting of a survey and anonymous feedback on aggregated group responses. Results. Usable responses were obtained from 11 of 12 faculty members who completed the Delphi procedure. The final list of psychological contract breaches included 27 items, after modifications based on participant feedback in subsequent rounds. Conclusion. The psychological contract breach items generated in this study provide guidance for colleges and schools of pharmacy regarding important aspects of faculty recruitment, retention, and development. PMID:22919084

Mainstream body-character breach films and subjectivization.

PubMed

Meiri, Sandra; Kohen-Raz, Odeya

2017-02-01

The authors analyze a unique cinematic corpus - 'body-character breach films' (one character, initially played by a certain actor, occupies the body of another character) - demonstrating Lacan's notion of traversing the fantasy, both on the level of the films' diegesis and that of spectatorship. Breaching the alliance between actors and their characters perturbs the viewer's fantasy of wholeness enabled by this very alliance. Consequently, a change in subject/spectatorial position in relation to the lack in the Other is induced, enhanced through the visualization of various scenarios of unconscious fantasies (mostly incest). These are meant to unsettle the spectator into an awareness of how a conscious fantasy conceals another unconscious fundamental fantasy, thereby encouraging a change in spectatorial position (from 'perverse'/fetishistic to 'neurotic'). Conflating this change with Lacan's notion of traversing the fantasy, the authors contend that mainstream cinema has the capacity to induce a process of subjectivization (assuming responsibility for one's own desire). This process is contingent on four conditions: identification with the protagonist's fantasy to conceal the lack in the Other; dissolution of this fantasy, initiated by the body-character breach; rhetorical strategies (the coding of unconscious scenarios cinematically); and an ethical dimension (encouraging the subject/spectator to follow her/his desire). Copyright © 2016 Institute of Psychoanalysis.

Securing the Data Storage and Processing in Cloud Computing Environment

ERIC Educational Resources Information Center

Owens, Rodney

2013-01-01

Organizations increasingly utilize cloud computing architectures to reduce costs and energy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth…

Secure Cloud Computing Implementation Study For Singapore Military Operations

DTIC Science & Technology

2016-09-01

COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS by Lai Guoquan September 2016 Thesis Advisor: John D. Fulp Co-Advisor...DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SECURE CLOUD COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS 5. FUNDING NUMBERS...addition, from the military perspective, the benefits of cloud computing were analyzed from a study of the U.S. Department of Defense. Then, using

Diamond High Assurance Security Program: Trusted Computing Exemplar

DTIC Science & Technology

2002-09-01

computing component, the Embedded MicroKernel Prototype. A third-party evaluation of the component will be initiated during development (e.g., once...target technologies and larger projects is a topic for future research. Trusted Computing Reference Component – The Embedded MicroKernel Prototype We...Kernel The primary security function of the Embedded MicroKernel will be to enforce process and data-domain separation, while providing primitive

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Case Study: Creation of a Degree Program in Computer Security. White Paper.

ERIC Educational Resources Information Center

Belon, Barbara; Wright, Marie

This paper reports on research into the field of computer security, and undergraduate degrees offered in that field. Research described in the paper reveals only one computer security program at the associate's degree level in the entire country. That program, at Texas State Technical College in Waco, is a 71-credit-hour program leading to an…

Secure Dynamic access control scheme of PHR in cloud computing.

PubMed

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

77 FR 14418 - Grand Ditch Breach Restoration Draft Environmental Impact Statement, Rocky Mountain National Park...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-09

... Breach Restoration Draft Environmental Impact Statement, Rocky Mountain National Park, CO AGENCY... Environmental Impact Statement for the Grand Ditch Breach Restoration, Rocky Mountain National Park. SUMMARY... announces the availability of a Draft Environmental Impact Statement for the Grand Ditch Breach Restoration...

Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

ERIC Educational Resources Information Center

Telecommunications Policy Research Conference, Inc., Washington, DC.

In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

State of the Art of Network Security Perspectives in Cloud Computing

NASA Astrophysics Data System (ADS)

Oh, Tae Hwan; Lim, Shinyoung; Choi, Young B.; Park, Kwang-Roh; Lee, Heejo; Choi, Hyunsang

Cloud computing is now regarded as one of social phenomenon that satisfy customers' needs. It is possible that the customers' needs and the primary principle of economy - gain maximum benefits from minimum investment - reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user's environment based on the customer's needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments.

Secure multiparty computation of a comparison problem.

PubMed

Liu, Xin; Li, Shundong; Liu, Jian; Chen, Xiubo; Xu, Gang

2016-01-01

Private comparison is fundamental to secure multiparty computation. In this study, we propose novel protocols to privately determine [Formula: see text], or [Formula: see text] in one execution. First, a 0-1-vector encoding method is introduced to encode a number into a vector, and the Goldwasser-Micali encryption scheme is used to compare integers privately. Then, we propose a protocol by using a geometric method to compare rational numbers privately, and the protocol is information-theoretical secure. Using the simulation paradigm, we prove the privacy-preserving property of our protocols in the semi-honest model. The complexity analysis shows that our protocols are more efficient than previous solutions.

I Am So Tired… How Fatigue May Exacerbate Stress Reactions to Psychological Contract Breach.

PubMed

Achnak, Safâa; Griep, Yannick; Vantilborgh, Tim

2018-01-01

Previous research showed that perceptions of psychological contract (PC) breach have undesirable individual and organizational consequences. Surprisingly, the PC literature has paid little to no attention to the relationship between PC breach perceptions and stress. A better understanding of how PC breach may elicit stress seems crucial, given that stress plays a key role in employees' physical and mental well-being. Based on Conservation of Resources Theory, we suggest that PC breach perceptions represent a perceived loss of valued resources, subsequently leading employees to experience higher stress levels resulting from emerging negative emotions. Moreover, we suggest that this mediated relationship is moderated by initial levels of fatigue, due to fatigue lowering the personal resources necessary to cope with breach events. To tests our hypotheses, we analyzed the multilevel data we obtained from two experience sampling designs (Study 1: 51 Belgian employees; Study 2: 53 US employees). Note that the unit of analysis is "observations" rather than "respondents," resulting in an effective sample size of 730 (Study 1) and 374 (Study 2) observations. In both studies, we found evidence for the mediating role of negative emotions in the PC breach-stress relationship. In the second study, we also found evidence for the moderating role of fatigue in the mediated PC breach-stress relationship. Implications for research and practice are discussed.

An inverse method to estimate the flow through a levee breach

NASA Astrophysics Data System (ADS)

D'Oria, Marco; Mignosa, Paolo; Tanda, Maria Giovanna

2015-08-01

We propose a procedure to estimate the flow through a levee breach based on water levels recorded in river stations downstream and/or upstream of the failure site. The inverse problem is solved using a Bayesian approach and requires the execution of several forward unsteady flow simulations. For this purpose, we have used the well-known 1-D HEC-RAS model, but any unsteady flow model could be adopted in the same way. The procedure has been tested using four synthetic examples. Levee breaches with different characteristics (free flow, flow with tailwater effects, etc.) have been simulated to collect the synthetic level data used at a later stage in the inverse procedure. The method was able to accurately reproduce the flow through the breach in all cases. The practicability of the procedure was then confirmed applying it to the inundation of the Polesine Region (Northern Italy) which occurred in 1951 and was caused by three contiguous and almost simultaneous breaches on the left embankment of the Po River.

Medicare program; offset of Medicare payments to individuals to collect past-due obligations arising from breach of scholarship and loan contracts--HCFA. Final rule.

PubMed

1992-05-04

This final rule sets forth the procedures to be followed for collection of past-due amounts owed by individuals who breached contracts under certain scholarship and loan programs. The programs that would be affected are the National Health Service Corps Scholarship, the Physician Shortage Area Scholarship, and the Health Education Assistance Loan. These procedures would apply to those individuals who breached contracts under the scholarship and loan programs and who-- Accept Medicare assignment for services; Are employed by or affiliated with a provider, Health Maintenance Organization, or Competitive Medical Plan that receives Medicare payment for services; or Are members of a group practice that receives Medicare payment for services. This regulation implements section 1892 of the Social Security Act, as added by section 4052 of the Omnibus Budget Reconciliation Act of 1987.

Numerical modelling of glacial lake outburst floods using physically based dam-breach models

NASA Astrophysics Data System (ADS)

Westoby, M. J.; Brasington, J.; Glasser, N. F.; Hambrey, M. J.; Reynolds, J. M.; Hassan, M. A. A. M.; Lowe, A.

2015-03-01

The instability of moraine-dammed proglacial lakes creates the potential for catastrophic glacial lake outburst floods (GLOFs) in high-mountain regions. In this research, we use a unique combination of numerical dam-breach and two-dimensional hydrodynamic modelling, employed within a generalised likelihood uncertainty estimation (GLUE) framework, to quantify predictive uncertainty in model outputs associated with a reconstruction of the Dig Tsho failure in Nepal. Monte Carlo analysis was used to sample the model parameter space, and morphological descriptors of the moraine breach were used to evaluate model performance. Multiple breach scenarios were produced by differing parameter ensembles associated with a range of breach initiation mechanisms, including overtopping waves and mechanical failure of the dam face. The material roughness coefficient was found to exert a dominant influence over model performance. The downstream routing of scenario-specific breach hydrographs revealed significant differences in the timing and extent of inundation. A GLUE-based methodology for constructing probabilistic maps of inundation extent, flow depth, and hazard is presented and provides a useful tool for communicating uncertainty in GLOF hazard assessment.

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

An outlet breaching algorithm for the treatment of closed depressions in a raster DEM

NASA Astrophysics Data System (ADS)

Martz, Lawrence W.; Garbrecht, Jurgen

1999-08-01

Automated drainage analysis of raster DEMs typically begins with the simulated filling of all closed depressions and the imposition of a drainage pattern on the resulting flat areas. The elimination of closed depressions by filling implicitly assumes that all depressions are caused by elevation underestimation. This assumption is difficult to support, as depressions can be produced by overestimation as well as by underestimation of DEM values.This paper presents a new algorithm that is applied in conjunction with conventional depression filling to provide a more realistic treatment of those depressions that are likely due to overestimation errors. The algorithm lowers the elevation of selected cells on the edge of closed depressions to simulate breaching of the depression outlets. Application of this breaching algorithm prior to depression filling can substantially reduce the number and size of depressions that need to be filled, especially in low relief terrain.Removing or reducing the size of a depression by breaching implicitly assumes that the depression is due to a spurious flow blockage caused by elevation overestimation. Removing a depression by filling, on the other hand, implicitly assumes that the depression is a direct artifact of elevation underestimation. Although the breaching algorithm cannot distinguish between overestimation and underestimation errors in a DEM, a constraining parameter for breaching length can be used to restrict breaching to closed depressions caused by narrow blockages along well-defined drainage courses. These are considered the depressions most likely to have arisen from overestimation errors. Applying the constrained breaching algorithm prior to a conventional depression-filling algorithm allows both positive and negative elevation adjustments to be used to remove depressions.The breaching algorithm was incorporated into the DEM pre-processing operations of the TOPAZ software system. The effect of the algorithm is illustrated

Security Considerations and Recommendations in Computer-Based Testing

PubMed Central

Al-Saleem, Saleh M.

2014-01-01

Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee. PMID:25254250

Security considerations and recommendations in computer-based testing.

PubMed

Al-Saleem, Saleh M; Ullah, Hanif

2014-01-01

Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee.

Testing the Differential Effects of Changes in Psychological Contract Breach and Fulfillment

ERIC Educational Resources Information Center

Conway, Neil; Guest, David; Trenberth, Linda

2011-01-01

Rousseau (1989 and elsewhere) argued that a defining feature of psychological contract breach was that once a promise had been broken it could not easily be repaired and therefore that the effects of psychological contract breach outweighed those of psychological contract fulfillment. Using two independent longitudinal surveys, this paper…

Organization of the secure distributed computing based on multi-agent system

NASA Astrophysics Data System (ADS)

Khovanskov, Sergey; Rumyantsev, Konstantin; Khovanskova, Vera

2018-04-01

Nowadays developing methods for distributed computing is received much attention. One of the methods of distributed computing is using of multi-agent systems. The organization of distributed computing based on the conventional network computers can experience security threats performed by computational processes. Authors have developed the unified agent algorithm of control system of computing network nodes operation. Network PCs is used as computing nodes. The proposed multi-agent control system for the implementation of distributed computing allows in a short time to organize using of the processing power of computers any existing network to solve large-task by creating a distributed computing. Agents based on a computer network can: configure a distributed computing system; to distribute the computational load among computers operated agents; perform optimization distributed computing system according to the computing power of computers on the network. The number of computers connected to the network can be increased by connecting computers to the new computer system, which leads to an increase in overall processing power. Adding multi-agent system in the central agent increases the security of distributed computing. This organization of the distributed computing system reduces the problem solving time and increase fault tolerance (vitality) of computing processes in a changing computing environment (dynamic change of the number of computers on the network). Developed a multi-agent system detects cases of falsification of the results of a distributed system, which may lead to wrong decisions. In addition, the system checks and corrects wrong results.

A new data collaboration service based on cloud computing security

NASA Astrophysics Data System (ADS)

Ying, Ren; Li, Hua-Wei; Wang, Li na

2017-09-01

With the rapid development of cloud computing, the storage and usage of data have undergone revolutionary changes. Data owners can store data in the cloud. While bringing convenience, it also brings many new challenges to cloud data security. A key issue is how to support a secure data collaboration service that supports access and updates to cloud data. This paper proposes a secure, efficient and extensible data collaboration service, which prevents data leaks in cloud storage, supports one to many encryption mechanisms, and also enables cloud data writing and fine-grained access control.

Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines

ERIC Educational Resources Information Center

Waguespack, Leslie J.

2014-01-01

With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…

An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

ERIC Educational Resources Information Center

Bergart, Jeffrey G.; And Others

This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

Toward a better understanding of psychological contract breach: a study of customer service employees.

PubMed

Deery, Stephen J; Iverson, Roderick D; Walsh, Janet T

2006-01-01

Experiences of psychological contract breach have been associated with a range of negative behavior. However, much of the research has focused on master of business administration alumni and managers and made use of self-reported outcomes. Studying a sample of customer service employees, the research found that psychological contract breach was related to lower organizational trust, which, in turn was associated with perceptions of less cooperative employment relations and higher levels of absenteeism. Furthermore, perceptions of external market pressures moderated the effect of psychological contract breach on absenteeism. The study indicated that psychological contract breach can arise when employees perceive discrepancies between an organization's espoused behavioral standards and its actual behavioral standards, and this can affect discretionary absence. (c) 2006 APA, all rights reserved.

Security of Personal Computer Systems: A Management Guide.

ERIC Educational Resources Information Center

Steinauer, Dennis D.

This report describes management and technical security considerations associated with the use of personal computer systems as well as other microprocessor-based systems designed for use in a general office environment. Its primary objective is to identify and discuss several areas of potential vulnerability and associated protective measures. The…

Morphologic evolution of the wilderness area breach at Fire Island, New York—2012–15

USGS Publications Warehouse

Hapke, Cheryl J.; Nelson, Timothy R.; Henderson, Rachel E.; Brenner, Owen T.; Miselis, Jennifer L.

2017-09-18

IntroductionHurricane Sandy, which made landfall on October 29, 2012, near Atlantic City, New Jersey, had a significant impact on the coastal system along the south shore of Long Island, New York. A record significant wave height of 9.6 meters (m) was measured at wave buoy 44025, approximately 48 kilometers offshore of Fire Island, New York. Surge and runup during the storm resulted in extensive beach and dune erosion and breaching of the Fire Island barrier island system at two locations, including a breach that formed within the Otis Pike Fire Island High Dune Wilderness area on the eastern side of Fire Island.The U.S. Geological Survey (USGS) has a long history of conducting morphologic change and processes research at Fire Island. One of the primary objectives of the current research effort is to understand the morphologic evolution of the barrier system on a variety of time scales (from storm scale to decade(s) to century). A number of studies that support the project objectives have been published. Prior to Hurricane Sandy, however, little information was available on specific storm-driven change in this region. The USGS received Hurricane Sandy supplemental funding (project GS2–2B: Linking Coastal Processes and Vulnerability, Fire Island, New York, Regional Study) to enhance existing research efforts at Fire Island. The existing research was greatly expanded to include inner continental shelf mapping and investigations of processes of inner shelf sediment transport; beach and dune response and recovery; and observation, analysis, and modeling of the newly formed breach in the Otis Pike High Dune Wilderness area, herein referred to as the wilderness breach. The breach formed at the site of Old Inlet, which was open from 1763 to 1825. The location of the initial island breaching does not directly correspond with topographic lows of the dunes, but instead the breach formed in the location of a cross-island boardwalk that was destroyed during Hurricane Sandy

Computing Game-Theoretic Solutions for Security in the Medium Term

DTIC Science & Technology

This project concerns the design of algorithms for computing game- theoretic solutions . (Game theory concerns how to act in a strategically optimal...way in environments with other agents who also seek to act optimally but have different , and possibly opposite, interests .) Such algorithms have...recently found application in a number of real-world security applications, including among others airport security, scheduling Federal Air Marshals, and

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Flood hydrology and dam-breach hydraulic analyses of five reservoirs in Colorado

USGS Publications Warehouse

Stevens, Michael R.; Hoogestraat, Galen K.

2013-01-01

The U.S. Department of Agriculture Forest Service has identified hazard concerns for areas downstream from five Colorado dams on Forest Service land. In 2009, the U.S. Geological Survey, in cooperation with the Forest Service, initiated a flood hydrology analysis to estimate the areal extent of potential downstream flood inundation and hazard to downstream life, property, and infrastructure if dam breach occurs. Readily available information was used for dam-breach assessments of five small Colorado reservoirs (Balman Reservoir, Crystal Lake, Manitou Park Lake, McGinnis Lake, and Million Reservoir) that are impounded by an earthen dam, and no new data were collected for hydraulic modeling. For each reservoir, two dam-breach scenarios were modeled: (1) the dam is overtopped but does not fail (break), and (2) the dam is overtopped and dam-break occurs. The dam-breach scenarios were modeled in response to the 100-year recurrence, 500-year recurrence, and the probable maximum precipitation, 24-hour duration rainstorms to predict downstream flooding. For each dam-breach and storm scenario, a flood inundation map was constructed to estimate the extent of flooding in areas of concern downstream from each dam. Simulation results of the dam-break scenarios were used to determine the hazard classification of the dam structure (high, significant, or low), which is primarily based on the potential for loss of life and property damage resulting from the predicted downstream flooding.

NINJA: a noninvasive framework for internal computer security hardening

NASA Astrophysics Data System (ADS)

Allen, Thomas G.; Thomson, Steve

2004-07-01

Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive

Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and securitymore » vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.« less

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Battling Data Breaches: For Higher Education Institutions, Data Breach Prevention is More Complex than for Industry and Business

ERIC Educational Resources Information Center

Patton, Madeline

2015-01-01

Data breach prevention is a battle, rarely plain and never simple. For higher education institutions, the Sisyphean aspects of the task are more complex than for industry and business. Two-year colleges have payrolls and vendor contracts like those enterprises. They also have public record and student confidentiality requirements. Colleges must…

The effects of artificial sandbar breaching on the macrophyte communities of an intermittently open estuary

NASA Astrophysics Data System (ADS)

Ribeiro, Jose Pedro N.; Saggio, Ângelo; Lima, Maria Inês Salgueiro

2013-04-01

Artificial sandbar opening of intermittently open estuaries is a practice utilised worldwide to improve water quality, fishing, and recreational amenities and to prevent the flooding of adjacent properties. Breaching causes the water level to drop drastically, exposing plants to two water level extremes. With some exceptions, estuarine communities are adversely affected by this practice. Although breaching can happen naturally, artificial breaching is on the rise, and the impact of manipulating water levels on estuarine communities needs to be investigated. In this work, we described the breaching cycles of the Massaguaçu River Estuary and proposed flooding scenarios for the estuary's macrophyte banks based on our data. We calculated the relationship between plant distribution and flooding conditions and used our calculations to predict the estuary community's composition depending on the water level at breaching time. We discovered a strong relationship between plant distribution and flooding conditions, and we predicted that the estuarine community would be markedly different between flooding scenarios. Low frequency flooding scenarios would be related to submerged macrophytes and, as the flooding frequency increases, macrophytes would be replaced by amphibious plants, and eventually by the arboreal stratus. Therefore, we concluded that an increase in artificial breaching cycles would have a detrimental impact on the estuary community.

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

PubMed

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

PubMed Central

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-01-01

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

Lattice Boltzmann Study on Seawall-Break Flows under the Influence of Breach and Buildings

NASA Astrophysics Data System (ADS)

Mei, Qiu-Ying; Zhang, Wen-Huan; Wang, Yi-Hang; Chen, Wen-Wen

2017-10-01

In the process of storm surge, the seawater often overflows and even destroys the seawall. The buildings near the shore are usually inundated by the seawater through the breach. However, at present, there is little study focusing on the effects of buildings and breach on the seawall-break flows. In this paper, the lattice Boltzmann (LB) model with nine velocities in two dimensions (D2Q9) for the shallow water equations is adopted to simulate the seawall-break flows. The flow patterns and water depth distributions for the seawall-break flows under various densities, layouts and shapes of buildings and different breach discharges, sizes and locations are investigated. It is found that when buildings with a high enough density are perpendicular to the main flow direction, an obvious backwater phenomenon appears near buildings while this phenomenon does not occur when buildings with the same density are parallel to the main flow direction. Moreover, it is observed that the occurrence of backwater phenomenon is independent of the building shape. As to the effects of breach on the seawall-break flows, it is found that only when the breach discharge is large enough or the breach size is small enough, the effects of asymmetric distribution of buildings on the seawall-break flows become important. The breach location only changes the flow pattern in the upstream area of the first building that seawater meets, but has little impact on the global water depth distribution. Supported by the National Natural Science Foundation of China under Grant No. 11502124, the Natural Science Foundation of Zhejiang Province under Grant No. LQ16A020001, the Scientific Research Fund of Zhejiang Provincial Education Department under Grant No. Y201533808, the Natural Science Foundation of Ningbo under Grant No. 2016A610075, and is sponsored by K.C. Wong Magna Fund in Ningbo University.

Aerospace Communications Security Technologies Demonstrated

NASA Technical Reports Server (NTRS)

Griner, James H.; Martzaklis, Konstantinos S.

2003-01-01

In light of the events of September 11, 2001, NASA senior management requested an investigation of technologies and concepts to enhance aviation security. The investigation was to focus on near-term technologies that could be demonstrated within 90 days and implemented in less than 2 years. In response to this request, an internal NASA Glenn Research Center Communications, Navigation, and Surveillance Aviation Security Tiger Team was assembled. The 2-year plan developed by the team included an investigation of multiple aviation security concepts, multiple aircraft platforms, and extensively leveraged datalink communications technologies. It incorporated industry partners from NASA's Graphical Weather-in-the-Cockpit research, which is within NASA's Aviation Safety Program. Two concepts from the plan were selected for demonstration: remote "black box," and cockpit/cabin surveillance. The remote "black box" concept involves real-time downlinking of aircraft parameters for remote monitoring and archiving of aircraft data, which would assure access to the data following the loss or inaccessibility of an aircraft. The cockpit/cabin surveillance concept involves remote audio and/or visual surveillance of cockpit and cabin activity, which would allow immediate response to any security breach and would serve as a possible deterrent to such breaches. The datalink selected for the demonstrations was VDL Mode 2 (VHF digital link), the first digital datalink for air-ground communications designed for aircraft use. VDL Mode 2 is beginning to be implemented through the deployment of ground stations and aircraft avionics installations, with the goal of being operational in 2 years. The first demonstration was performed December 3, 2001, onboard the LearJet 25 at Glenn. NASA worked with Honeywell, Inc., for the broadcast VDL Mode 2 datalink capability and with actual Boeing 757 aircraft data. This demonstration used a cockpitmounted camera for video surveillance and a coupling to

Do promises matter? An exploration of the role of promises in psychological contract breach.

PubMed

Montes, Samantha D; Zweig, David

2009-09-01

Promises are positioned centrally in the study of psychological contract breach and are argued to distinguish psychological contracts from related constructs, such as employee expectations. However, because the effects of promises and delivered inducements are confounded in most research, the role of promises in perceptions of, and reactions to, breach remains unclear. If promises are not an important determinant of employee perceptions, emotions, and behavioral intentions, this would suggest that the psychological contract breach construct might lack utility. To assess the unique role of promises, the authors manipulated promises and delivered inducements separately in hypothetical scenarios in Studies 1 (558 undergraduates) and 2 (441 employees), and they measured them separately (longitudinally) in Study 3 (383 employees). The authors' results indicate that breach perceptions do not represent a discrepancy between what employees believe they were promised and were given. In fact, breach perceptions can exist in the absence of promises. Further, promises play a negligible role in predicting feelings of violation and behavioral intentions. Contrary to the extant literature, the authors' findings suggest that promises may matter little; employees are concerned primarily with what the organization delivers.

What then do we do about computer security?

DOE Office of Scientific and Technical Information (OSTI.GOV)

Suppona, Roger A.; Mayo, Jackson R.; Davis, Christopher Edward

This report presents the answers that an informal and unfunded group at SNL provided for questions concerning computer security posed by Jim Gosler, Sandia Fellow (00002). The primary purpose of this report is to record our current answers; hopefully those answers will turn out to be answers indeed. The group was formed in November 2010. In November 2010 Jim Gosler, Sandia Fellow, asked several of us several pointed questions about computer security metrics. Never mind that some of the best minds in the field have been trying to crack this nut without success for decades. Jim asked Campbell to leadmore » an informal and unfunded group to answer the questions. With time Jim invited several more Sandians to join in. We met a number of times both with Jim and without him. At Jim's direction we contacted a number of people outside Sandia who Jim thought could help. For example, we interacted with IBM's T.J. Watson Research Center and held a one-day, videoconference workshop with them on the questions.« less

Privacy and Security in Multi-User Health Kiosks

PubMed Central

TAKYI, HAROLD; WATZLAF, VALERIE; MATTHEWS, JUDITH TABOLT; ZHOU, LEMING; DEALMEIDA, DILHARI

2017-01-01

Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) has gotten stricter and penalties have become more severe in response to a significant increase in computer-related information breaches in recent years. With health information said to be worth twice as much as other forms of information on the underground market, making preservation of privacy and security an integral part of health technology development, rather than an afterthought, not only mitigates risks but also helps to ensure HIPAA and HITECH compliance. This paper provides a guide, based on the Office for Civil Rights (OCR) audit protocol, for creating and maintaining an audit checklist for multi-user health kiosks. Implementation of selected audit elements for a multi-user health kiosk designed for use by community-residing older adults illustrates how the guide can be applied. PMID:28814990

Are Emotions Transmitted From Work to Family? A Crossover Model of Psychological Contract Breach.

PubMed

Liang, Huai-Liang

2018-01-01

Based on affective events theory and the crossover model, this study examines the effect of psychological contract breach on employee dysfunctional behavior and partner family undermining and explores the crossover effect of employee dysfunctional behavior on partner family undermining in work-family issues. This study collected 370 employee-partner dyads (277 male employees, 93 female employees, M age = 43.59 years) from a large manufacturing organization. The results of this study support the conception that employees' psychological contract breach results in frustration in the workplace. In addition, mediation analysis results reveal that psychological contract breach relates to employee dysfunctional behavior in the workplace. The findings show that partners' psychological strain mediates the relationship between employee dysfunctional behavior and partner family undermining. Furthermore, these findings provide investigations for the crossover model to display the value of psychological contract breach in family issues.

Secure Multi-party Computation Protocol for Defense Applications in Military Operations Using Virtual Cryptography

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

With the advent into the 20th century whole world has been facing the common dilemma of Terrorism. The suicide attacks on US twin towers 11 Sept. 2001, Train bombings in Madrid Spain 11 Mar. 2004, London bombings 7 Jul. 2005 and Mumbai attack 26 Nov. 2008 were some of the most disturbing, destructive and evil acts by terrorists in the last decade which has clearly shown their evil intent that they can go to any extent to accomplish their goals. Many terrorist organizations such as al Quaida, Harakat ul-Mujahidin, Hezbollah, Jaish-e-Mohammed, Lashkar-e-Toiba, etc. are carrying out training camps and terrorist operations which are accompanied with latest technology and high tech arsenal. To counter such terrorism our military is in need of advanced defense technology. One of the major issues of concern is secure communication. It has to be made sure that communication between different military forces is secure so that critical information is not leaked to the adversary. Military forces need secure communication to shield their confidential data from terrorist forces. Leakage of concerned data can prove hazardous, thus preservation and security is of prime importance. There may be a need to perform computations that require data from many military forces, but in some cases the associated forces would not want to reveal their data to other forces. In such situations Secure Multi-party Computations find their application. In this paper, we propose a new highly scalable Secure Multi-party Computation (SMC) protocol and algorithm for Defense applications which can be used to perform computation on encrypted data. Every party encrypts their data in accordance with a particular scheme. This encrypted data is distributed among some created virtual parties. These Virtual parties send their data to the TTP through an Anonymizer layer. TTP performs computation on encrypted data and announces the result. As the data sent was encrypted its actual value can’t be known by TTP

Apparatus for and method of monitoring for breached fuel elements

DOEpatents

Gross, K.C.; Strain, R.V.

1981-04-28

This invention teaches improved apparatus for the method of detecting a breach in cladded fuel used in a nuclear reactor. The detector apparatus uses a separate bypass loop for conveying part of the reactor coolant away from the core, and at least three separate delayed-neutron detectors mounted proximate this detector loop. The detectors are spaced apart so that the coolant flow time from the core to each detector is different, and these differences are known. The delayed-neutron activity at the detectors is a function of the delay time after the reaction in the fuel until the coolant carrying the delayed-neutron emitter passes the respective detector. This time delay is broken down into separate components including an isotopic holdup time required for the emitter to move through the fuel from the reaction to the coolant at the breach, and two transit times required for the emitter now in the coolant to flow from the breach to the detector loop and then via the loop to the detector.

Whip Rule Breaches in a Major Australian Racing Jurisdiction: Welfare and Regulatory Implications

PubMed Central

Hood, Jennifer; McDonald, Carolyn; Wilson, Bethany; McManus, Phil; McGreevy, Paul

2017-01-01

Simple Summary An evidence-based analysis of whip rule breaches in horse racing is needed to address community expectations that racehorses are treated humanely. The study provides the first peer-reviewed characterisation of whip rule breaches and their regulatory outcomes in horseracing, and considers the relationship between rules affecting racing integrity and the welfare of racehorses in a major Australian racing jurisdiction. Abstract Whip use in horseracing is increasingly being questioned on ethical, animal welfare, social sustainability, and legal grounds. Despite this, there is weak evidence for whip use and its regulation by Stewards in Australia. To help address this, we characterised whip rule breaches recorded by Stewards using Stewards Reports and Race Diaries from 2013 and 2016 in New South Wales (NSW) and the Australian Capital Territory (ACT). There were more recorded breaches at Metropolitan (M) than Country (C) or Provincial (P) locations, and by riders of horses that finished first, second, or third than by riders of horses that finished in other positions. The most commonly recorded breaches were forehand whip use on more than five occasions before the 100-metre (m) mark (44%), and whip use that raises the jockey’s arm above shoulder height (24%). It is recommended that racing compliance data be analysed annually to inform the evidence-base for policy, education, and regulatory change, and ensure the welfare of racehorses and racing integrity. PMID:28275207

BREACHING THE SEXUAL BOUNDARIES IN THE DOCTOR–PATIENT RELATIONSHIP: SHOULD ENGLISH LAW RECOGNISE FIDUCIARY DUTIES?

PubMed Central

Ost, Suzanne

2016-01-01

In this article, I argue that sexual exploitation in the doctor–patient relationship would be dealt with more appropriately by the law in England and Wales on the basis of a breach of fiduciary duty. Three different types of sexual boundary breaches are discussed, and the particular focus is on breaches where the patient's consent is obtained through inducement. I contend that current avenues of redress do not clearly catch this behaviour and, moreover, they fail to capture the essence of the wrong committed by the doctor—the knowing breach of trust for self-gain—and the calculated way in which consent is induced. Finally, I demonstrate that the fiduciary approach is compatible with the contemporary pro-patient autonomy model of the doctor–patient relationship. PMID:26846652

Patient-Centered Access to Secure Systems Online (PCASSO): a secure approach to clinical data access via the World Wide Web.

PubMed Central

Masys, D. R.; Baker, D. B.

1997-01-01

The Internet's World-Wide Web (WWW) provides an appealing medium for the communication of health related information due to its ease of use and growing popularity. But current technologies for communicating data between WWW clients and servers are systematically vulnerable to certain types of security threats. Prominent among these threats are "Trojan horse" programs running on client workstations, which perform some useful and known function for a user, while breaching security via background functions that are not apparent to the user. The Patient-Centered Access to Secure Systems Online (PCASSO) project of SAIC and UCSD is a research, development and evaluation project to exploit state-of-the-art security and WWW technology for health care. PCASSO is designed to provide secure access to clinical data for healthcare providers and their patients using the Internet. PCASSO will be evaluated for both safety and effectiveness, and may provide a model for secure communications via public data networks. PMID:9357644

Information Security Scheme Based on Computational Temporal Ghost Imaging.

PubMed

Jiang, Shan; Wang, Yurong; Long, Tao; Meng, Xiangfeng; Yang, Xiulun; Shu, Rong; Sun, Baoqing

2017-08-09

An information security scheme based on computational temporal ghost imaging is proposed. A sequence of independent 2D random binary patterns are used as encryption key to multiply with the 1D data stream. The cipher text is obtained by summing the weighted encryption key. The decryption process can be realized by correlation measurement between the encrypted information and the encryption key. Due to the instinct high-level randomness of the key, the security of this method is greatly guaranteed. The feasibility of this method and robustness against both occlusion and additional noise attacks are discussed with simulation, respectively.

Subversion: The Neglected Aspect of Computer Security.

DTIC Science & Technology

1980-06-01

fundamentally flawed. Recall from mathematics that it is sufficient to disprove a4 proposition (e.g., that a system is secure) by showing only one example where...made. This lack of protection is one of the fundamental reasons why the subversion of computer systems can be so effective. Later chapters will amplify...an area of code that will not be liable to revision. Operatine system software, as pointed out earlier, is often riddled with design errors or subject

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

NASA Astrophysics Data System (ADS)

Bhadauria, Rohit; Sanyal, Sugata

2012-06-01

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.

ASTER Images Flooding from Mississippi River Levee Breach

NASA Image and Video Library

2011-05-10

NASA Terra spacecraft shows the resultant flooding of farmland west of the Mississippi 20 miles south of the Mississippi River levee breach. U.S. Army Corps of Engineers detonated explosives at the Birds Point levee near Wyatt, Missouri, on May 2, 2011.

Expert system for surveillance and diagnosis of breach fuel elements

DOEpatents

Gross, Kenny C.

1989-01-01

An apparatus and method are disclosed for surveillance and diagnosis of breached fuel elements in a nuclear reactor. A delayed neutron monitoring system provides output signals indicating the delayed neutron activity and age and the equivalent recoil areas of a breached fuel element. Sensors are used to provide outputs indicating the status of each component of the delayed neutron monitoring system. Detectors also generate output signals indicating the reactor power level and the primary coolant flow rate of the reactor. The outputs from the detectors and sensors are interfaced with an artificial intelligence-based knowledge system which implements predetermined logic and generates output signals indicating the operability of the reactor.

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

Computer Security Incident Response Team Effectiveness: A Needs Assessment

PubMed Central

Van der Kleij, Rick; Kleinhuis, Geert; Young, Heather

2017-01-01

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response. PMID:29312051

Computer Security Incident Response Team Effectiveness: A Needs Assessment.

PubMed

Van der Kleij, Rick; Kleinhuis, Geert; Young, Heather

2017-01-01

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response.

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

75 FR 13138 - Grand Ditch Breach Restoration Environmental Impact Statement, Rocky Mountain National Park, CO

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-18

... DEPARTMENT OF THE INTERIOR National Park Service Grand Ditch Breach Restoration Environmental... Restoration, Rocky Mountain National Park, Colorado. SUMMARY: Pursuant to the National Environmental Policy... Statement for the Grand Ditch Breach Restoration, Rocky Mountain National Park, Colorado. This effort will...

I Am So Tired… How Fatigue May Exacerbate Stress Reactions to Psychological Contract Breach

PubMed Central

Achnak, Safâa; Griep, Yannick; Vantilborgh, Tim

2018-01-01

Previous research showed that perceptions of psychological contract (PC) breach have undesirable individual and organizational consequences. Surprisingly, the PC literature has paid little to no attention to the relationship between PC breach perceptions and stress. A better understanding of how PC breach may elicit stress seems crucial, given that stress plays a key role in employees' physical and mental well-being. Based on Conservation of Resources Theory, we suggest that PC breach perceptions represent a perceived loss of valued resources, subsequently leading employees to experience higher stress levels resulting from emerging negative emotions. Moreover, we suggest that this mediated relationship is moderated by initial levels of fatigue, due to fatigue lowering the personal resources necessary to cope with breach events. To tests our hypotheses, we analyzed the multilevel data we obtained from two experience sampling designs (Study 1: 51 Belgian employees; Study 2: 53 US employees). Note that the unit of analysis is “observations” rather than “respondents,” resulting in an effective sample size of 730 (Study 1) and 374 (Study 2) observations. In both studies, we found evidence for the mediating role of negative emotions in the PC breach—stress relationship. In the second study, we also found evidence for the moderating role of fatigue in the mediated PC breach—stress relationship. Implications for research and practice are discussed. PMID:29559935

Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.

PubMed

Drolet, Brian C; Marwaha, Jayson S; Hyatt, Brad; Blazar, Phillip E; Lifchez, Scott D

2017-06-01

Technology has enhanced modern health care delivery, particularly through accessibility to health information and ease of communication with tools like mobile device messaging (texting). However, text messaging has created new risks for breach of protected health information (PHI). In the current study, we sought to evaluate hand surgeons' knowledge and compliance with privacy and security standards for electronic communication by text message. A cross-sectional survey of the American Society for Surgery of the Hand membership was conducted in March and April 2016. Descriptive and inferential statistical analyses were performed of composite results as well as relevant subgroup analyses. A total of 409 responses were obtained (11% response rate). Although 63% of surgeons reported that they believe that text messaging does not meet Health Insurance Portability and Accountability Act of 1996 security standards, only 37% reported they do not use text messages to communicate PHI. Younger surgeons and respondents who believed that their texting was compliant were statistically significantly more like to report messaging of PHI (odds ratio, 1.59 and 1.22, respectively). A majority of hand surgeons in this study reported the use of text messaging to communicate PHI. Of note, neither the Health Insurance Portability and Accountability Act of 1996 statute nor US Department of Health and Human Services specifically prohibits this form of electronic communication. To be compliant, surgeons, practices, and institutions need to take reasonable security precautions to prevent breach of privacy with electronic communication. Communication of clinical information by text message is not prohibited under Health Insurance Portability and Accountability Act of 1996, but surgeons should use appropriate safeguards to prevent breach when using this form of communication. Copyright © 2017 American Society for Surgery of the Hand. Published by Elsevier Inc. All rights reserved.

Securing Emergency State Data in a Tactical Computing Environment

DTIC Science & Technology

2010-12-01

in a Controlled Manner, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS󈧊), 847–854. [38] K. Kifayat, D. Llewellyn - Jones , A. Arabo, O...Drew, M. Merabti, Q. Shi, A. Waller, R. Craddock, G. Jones , State-of-the-Art in System-of-Systems Security for Crisis Management, Fourth Annual

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

Trusted Storage: Putting Security and Data Together

NASA Astrophysics Data System (ADS)

Willett, Michael; Anderson, Dave

State and Federal breach notification legislation mandates that the affected parties be notified in case of a breach of sensitive personal data, unless the data was provably encrypted. Self-encrypting hard drives provide the superior solution for encrypting data-at-rest when compared to software-based solutions. Self-encrypting hard drives, from the laptop to the data center, have been standardized across the hard drive industry by the Trusted Computing Group. Advantages include: simplified management (including keys), no performance impact, quick data erasure and drive re-purposing, no interference with end-to-end data integrity metrics, always encrypting, no cipher-text exposure, and scalability in large data centers.

BREACHING THE SEXUAL BOUNDARIES IN THE DOCTOR-PATIENT RELATIONSHIP: SHOULD ENGLISH LAW RECOGNISE FIDUCIARY DUTIES?

PubMed

Ost, Suzanne

2016-01-01

In this article, I argue that sexual exploitation in the doctor-patient relationship would be dealt with more appropriately by the law in England and Wales on the basis of a breach of fiduciary duty. Three different types of sexual boundary breaches are discussed, and the particular focus is on breaches where the patient's consent is obtained through inducement. I contend that current avenues of redress do not clearly catch this behaviour and, moreover, they fail to capture the essence of the wrong committed by the doctor-the knowing breach of trust for self-gain-and the calculated way in which consent is induced. Finally, I demonstrate that the fiduciary approach is compatible with the contemporary pro-patient autonomy model of the doctor-patient relationship. © The Author 2016. Published by Oxford University Press; all rights reserved. For Permissions, please email: journals.permissions@oup.com.

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Computer applications for the hospital security department--buying or developing a shift log reporting system.

PubMed

Gruber, T

1996-01-01

The author presents guidelines to help a security department select a computer system to track security activities--whether it's a commercial software product, an in-house developed program, or a do-it-yourself designed system. Computerized security activity reporting, he believes, is effective and beneficial.

Is Test Security an Issue in a Multistation Clinical Assessment?--A Preliminary Study.

ERIC Educational Resources Information Center

Stillman, Paula L.; And Others

1991-01-01

A study investigated possible differences in standardized patient examination scores for three groups of undergraduate (n=176) and graduate (n=221) medical students assessed at different sites over two years. Results show no systematic change in scores over testing dates, suggesting no problems with breach of test security. (MSE)

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

Psychological Contract Breach and Job Attitudes: A Meta-Analysis of Age as a Moderator

ERIC Educational Resources Information Center

Bal, P. Matthijs; De Lange, Annet H.; Jansen, Paul G. W.; Van Der Velde, Mandy E. G.

2008-01-01

The aim of this study was to examine the influence of age in the relation between psychological contract breach and the development of job attitudes. Based on affective events, social exchange, and lifespan theory, we hypothesized that (1) psychological contract breach would be related negatively to job attitudes, and (2) that age would moderate…

hPIN/hTAN: Low-Cost e-Banking Secure against Untrusted Computers

NASA Astrophysics Data System (ADS)

Li, Shujun; Sadeghi, Ahmad-Reza; Schmitz, Roland

We propose hPIN/hTAN, a low-cost token-based e-banking protection scheme when the adversary has full control over the user's computer. Compared with existing hardware-based solutions, hPIN/hTAN depends on neither second trusted channel, nor secure keypad, nor computationally expensive encryption module.

Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

ERIC Educational Resources Information Center

Foltz, C. Bryan; Renwick, Janet S.

2011-01-01

The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

Sensitivity of outflow peaks and flood stages to the selection of dam breach parameters and simulation models

NASA Astrophysics Data System (ADS)

Singh, Krishan P.; Snorrason, Arni

1984-02-01

Important breach parameters were identified and their ranges were estimated from a detailed study of historical earthdam failures due to overtopping. The U.S. Army Corps of Engineers Hydrologic Engineering Center (HEC) and the National Weather Service (NWS) dam breach models were chosen for evaluation and simulation. Both models use similar input data and breach descriptions, but the HEC uses the hydrologic routing method (modified Puls method), whereas the NWS uses the St. Vénant equations for routing. Information on eight dams in Illinois was taken from the Corps of Engineers inspection reports, and surveyed cross-sections of the downstream channels were supplied by the Division of Water Resources of the Illinois Department of Transportation. Various combinations of breach parameters (failure time, TF; depth of overtopping, hf; and breach size, B) were used for breach simulations by both methods with the 1.00PMF, 0.50PMF and 0.25PMF (probable maximum flood) inflow hydrographs. In general, the flood stage profiles predicted by the NWS were smoother and more reasonable than those predicted by the HEC. For channels with relatively steep slopes, the methods compared fairly well, whereas for the channels with mild slope, the HEC model often predicted oscillating, erratic flood stages, mainly due to its inability to route flood waves satisfactorily in non-prismatic channels. The breach outflow peaks are affected significantly by B but less so by hf. The ratio of outflow peak to inflow peak and the effect of TF on outflow decrease as the drainage area above the dam and impounded storage increase. Flood stage profiles predicted with cross-sections taken from 7.5' maps compared favorably with those predicted using surveyed cross-sections. For the range of breach parameters studied, the range of outflow peaks and flood stages downstream from the dam can be determined for regulatory and disaster prevention measures.

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

Expert system for surveillance and diagnosis of breach fuel elements

DOEpatents

Gross, K.C.

1988-01-21

An apparatus and method are disclosed for surveillance and diagnosis of breached fuel elements in a nuclear reactor. A delayed neutron monitoring system provides output signals indicating the delayed neutron activity and age and the equivalent recoil area of a breached fuel element. Sensors are used to provide outputs indicating the status of each component of the delayed neutron monitoring system. Detectors also generate output signals indicating the reactor power level and the primary coolant flow rate of the reactor. The outputs from the detectors and sensors are interfaced with an artificial intelligence-based knowledge system which implements predetermined logic and generates output signals indicating the operability of the reactor. 2 figs.

Business Administration and Computer Science Degrees: Earnings, Job Security, and Job Satisfaction

ERIC Educational Resources Information Center

Mehta, Kamlesh; Uhlig, Ronald

2017-01-01

This paper examines the potential of business administration vs. computer science degrees in terms of earnings, job security, and job satisfaction. The paper focuses on earnings potential five years and ten years after the completion of business administration and computer science degrees. Moreover, the paper presents the income changes with…

Report: No Significant Residual Contamination Found at Deleted Superfund Sites, But Security Fences Were Damaged at Some Sites

EPA Pesticide Factsheets

Report #15-P-0013, November 10, 2014. Continued security breaches at some sites could impair the effectiveness of the remedy to protect human health and the environment and could expose trespassers to safety or health risks.

Advanced Computational Methods for Security Constrained Financial Transmission Rights

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kalsi, Karanjit; Elbert, Stephen T.; Vlachopoulou, Maria

Financial Transmission Rights (FTRs) are financial insurance tools to help power market participants reduce price risks associated with transmission congestion. FTRs are issued based on a process of solving a constrained optimization problem with the objective to maximize the FTR social welfare under power flow security constraints. Security constraints for different FTR categories (monthly, seasonal or annual) are usually coupled and the number of constraints increases exponentially with the number of categories. Commercial software for FTR calculation can only provide limited categories of FTRs due to the inherent computational challenges mentioned above. In this paper, first an innovative mathematical reformulationmore » of the FTR problem is presented which dramatically improves the computational efficiency of optimization problem. After having re-formulated the problem, a novel non-linear dynamic system (NDS) approach is proposed to solve the optimization problem. The new formulation and performance of the NDS solver is benchmarked against widely used linear programming (LP) solvers like CPLEX™ and tested on both standard IEEE test systems and large-scale systems using data from the Western Electricity Coordinating Council (WECC). The performance of the NDS is demonstrated to be comparable and in some cases is shown to outperform the widely used CPLEX algorithms. The proposed formulation and NDS based solver is also easily parallelizable enabling further computational improvement.« less

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation.

PubMed

Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

2018-05-17

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation

PubMed Central

Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

2018-01-01

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional “encrypt-then-sign” or “sign-then-encrypt” strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation. PMID:29772840

Integrated homeland security system with passive thermal imaging and advanced video analytics

NASA Astrophysics Data System (ADS)

Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

2007-04-01

A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

The health information system security threat lifecycle: an informatics theory.

PubMed

Fernando, Juanita I; Dawson, Linda L

2009-12-01

This manuscript describes the health information system security threat lifecycle (HISSTL) theory. The theory is grounded in case study data analyzing clinicians' health information system (HIS) privacy and security (P&S) experiences in the practice context. The 'questerview' technique was applied to this study of 26 clinicians situated in 3 large Australian (across Victoria) teaching hospitals. Questerviews rely on data collection that apply standardized questions and questionnaires during recorded interviews. Analysis (using Nvivo) involved the iterative scrutiny of interview transcripts to identify emergent themes. Issues including poor training, ambiguous legal frameworks containing punitive threats, productivity challenges, usability errors and the limitations of the natural hospital environment emerged from empirical data about the clinicians' HIS P&S practices. The natural hospital environment is defined by the permanence of electronic HISs (e-HISs), shared workspaces, outdated HIT infrastructure, constant interruption, a P&S regulatory environment that is not conducive to optimal training outcomes and budgetary constraints. The evidence also indicated the obtrusiveness, timeliness, and reliability of P&S implementations for clinical work affected participant attitudes to, and use of, e-HISs. The HISSTL emerged from the analysis of study evidence. The theory embodies elements such as the fiscal, regulatory and natural hospital environments which impede P&S implementations in practice settings. These elements conflict with improved patient care outcomes. Efforts by clinicians to avoid conflict and emphasize patient care above P&S tended to manifest as security breaches. These breaches entrench factors beyond clinician control and perpetuate those within clinician control. Security breaches of health information can progress through the HISSTL. Some preliminary suggestions for addressing these issues are proposed. Legislative frameworks that are not related to

Secure medical information sharing in cloud computing.

PubMed

Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

2015-01-01

Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

The 1960 tsunami on beach-ridge plains near Maullín, Chile: Landward descent, renewed breaches, aggraded fans, multiple predecessors

USGS Publications Warehouse

Atwater, Brian F.; Cisternas, Marco; Yulianto, E.; Prendergast, A.; Jankaew, K.; Eipert, A.; Fernando, Warnakulasuriya; Tejakusuma, Iwan; Schiappacasse, Ignacio; Sawai, Yuki

2013-01-01

The Chilean tsunami of 22 May 1960 reamed out a breach and built up a fan as it flowed across a sparsely inhabited beach-ridge plain near Maullín, midway along the length of the tsunami source. Eyewitnesses to the flooding, interviewed mainly in 1988 and 1989, identified levels that the tsunami had reached on high ground, trees, and build- ings. The maximum levels fell, from about 10 m to 2 m, between the mouth of the tidal Río Maullín and an inundation limit nearly 5 km inland across the plain. Along this profile at Caulle, where the maximum flow depth was a few meters deep, airphotos taken in 1961 show breaches across a road on a sandy beach ridge. Inland from one of these breaches is a fan with branched distributaries. Today its breach holds a pond that has been changing into a marsh. The 1960 fan deposits, as much as 60 cm thick, are traceable inland for 120 m from the breach. They rest on a pasture soil above two additional sand bodies, each atop its own buried soil. The earlier of the pre-1960 sand bodies probably dates to AD 1270-1400, in which case its age is not statistically different from that of a sand sheet previously dated elsewhere near Maullín. The breach likely originated then and has been freshened twice. Evidence that the breach was freshened in 1960 includes a near-basal interval of cobble-size clasts of sediment and soil, most of them probably derived from the organic fill of pre-1960 breach. The cobbly interval is overlain by sand with ripple-drift laminae that record landward flow. The fan of another breach near Maullín, at Chanhué, also provides stratigraphic evidence for recurrent tsunamis, though not necessarily for the repeated use of the breach. These findings were anticipated a half century ago by descrip- tion of paired breaches and fans that the 1960 Chilean tsunami produced in Japan. Breaches and their fans may provide lasting evidence for tsunami inundation of beach-ridge plains. The breaches might be detectable by remote

The method of a joint intraday security check system based on cloud computing

NASA Astrophysics Data System (ADS)

Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

2017-01-01

The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

The Role of HIPAA Omnibus Rules in Reducing the Frequency of Medical Data Breaches: Insights From an Empirical Study.

PubMed

Yaraghi, Niam; Gopal, Ram D

2018-03-01

Policy Points: Frequent data breaches in the US health care system undermine the privacy of millions of patients every year-a large number of which happen among business associates of the health care providers that continue to gain unprecedented access to patients' data as the US health care system becomes digitally integrated. Implementation of the HIPAA Omnibus Rules in 2013 has led to a significant decrease in the number of privacy breach incidents among business associates. Frequent data breaches in the US health care system undermine the privacy of millions of patients every year. A large number of such breaches happens among business associates of the health care providers that continue to gain unprecedented access to patients' data as the US health care system becomes digitally integrated. The Omnibus Rules of the Health Insurance Portability and Accountability Act (HIPAA), which were enacted in 2013, significantly increased the regulatory oversight and privacy protection requirements of business associates. The objective of this study is to empirically examine the effects of this shift in policy on the frequency of medical privacy breaches among business associates in the US health care system. The findings of this research shed light on how regulatory efforts can protect patients' privacy. Using publicly available data on breach incidents between October 2009 and August 2017 as reported by the Office for Civil Rights (OCR), we conducted an interrupted time-series analysis and a difference-in-differences analysis to examine the immediate and long-term effects of implementation of HIPAA omnibus rules on the frequency of medical privacy breaches. We show that implementation of the omnibus rules led to a significant reduction in the number of breaches among business associates and prevented 180 privacy breaches from happening, which could have affected nearly 18 million Americans. Implementation of HIPAA omnibus rules may have been a successful federal policy

After the data breach: Managing the crisis and mitigating the impact.

PubMed

Brown, Hart S

2016-01-01

Historically, the unauthorised access and theft of information was a tactic used between countries as part of espionage campaigns, during times of conflict as well as for personal and criminal purposes. The consumers of the information were relatively isolated and specific. As information became stored and digitised in larger quantities in the 1980s the ability to access mass amounts of records at one time became possible. The expertise needed to remotely access and exfiltrate the data was not readily available and the number of markets to monetise the data was limited. Over the past ten years, shadow networks have been used by criminals to collaborate on hacking techniques, exchange hacking advice anonymously and commercialise data on the black market. The intersection of these networks along with the unintentional losses of information have resulted in 5,810 data breaches made public since 2005 (comprising some 847,807,830 records) and the velocity of these events is increasing. Organisations must be prepared for a potential breach event to maintain cyber resiliency. Proper management of a breach response can reduce response costs and can serve to mitigate potential reputational losses.

Controls on the breach geometry and flood hydrograph during overtopping of non-cohesive earthen dams

USGS Publications Warehouse

Walder, Joseph S.; Iverson, Richard M.; Godt, Jonathan W.; Logan, Matthew; Solovitz, Stephen A.

2015-01-01

Overtopping failure of non-cohesive earthen dams was investigated in 13 large-scale experiments with dams built of compacted, damp, fine-grained sand. Breaching was initiated by cutting a notch across the dam crest and allowing water escaping from a finite upstream reservoir to form its own channel. The channel developed a stepped profile, and upstream migration of the steps, which coalesced into a headcut, led to the establishment of hydraulic control (critical flow) at the channel head, or breach crest, an arcuate erosional feature that functions hydraulically as a weir. Novel photogrammetric methods, along with underwater videography, revealed that the retreating headcut maintained a slope near the angle of friction of the sand, while the cross section at the breach crest maintained a geometrically similar shape through time. That cross-sectional shape was nearly unaffected by slope failures, contrary to the assumption in many models of dam breaching. Flood hydrographs were quite reproducible--for sets of dams ranging in height from 0.55 m to 0.98 m--when the time datum was chosen as the time that the migrating headcut intersected the breach crest. Peak discharge increased almost linearly as a function of initial dam height. Early-time variability between flood hydrographs for nominally identical dams is probably a reflection of subtle experiment-to-experiment differences in groundwater hydrology and the interaction between surface water and groundwater.

Compliance Issues and Homeland Security with New Federal Regulations for Higher Education Institutions

ERIC Educational Resources Information Center

Valcik, Nicolas A.

2010-01-01

Research advancements into different fields of study have increased the risks for accidents, criminal acts, or a potential breach of national security, and the types of hazardous materials (HAZMAT) stored and used at universities and colleges are under new scrutiny. Before, a chemistry laboratory might only have basic substances such as sulfur,…

50 CFR 38.9 - Breach of the peace.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 50 Wildlife and Fisheries 6 2010-10-01 2010-10-01 false Breach of the peace. 38.9 Section 38.9 Wildlife and Fisheries UNITED STATES FISH AND WILDLIFE SERVICE, DEPARTMENT OF THE INTERIOR (CONTINUED) THE... arouse or gratify sexual desire of any other person, expose one's genitals under circumstances in which...

Frequency of and reasons for pharmacy residents breaching the National Matching Services applicant agreement.

PubMed

Cohen, Victor; Jellinek, Samantha P; Blecker, Michael; Cocchio, Craig; Likourezos, Antonios; Shah, Bupendra

2010-11-01

The frequency of and reasons for pharmacy residents breaching the National Matching Services (NMS) applicant agreement were evaluated. An electronic survey was sent via e-mail to residency program directors of ASHP-accredited postgraduate year 1 pharmacy residencies in the United States. The survey instrument was developed based on an initial pilot survey used to test the clarity and reliability of the questions. The primary objective of the survey was to determine the frequency with which pharmacy residents breach the NMS applicant agreement and fail to report to their assigned site. Characteristics of ASHP- accredited residency programs with residents who breached the NMS agreement and any punitive action taken on these individuals were also analyzed. Of the 636 surveys sent to residency program directors, 302 complete surveys were returned, yielding a response rate of 47.5%. Twenty-six respondents (8.6%) indicated that within the past five years, they had matched candidates who failed to report to their assigned site. Of these respondents, 13 (50%) reported the candidate to ASHP; 11 (44%) took no action. Respondents indicated that they would be comfortable reporting all candidates who breach the NMS agreement to ASHP and placing the candidates' information on a list accessible electronically only to residency program directors. Less than 10% of residency program directors reported having residency candidates who breached the NMS applicant agreement. The majority of these respondents indicated that these residents were not their first choices. The most common reason for candidate withdrawal was family obligation.

A review of automated image understanding within 3D baggage computed tomography security screening.

PubMed

Mouton, Andre; Breckon, Toby P

2015-01-01

Baggage inspection is the principal safeguard against the transportation of prohibited and potentially dangerous materials at airport security checkpoints. Although traditionally performed by 2D X-ray based scanning, increasingly stringent security regulations have led to a growing demand for more advanced imaging technologies. The role of X-ray Computed Tomography is thus rapidly expanding beyond the traditional materials-based detection of explosives. The development of computer vision and image processing techniques for the automated understanding of 3D baggage-CT imagery is however, complicated by poor image resolutions, image clutter and high levels of noise and artefacts. We discuss the recent and most pertinent advancements and identify topics for future research within the challenging domain of automated image understanding for baggage security screening CT.

Coastal bathymetry data collected in June 2014 from Fire Island, New York—The wilderness breach and shoreface

USGS Publications Warehouse

Nelson, Timothy R.; Miselis, Jennifer L.; Hapke, Cheryl J.; Wilson, Kathleen E.; Henderson, Rachel E.; Brenner, Owen T.; Reynolds, Billy J.; Hansen, Mark E.

2016-08-02

Scientists from the U.S. Geological Survey St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, collected bathymetric data along the upper shoreface and within the wilderness breach at Fire Island, New York, in June 2014. The U.S. Geological Survey is involved in a post-Hurricane Sandy effort to map and monitor the morphologic evolution of the shoreface along Fire Island and model the evolution of the wilderness breach as a part of the Hurricane Sandy Supplemental Project GS2-2B. During this study, bathymetry was collected with single-beam echo sounders and global positioning systems, mounted to personal watercraft, along the Fire Island shoreface and within the wilderness breach. Additional bathymetry was collected using backpack global positioning systems along the flood shoals and shallow channels within the wilderness breach.

Measuring the Level of Security in the K-12 IT Environment in Southern California

ERIC Educational Resources Information Center

Brown, Brandon R.

2016-01-01

Kindergartens through twelfth grade institutions (K-12) are susceptible to unauthorized breaches to the security of their networked systems. These systems house sensitive information for students and staff alike. K-12 organizations face a significant risk for loss of this information that can damage reputation and pose liability. Perpetrators have…

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Security Applications Of Computer Motion Detection

NASA Astrophysics Data System (ADS)

Bernat, Andrew P.; Nelan, Joseph; Riter, Stephen; Frankel, Harry

1987-05-01

An important area of application of computer vision is the detection of human motion in security systems. This paper describes the development of a computer vision system which can detect and track human movement across the international border between the United States and Mexico. Because of the wide range of environmental conditions, this application represents a stringent test of computer vision algorithms for motion detection and object identification. The desired output of this vision system is accurate, real-time locations for individual aliens and accurate statistical data as to the frequency of illegal border crossings. Because most detection and tracking routines assume rigid body motion, which is not characteristic of humans, new algorithms capable of reliable operation in our application are required. Furthermore, most current detection and tracking algorithms assume a uniform background against which motion is viewed - the urban environment along the US-Mexican border is anything but uniform. The system works in three stages: motion detection, object tracking and object identi-fication. We have implemented motion detection using simple frame differencing, maximum likelihood estimation, mean and median tests and are evaluating them for accuracy and computational efficiency. Due to the complex nature of the urban environment (background and foreground objects consisting of buildings, vegetation, vehicles, wind-blown debris, animals, etc.), motion detection alone is not sufficiently accurate. Object tracking and identification are handled by an expert system which takes shape, location and trajectory information as input and determines if the moving object is indeed representative of an illegal border crossing.

Relationship between stakeholders' information value perception and information security behaviour

NASA Astrophysics Data System (ADS)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

Dam-breach analysis and flood-inundation mapping for Lakes Ellsworth and Lawtonka near Lawton, Oklahoma

USGS Publications Warehouse

Rendon, Samuel H.; Ashworth, Chad E.; Smith, S. Jerrod

2012-01-01

Dams provide beneficial functions such as flood control, recreation, and reliable water supplies, but they also entail risk: dam breaches and resultant floods can cause substantial property damage and loss of life. The State of Oklahoma requires each owner of a high-hazard dam, which the Federal Emergency Management Agency defines as dams for which failure or misoperation probably will cause loss of human life, to develop an emergency action plan specific to that dam. Components of an emergency action plan are to simulate a flood resulting from a possible dam breach and map the resulting downstream flood-inundation areas. The resulting flood-inundation maps can provide valuable information to city officials, emergency managers, and local residents for planning the emergency response if a dam breach occurs. Accurate topographic data are vital for developing flood-inundation maps. This report presents results of a cooperative study by the city of Lawton, Oklahoma, and the U.S. Geological Survey (USGS) to model dam-breach scenarios at Lakes Ellsworth and Lawtonka near Lawton and to map the potential flood-inundation areas of such dam breaches. To assist the city of Lawton with completion of the emergency action plans for Lakes Ellsworth and Lawtonka Dams, the USGS collected light detection and ranging (lidar) data that were used to develop a high-resolution digital elevation model and a 1-foot contour elevation map for the flood plains downstream from Lakes Ellsworth and Lawtonka. This digital elevation model and field measurements, streamflow-gaging station data (USGS streamflow-gaging station 07311000, East Cache Creek near Walters, Okla.), and hydraulic values were used as inputs for the dynamic (unsteady-flow) model, Hydrologic Engineering Center's River Analysis System (HEC-RAS). The modeled flood elevations were exported to a geographic information system to produce flood-inundation maps. Water-surface profiles were developed for a 75-percent probable maximum

Observation and modeling of the evolution of an ephemeral storm-induced inlet: Pea Island Breach, North Carolina, USA

NASA Astrophysics Data System (ADS)

Velasquez Montoya, Liliana; Sciaudone, Elizabeth J.; Mitasova, Helena; Overton, Margery F.

2018-03-01

The Outer Banks of North Carolina is a wave-dominated barrier island system that has experienced the opening and closure of numerous inlets in the last four centuries. The most recent of those inlets formed after the breaching of Pea Island during Hurricane Irene in 2011. The Pea Island Breach experienced a rapid evolution including episodic curvature of the main channel, rotation of the ebb channel, shoaling, widening by Hurricane Sandy in 2012, and finally closing before the summer of 2013. Studying the life cycle of Pea Island Breach contributes to understanding the behavior of ephemeral inlets in breaching-prone regions. This topic has gained relevance due to rising sea levels, a phenomenon that increases the chances of ephemeral inlet formation during extreme events. This study explores the spatiotemporal effects of tides, waves, and storms on flow velocities and morphology of the breach by means of remotely sensed data, geospatial metrics, and a numerical model. The combined use of observations and results from modeling experiments allowed building a conceptual model to explain the life cycle of Pea Island Breach. Wave seasonality dominated the morphological evolution of the inlet by controlling the magnitude and direction of the longshore current that continuously built transient spits at both sides of the breach. Sensitivity analysis to external forcings indicates that ocean waves can modify water levels and velocities in the back barrier. Sound-side storm surge regulates overall growth rate, duration, and decay of peak water levels entering the inlet during extreme events.

Identifying Levee Breach Hotspots via Fine Resolution 2D Hydrodynamic Modeling - a Case Study in the Obion River

NASA Astrophysics Data System (ADS)

Bhuyian, M. N. M.; Kalyanapu, A. J.; Dullo, T. T.; VandenBerge, D.

2017-12-01

The Obion River, located in North-West Tennessee was channelized in last century to increase flow capacity and reduce flooding. Upstream of the river mainly consists of multiple tributaries that merge near Rives. The lowest water level (LWL) downstream of Rives has increased about four feet since 1980. It is estimated that this phenomenon could reduce 20% of channel conveyance if water surface slope is assumed same as channel slope. Reduction in conveyance would result in a frequent exposure to flood stage and higher stage for a given flood. Bed level change and exposure to flood stage are critical to levee safety. In the Obion River, levee breach was responsible for flooding in instances even when flood stage was lower than the levee crest. In such a circumstance, accurate simulation of inundation extent via conventional flood model is challenging because, the flood models consider ground data as static and cannot accommodate breaching unless the location of breaching is specified. Therefore, the objective of this study is to propose an approach for determining hotspots of levee breach via fine resolution hydrodynamic modeling to reduce uncertainty in flood inundation modeling. A two-dimensional LiDAR based hydrodynamic model for the Obion River would be used to determine levee breach hotspots using simulated flow parameters (i.e. current velocity, change in stage, time of exposure to high stage etc.) for a design flood event. Identifying breaching hotspots would allow determining probabilistic flood extent under probable breaching conditions. This should reduce uncertainty in inundation mapping in a channelized riverine system.

24 CFR 982.453 - Owner breach of contract.

Code of Federal Regulations, 2010 CFR

2010-04-01

...) If the owner has committed fraud, bribery or any other corrupt or criminal act in connection with any..., bribery or any other corrupt or criminal act in connection with the mortgage or loan. (5) If the owner has... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Owner breach of contract. 982.453...

Exploring the relationship between ADHD symptoms and prison breaches of discipline amongst youths in four Scottish prisons.

PubMed

Gordon, V; Williams, D J; Donnelly, P D

2012-04-01

To explore the relationship between attention deficit hyperactivity disorder (ADHD) symptoms (inattention, hyperactivity and impulsivity) and violent and non-violent prison breaches of discipline in incarcerated male youths aged 18-21 years. A case-control study of 169 male youth offenders incarcerated in Scottish prisons and classified as 'symptomatic' or 'non-symptomatic' of inattentive and hyperactive/impulsive ADHD symptoms. ADHD symptoms were measured using the Conners' Adult ADHD Rating Scales-Self Report: Long Version, and prison breaches of discipline were gathered from the Scottish Prison Service's Prisoner Records System. Youths who were symptomatic of Diagnostic and Statistical Manual of Mental Disorders, 4th Edition (DSM-IV) ADHD total symptoms had a significantly higher number of prison breaches of discipline than those who were non-symptomatic. Youths who were symptomatic of DSM-IV hyperactive/impulsive symptoms had a significantly higher number of violent and non-violent prison breaches of discipline than those who were non-symptomatic. However, no such significant difference was found between youths who were symptomatic and non-symptomatic of DSM-IV inattentive symptoms. Young male offenders who are symptomatic of ADHD have a higher number of prison breaches of discipline. In particular, symptoms of hyperactivity/impulsivity are associated with breaches of both a violent and non-violent nature. Implications of such symptoms on rehabilitation and recidivism are discussed. Copyright © 2012 The Royal Society for Public Health. Published by Elsevier Ltd. All rights reserved.

Smart photonic networks and computer security for image data

NASA Astrophysics Data System (ADS)

Campello, Jorge; Gill, John T.; Morf, Martin; Flynn, Michael J.

1998-02-01

Work reported here is part of a larger project on 'Smart Photonic Networks and Computer Security for Image Data', studying the interactions of coding and security, switching architecture simulations, and basic technologies. Coding and security: coding methods that are appropriate for data security in data fusion networks were investigated. These networks have several characteristics that distinguish them form other currently employed networks, such as Ethernet LANs or the Internet. The most significant characteristics are very high maximum data rates; predominance of image data; narrowcasting - transmission of data form one source to a designated set of receivers; data fusion - combining related data from several sources; simple sensor nodes with limited buffering. These characteristics affect both the lower level network design and the higher level coding methods.Data security encompasses privacy, integrity, reliability, and availability. Privacy, integrity, and reliability can be provided through encryption and coding for error detection and correction. Availability is primarily a network issue; network nodes must be protected against failure or routed around in the case of failure. One of the more promising techniques is the use of 'secret sharing'. We consider this method as a special case of our new space-time code diversity based algorithms for secure communication. These algorithms enable us to exploit parallelism and scalable multiplexing schemes to build photonic network architectures. A number of very high-speed switching and routing architectures and their relationships with very high performance processor architectures were studied. Indications are that routers for very high speed photonic networks can be designed using the very robust and distributed TCP/IP protocol, if suitable processor architecture support is available.

Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

NASA Astrophysics Data System (ADS)

Ahmad, Mushtaq

Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

Inter- and intra-observer reliability of measurement of pedicle screw breach assessed by postoperative CT scans.

PubMed

Lavelle, William F; Ranade, Ashish; Samdani, Amer F; Gaughan, John P; D'Andrea, Linda P; Betz, Randal R

2014-01-01

Pedicle screws are used increasingly in spine surgery. Concerns of complications associated with screw breach necessitates accurate pedicle screw placement. Postoperative CT imaging helps to detect screw malposition and assess its severity. However, accuracy is dependent on the reading of the CT scans. Inter- and intra-observer variability could affect the reliability of CT scans to assess multiple screw types and sites. The purpose of this study was to assess the reliability of multi-observer analysis of CT scans for determining pedicle screw breach for various screw types and sites in patients with spinal deformity or degenerative pathologies. Axial CT scan images of 23 patients (286 screws) were read by four experienced spine surgeons. Pedicle screw placement was considered 'In' when the screw was fully contained and/or the pedicle wall breach was ≤2 mm. 'Out' was defined as a breach in the medial or lateral pedicle wall >2 mm. Intra-class coefficients (ICC) were calculated to assess the inter- and intra-observer reliability. Marked inter- and intra-observer variability was noticed. The overall inter-observer ICC was 0.45 (95% confidence limits 0.25 to 0.65). The intra-observer ICC was 0.49 (95% confidence limits 0.29 to 0.69). Underlying spinal pathology, screw type, and patient age did not seem to impact the reliability of our CT assessments. Our results indicate the evaluation of pedicle screw breach on CT by a single surgeon is highly variable, and care should be taken when using individual CT evaluations of millimeters of breach as a basis for screw removal. This was a Level III study.

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

The QUANTGRID Project (RO)—Quantum Security in GRID Computing Applications

NASA Astrophysics Data System (ADS)

Dima, M.; Dulea, M.; Petre, M.; Petre, C.; Mitrica, B.; Stoica, M.; Udrea, M.; Sterian, R.; Sterian, P.

2010-01-01

The QUANTGRID Project, financed through the National Center for Programme Management (CNMP-Romania), is the first attempt at using Quantum Crypted Communications (QCC) in large scale operations, such as GRID Computing, and conceivably in the years ahead in the banking sector and other security tight communications. In relation with the GRID activities of the Center for Computing & Communications (Nat.'l Inst. Nucl. Phys.—IFIN-HH), the Quantum Optics Lab. (Nat.'l Inst. Plasma and Lasers—INFLPR) and the Physics Dept. (University Polytechnica—UPB) the project will build a demonstrator infrastructure for this technology. The status of the project in its incipient phase is reported, featuring tests for communications in classical security mode: socket level communications under AES (Advanced Encryption Std.), both proprietary code in C++ technology. An outline of the planned undertaking of the project is communicated, highlighting its impact in quantum physics, coherent optics and information technology.

Semiquantum key distribution with secure delegated quantum computation

PubMed Central

Li, Qin; Chan, Wai Hong; Zhang, Shengyu

2016-01-01

Semiquantum key distribution allows a quantum party to share a random key with a “classical” party who only can prepare and measure qubits in the computational basis or reorder some qubits when he has access to a quantum channel. In this work, we present a protocol where a secret key can be established between a quantum user and an almost classical user who only needs the quantum ability to access quantum channels, by securely delegating quantum computation to a quantum server. We show the proposed protocol is robust even when the delegated quantum server is a powerful adversary, and is experimentally feasible with current technology. As one party of our protocol is the most quantum-resource efficient, it can be more practical and significantly widen the applicability scope of quantum key distribution. PMID:26813384

Psychological contract types as moderator in the breach-violation and violation-burnout relationships.

PubMed

Jamil, Amber; Raja, Usman; Darr, Wendy

2013-01-01

This research examined the relationships between perceived psychological contract breach, felt violation, and burnout in a sample (n = 361) of employees from various organizations in Pakistan. The moderating role of contract types in these relationships was also tested. Findings supported a positive association between perceived psychological contract breach and felt violation and both were positively related to burnout. Transactional and relational contracts moderated the felt violation-burnout relationship. Scores on relational contract type tended to be higher than for transactional contract type showing some contextual influence.

Risk in the Clouds?: Security Issues Facing Government Use of Cloud Computing

NASA Astrophysics Data System (ADS)

Wyld, David C.

Cloud computing is poised to become one of the most important and fundamental shifts in how computing is consumed and used. Forecasts show that government will play a lead role in adopting cloud computing - for data storage, applications, and processing power, as IT executives seek to maximize their returns on limited procurement budgets in these challenging economic times. After an overview of the cloud computing concept, this article explores the security issues facing public sector use of cloud computing and looks to the risk and benefits of shifting to cloud-based models. It concludes with an analysis of the challenges that lie ahead for government use of cloud resources.

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Apparatus for and method of monitoring for breached fuel elements

DOEpatents

Gross, Kenny C.; Strain, Robert V.

1983-01-01

This invention teaches improved apparatus for the method of detecting a breach in cladded fuel used in a nuclear reactor. The detector apparatus uses a separate bypass loop for conveying part of the reactor coolant away from the core, and at least three separate delayed-neutron detectors mounted proximate this detector loop. The detectors are spaced apart so that the coolant flow time from the core to each detector is different, and these differences are known. The delayed-neutron activity at the detectors is a function of the dealy time after the reaction in the fuel until the coolant carrying the delayed-neutron emitter passes the respective detector. This time delay is broken down into separate components including an isotopic holdup time required for the emitter to move through the fuel from the reaction to the coolant at the breach, and two transit times required for the emitter now in the coolant to flow from the breach to the detector loop and then via the loop to the detector. At least two of these time components are determined during calibrated operation of the reactor. Thereafter during normal reactor operation, repeated comparisons are made by the method of regression approximation of the third time component for the best-fit line correlating measured delayed-neutron activity against activity that is approximated according to specific equations. The equations use these time-delay components and known parameter values of the fuel and of the part and emitting daughter isotopes.

Psychological contract breach and outcomes: Combining meta-analysis and structural equation models.

PubMed

Topa Cantisano, Gabriela; Morales Domínguez, J Francisco; Depolo, Marco

2008-08-01

In this study, meta-analytic procedures were used to examine the relationships between psychological contract perceived breach and certain outcome variables, such as organizational commitment, job satisfaction and organizational citizenship behaviours (OCB). Our review of the literature generated 41 independent samples in which perceived breach was used as a predictor of these personal and organizational outcomes. A medium effect size (ES) for desirable outcomes (job satisfaction, organizational commitment, organizational trust, OCB and performance) was obtained (r=-.35). For undesirable outcomes (neglect in role duties and intention to leave), ES were also medium (r=.31). When comparing attitudinal (job satisfaction, organizational commitment, organizational trust) and behavioural outcomes (OCB, neglect in role duties and performance), a stronger ES was found for attitudinal (r=-.24) than for behavioural outcomes (r=-.11). Potential moderator variables were examined, and it was found that they explained only a percentage of variability of primary studies. Structural equation analysis of the pooled meta-analytical correlation matrix indicated that the relationships of perceived breach with satisfaction, OCB, intention to leave and performance are fully mediated by organizational trust and commitment. Results are discussed in order to suggest theoretical and empirical implications.

Experimental realization of an entanglement access network and secure multi-party computation

NASA Astrophysics Data System (ADS)

Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

2016-07-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

Experimental realization of an entanglement access network and secure multi-party computation

NASA Astrophysics Data System (ADS)

Chang, Xiuying; Deng, Donglin; Yuan, Xinxing; Hou, Panyu; Huang, Yuanyuan; Duan, Luming; Department of Physics, University of Michigan Collaboration; CenterQuantum Information in Tsinghua University Team

2017-04-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

Securing Information in the Healthcare Industry: Network Security, Incident Management, and Insider Threat

DTIC Science & Technology

2010-09-23

Chris, ―An Analysis of Breaches Affecting 500 or More Individuals in Healthcare‖, HITRUST, August 2010. 2. ―2009 Annual Study: Cost of a Data Breach ,‖ Ponemon...penalties for willful neglect • Loss of human life? — While many concerns focus on a data breach , some vulnerabilities can be more severe

Report: EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0847, September 21, 2012.Our review of the security posture and in-place environmental controls of EPA’s Radiation and Indoor Environments National Laboratory computer room disclosed an array of security and environmental control deficiencies.

Experimental realization of an entanglement access network and secure multi-party computation

PubMed Central

Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

2016-01-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-20

... Institute of Standards and Technology (NIST), United States Department of Commerce. ACTION: Notice, extension of comment period. SUMMARY: NIST is extending the deadline for submitting comments relating to Computer Security Incident Coordination. NIST experienced technical difficulties with receiving email...

Data mining technique for a secure electronic payment transaction using MJk-RSA in mobile computing

NASA Astrophysics Data System (ADS)

G. V., Ramesh Babu; Narayana, G.; Sulaiman, A.; Padmavathamma, M.

2012-04-01

Due to the evolution of the Electronic Learning (E-Learning), one can easily get desired information on computer or mobile system connected through Internet. Currently E-Learning materials are easily accessible on the desktop computer system, but in future, most of the information shall also be available on small digital devices like Mobile, PDA, etc. Most of the E-Learning materials are paid and customer has to pay entire amount through credit/debit card system. Therefore, it is very important to study about the security of the credit/debit card numbers. The present paper is an attempt in this direction and a security technique is presented to secure the credit/debit card numbers supplied over the Internet to access the E-Learning materials or any kind of purchase through Internet. A well known method i.e. Data Cube Technique is used to design the security model of the credit/debit card system. The major objective of this paper is to design a practical electronic payment protocol which is the safest and most secured mode of transaction. This technique may reduce fake transactions which are above 20% at the global level.

Coastal bathymetry data collected in May 2015 from Fire Island, New York—Wilderness breach and shoreface

USGS Publications Warehouse

Nelson, Timothy R.; Miselis, Jennifer L.; Hapke, Cheryl J.; Brenner, Owen T.; Henderson, Rachel E.; Reynolds, Billy J.; Wilson, Kathleen E.

2017-05-12

Scientists from the U.S. Geological Survey (USGS) St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, conducted a bathymetric survey of Fire Island from May 6-20, 2015. The USGS is involved in a post-Hurricane Sandy effort to map and monitor the morphologic evolution of the wilderness breach as a part of the Hurricane Sandy Supplemental Project GS2-2B. During this study, bathymetry data were collected with single-beam echo sounders and Global Positioning Systems, which were mounted to personal watercraft, along the Fire Island shoreface and within the wilderness breach. Additional bathymetry and elevation data were collected using backpack Global Positioning Systems on flood shoals and in shallow channels within the wilderness breach.

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

PubMed

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

25 CFR 163.42 - Obligated service and breach of contract.

Code of Federal Regulations, 2012 CFR

2012-04-01

... REGULATIONS Forestry Education, Education Assistance, Recruitment and Training § 163.42 Obligated service and breach of contract. (a) Obligated service. (1) Individuals completing forestry education programs with an... 90 days of the date all program education requirements have been completed. If such employment is not...

25 CFR 163.42 - Obligated service and breach of contract.

Code of Federal Regulations, 2014 CFR

2014-04-01

... REGULATIONS Forestry Education, Education Assistance, Recruitment and Training § 163.42 Obligated service and breach of contract. (a) Obligated service. (1) Individuals completing forestry education programs with an... 90 days of the date all program education requirements have been completed. If such employment is not...

25 CFR 163.42 - Obligated service and breach of contract.

Code of Federal Regulations, 2011 CFR

2011-04-01

... REGULATIONS Forestry Education, Education Assistance, Recruitment and Training § 163.42 Obligated service and breach of contract. (a) Obligated service. (1) Individuals completing forestry education programs with an... 90 days of the date all program education requirements have been completed. If such employment is not...

25 CFR 163.42 - Obligated service and breach of contract.

Code of Federal Regulations, 2013 CFR

2013-04-01

... REGULATIONS Forestry Education, Education Assistance, Recruitment and Training § 163.42 Obligated service and breach of contract. (a) Obligated service. (1) Individuals completing forestry education programs with an... 90 days of the date all program education requirements have been completed. If such employment is not...

Computer science security research and human subjects: emerging considerations for research ethics boards.

PubMed

Buchanan, Elizabeth; Aycock, John; Dexter, Scott; Dittrich, David; Hvizdak, Erin

2011-06-01

This paper explores the growing concerns with computer science research, and in particular, computer security research and its relationship with the committees that review human subjects research. It offers cases that review boards are likely to confront, and provides a context for appropriate consideration of such research, as issues of bots, clouds, and worms enter the discourse of human subjects review.

Flexible and Secure Computer-Based Assessment Using a Single Zip Disk

ERIC Educational Resources Information Center

Ko, C. C.; Cheng, C. D.

2008-01-01

Electronic examination systems, which include Internet-based system, require extremely complicated installation, configuration and maintenance of software as well as hardware. In this paper, we present the design and development of a flexible, easy-to-use and secure examination system (e-Test), in which any commonly used computer can be used as a…

The cyber security threat stops in the boardroom.

PubMed

Scully, Tim

The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

Securing the Next Ripple in Information Security: The Defense Industrial Base (DIB)

DTIC Science & Technology

2012-06-14

Cybersecurity model for the DIB needs to be more preventative rather than responsive and a model should stress continuous improvement. In a 2012 data breach investigation...of what they do, but most become a target because of what they do (or don’t do)”, in the 2011 Data Breach Investigations Report. Therefore the...txt Verizon Risk Team (2012). Data Breach Investigations Report. Verizon Business, March 2012. http://www.verizonbusiness.com/resources

BelleII@home: Integrate volunteer computing resources into DIRAC in a secure way

NASA Astrophysics Data System (ADS)

Wu, Wenjing; Hara, Takanori; Miyake, Hideki; Ueda, Ikuo; Kan, Wenxiao; Urquijo, Phillip

2017-10-01

The exploitation of volunteer computing resources has become a popular practice in the HEP computing community as the huge amount of potential computing power it provides. In the recent HEP experiments, the grid middleware has been used to organize the services and the resources, however it relies heavily on the X.509 authentication, which is contradictory to the untrusted feature of volunteer computing resources, therefore one big challenge to utilize the volunteer computing resources is how to integrate them into the grid middleware in a secure way. The DIRAC interware which is commonly used as the major component of the grid computing infrastructure for several HEP experiments proposes an even bigger challenge to this paradox as its pilot is more closely coupled with operations requiring the X.509 authentication compared to the implementations of pilot in its peer grid interware. The Belle II experiment is a B-factory experiment at KEK, and it uses DIRAC for its distributed computing. In the project of BelleII@home, in order to integrate the volunteer computing resources into the Belle II distributed computing platform in a secure way, we adopted a new approach which detaches the payload running from the Belle II DIRAC pilot which is a customized pilot pulling and processing jobs from the Belle II distributed computing platform, so that the payload can run on volunteer computers without requiring any X.509 authentication. In this approach we developed a gateway service running on a trusted server which handles all the operations requiring the X.509 authentication. So far, we have developed and deployed the prototype of BelleII@home, and tested its full workflow which proves the feasibility of this approach. This approach can also be applied on HPC systems whose work nodes do not have outbound connectivity to interact with the DIRAC system in general.

Making Sociology Relevant: The Assignment and Application of Breaching Experiments

ERIC Educational Resources Information Center

Rafalovich, Adam

2006-01-01

Breaching experiments involve the conscious exhibition of "unexpected" behavior, an observation of the types of social reactions such behavioral violations engender, and an analysis of the social structure that makes these social reactions possible. The conscious violation of norms can be highly fruitful for sociology students, providing insights…

A Quantitative Analysis of the Relationship between Computer Self-Efficacy and Misuse Intention

ERIC Educational Resources Information Center

Desire, Jean Ronald

2017-01-01

Intention to misuse information systems (IS) is a growing problem where employees of organizations are contributors to successful IS security breaches. Misuse of IS resources in organizations in the healthcare and pharmaceutical industries can affect patient care. Researchers investigated factors that influence changes in behavior regarding…

Establishing breach of the duty of care in the tort of negligence.

PubMed

Tingle, John

This article, the third in a series on clinical negligence, looks at the law surrounding breach of the duty of care in negligence. It shows some of the principles that judges and lawyers use in order to decide whether a person has broken his/her duty of care in the tort of negligence. It will be seen that the principles are contained in decided court cases, some of which are quite old but are still relevant today. The focus of this article is on the rule that courts, in deciding the issue of a breach of duty of care, would judge the defendant's conduct by the standard of what the hypothetical, 'reasonable person' would have done in the circumstances of the case.

Routes for breaching and protecting genetic privacy.

PubMed

Erlich, Yaniv; Narayanan, Arvind

2014-06-01

We are entering an era of ubiquitous genetic information for research, clinical care and personal curiosity. Sharing these data sets is vital for progress in biomedical research. However, a growing concern is the ability to protect the genetic privacy of the data originators. Here, we present an overview of genetic privacy breaching strategies. We outline the principles of each technique, indicate the underlying assumptions, and assess their technological complexity and maturation. We then review potential mitigation methods for privacy-preserving dissemination of sensitive data and highlight different cases that are relevant to genetic applications.

Security and Correctness Analysis on Privacy-Preserving k-Means Clustering Schemes

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

Security Verification of Secure MANET Routing Protocols

DTIC Science & Technology

2012-03-22

SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Matthew F. Steele, Captain, USAF AFIT/GCS/ ENG /12-03 DEPARTMENT OF THE AIR FORCE AIR...States AFIT/GCS/ ENG /12-03 SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Presented to the Faculty Department of Electrical and Computer...DISTRIBUTION UNLIMITED AFIT/GCS/ ENG /12-03 SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS Matthew F. Steele, B.S.E.E. Captain, USAF

Followup to Columbia Investigation: Reinforced Carbon/Carbon From the Breach Location in the Wing Leading Edge Studied

NASA Technical Reports Server (NTRS)

Jacobson, Nathan S.; Opila, Elizabeth J.; Tallant, David

2005-01-01

Initial estimates on the temperature and conditions of the breach in the Space Shuttle Columbia's wing focused on analyses of the slag deposits. These deposits are complex mixtures of the reinforced carbon/carbon (RCC) constituents, insulation material, and wing structural materials. Identification of melted/solidified Cerachrome insulation (Thermal Ceramics, Inc., Augusta, GA) indicated that the temperatures at the breach had exceeded 1760 C.

Macintosh Computer Classroom and Laboratory Security: Preventing Unwanted Changes to the System.

ERIC Educational Resources Information Center

Senn, Gary J.; Smyth, Thomas J. C.

Because of the graphical interface and "openness" of the operating system, Macintosh computers are susceptible to undesirable changes by the user. This presentation discusses the advantages and disadvantages of software packages that offer protection for the Macintosh system. The two basic forms of software security packages include a…

Practical Computer Security through Cryptography

NASA Technical Reports Server (NTRS)

McNab, David; Twetev, David (Technical Monitor)

1998-01-01

The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

"Glitch Logic" and Applications to Computing and Information Security

NASA Technical Reports Server (NTRS)

Stoica, Adrian; Katkoori, Srinivas

2009-01-01

This paper introduces a new method of information processing in digital systems, and discusses its potential benefits to computing and information security. The new method exploits glitches caused by delays in logic circuits for carrying and processing information. Glitch processing is hidden to conventional logic analyses and undetectable by traditional reverse engineering techniques. It enables the creation of new logic design methods that allow for an additional controllable "glitch logic" processing layer embedded into a conventional synchronous digital circuits as a hidden/covert information flow channel. The combination of synchronous logic with specific glitch logic design acting as an additional computing channel reduces the number of equivalent logic designs resulting from synthesis, thus implicitly reducing the possibility of modification and/or tampering with the design. The hidden information channel produced by the glitch logic can be used: 1) for covert computing/communication, 2) to prevent reverse engineering, tampering, and alteration of design, and 3) to act as a channel for information infiltration/exfiltration and propagation of viruses/spyware/Trojan horses.

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

DISCHARGE AND DEPTH BEHIND A PARTIALLY BREACHED DAM.

USGS Publications Warehouse

Chen, Cheng-lung

1987-01-01

The role that the velocity-distribution correction factor plays in the determination of the flood discharge and corresponding flow depth behind a partially breached dam is investigated. Assumption of a uniformly progressive flow for an established dam-break flood in a rectangular channel of infinite extent leads to the formulation of a theoretical relation between the depth and velocity of flow expressed in differential form. Integrating this ordinary differential equation, one can express the velocity in terms of the depth.

78 FR 38949 - Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... information as part of the research needed to write a NIST Special Publication (SP) to help Computer Security.... The NIST SP will identify technical standards, methodologies, procedures, and processes that facilitate prompt and effective response. This RFI requests information regarding technical best practices...

Routes for breaching and protecting genetic privacy

PubMed Central

Erlich, Yaniv; Narayanan, Arvind

2014-01-01

We are entering an era of ubiquitous genetic information for research, clinical care and personal curiosity. Sharing these datasets is vital for progress in biomedical research. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we present an overview of genetic privacy breaching strategies. We outline the principles of each technique, point to the underlying assumptions, and assess its technological complexity and maturation. We then review potential mitigation methods for privacy-preserving dissemination of sensitive data and highlight different cases that are relevant to genetic applications. PMID:24805122

Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers.

PubMed

Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

2014-01-01

This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents' concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). This study underscores the need for enhanced measures to secure patients' PHI to avoid undermining their trust.

A Practical Evaluation of a High-Security Energy-Efficient Gateway for IoT Fog Computing Applications

PubMed Central

Castedo, Luis

2017-01-01

Fog computing extends cloud computing to the edge of a network enabling new Internet of Things (IoT) applications and services, which may involve critical data that require privacy and security. In an IoT fog computing system, three elements can be distinguished: IoT nodes that collect data, the cloud, and interconnected IoT gateways that exchange messages with the IoT nodes and with the cloud. This article focuses on securing IoT gateways, which are assumed to be constrained in terms of computational resources, but that are able to offload some processing from the cloud and to reduce the latency in the responses to the IoT nodes. However, it is usually taken for granted that IoT gateways have direct access to the electrical grid, which is not always the case: in mission-critical applications like natural disaster relief or environmental monitoring, it is common to deploy IoT nodes and gateways in large areas where electricity comes from solar or wind energy that charge the batteries that power every device. In this article, how to secure IoT gateway communications while minimizing power consumption is analyzed. The throughput and power consumption of Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC) are considered, since they are really popular, but have not been thoroughly analyzed when applied to IoT scenarios. Moreover, the most widespread Transport Layer Security (TLS) cipher suites use RSA as the main public key-exchange algorithm, but the key sizes needed are not practical for most IoT devices and cannot be scaled to high security levels. In contrast, ECC represents a much lighter and scalable alternative. Thus, RSA and ECC are compared for equivalent security levels, and power consumption and data throughput are measured using a testbed of IoT gateways. The measurements obtained indicate that, in the specific fog computing scenario proposed, ECC is clearly a much better alternative than RSA, obtaining energy consumption reductions of up

A Practical Evaluation of a High-Security Energy-Efficient Gateway for IoT Fog Computing Applications.

PubMed

Suárez-Albela, Manuel; Fernández-Caramés, Tiago M; Fraga-Lamas, Paula; Castedo, Luis

2017-08-29

Fog computing extends cloud computing to the edge of a network enabling new Internet of Things (IoT) applications and services, which may involve critical data that require privacy and security. In an IoT fog computing system, three elements can be distinguished: IoT nodes that collect data, the cloud, and interconnected IoT gateways that exchange messages with the IoT nodes and with the cloud. This article focuses on securing IoT gateways, which are assumed to be constrained in terms of computational resources, but that are able to offload some processing from the cloud and to reduce the latency in the responses to the IoT nodes. However, it is usually taken for granted that IoT gateways have direct access to the electrical grid, which is not always the case: in mission-critical applications like natural disaster relief or environmental monitoring, it is common to deploy IoT nodes and gateways in large areas where electricity comes from solar or wind energy that charge the batteries that power every device. In this article, how to secure IoT gateway communications while minimizing power consumption is analyzed. The throughput and power consumption of Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) are considered, since they are really popular, but have not been thoroughly analyzed when applied to IoT scenarios. Moreover, the most widespread Transport Layer Security (TLS) cipher suites use RSA as the main public key-exchange algorithm, but the key sizes needed are not practical for most IoT devices and cannot be scaled to high security levels. In contrast, ECC represents a much lighter and scalable alternative. Thus, RSA and ECC are compared for equivalent security levels, and power consumption and data throughput are measured using a testbed of IoT gateways. The measurements obtained indicate that, in the specific fog computing scenario proposed, ECC is clearly a much better alternative than RSA, obtaining energy consumption reductions of up to

Breaching confidentiality to protect the public: evolving standards of medical confidentiality for military detainees.

PubMed

Wynia, Matthew K

2007-08-01

Confidentiality is a core value in medicine and public health yet, like other core values, it is not absolute. Medical ethics has typically allowed for breaches of confidentiality when there is a credible threat of significant harm to an identifiable third party. Medical ethics has been less explicit in spelling out criteria for allowing breaches of confidentiality to protect populations, instead tending to defer these decisions to the law. But recently, issues in military detention settings have raised the profile of decisions to breach medical confidentiality in efforts to protect the broader population. National and international ethics documents say little about the confidentiality of detainee medical records. But initial decisions to use detainee medical records to help craft coercive interrogations led to widespread condemnation, and might have contributed to detainee health problems, such as a large number of suicide attempts several of which have been successful. More recent military guidance seems to reflect lessons learned from these problems and does more to protect detainee records. For the public health system, this experience is a reminder of the importance of confidentiality in creating trustworthy, and effective, means to protect the public's health.

Implications of Transaction Costs for Acquisition Program Cost Breaches

DTIC Science & Technology

2013-06-01

scope of the work, communicating the basis on which the estimate is built, identifying the quality of the data, determining the level of risk, and...projects such as bases, schools, missile storage facilities, maintenance facilities, medical/ dental clinics, libraries, and military family housing...was established as a threshold for measuring cost growth. This prevents a program from rebaselining to avoid a Nunn- McCurdy cost threshold breach. In

Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate Cyberespionage

DTIC Science & Technology

2012-06-01

keys: Data Breach at the Pentagon’s Largest Supplier,” ITNEWS (30 May 2011). 116 Christopher Drew and John Markoff, “ Data Breach at Security Firm...117 Drew and Markoff, “ Data Breach at Security Firm Linked to Attack on Lockheed Martin.” 118 Hjortdal, “China’s Use of Cyber...John Markoff. “ Data Breach at Security Firm Linked to Attack on Lockheed Martin.” The New York Times, 27 May 2011. http://www.nytimes.com/2011/05/28

When employees strike back: investigating mediating mechanisms between psychological contract breach and workplace deviance.

PubMed

Bordia, Prashant; Restubog, Simon Lloyd D; Tang, Robert L

2008-09-01

In this article, psychological contract breach, revenge, and workplace deviance are brought together to identify the cognitive, affective, and motivational underpinnings of workplace deviance. On the basis of S. L. Robinson and R. J. Bennett's (1997) model of workplace deviance, the authors proposed that breach (a cognitive appraisal) and violation (an affective response) initiate revenge seeking. Motivated by revenge, employees then engage in workplace deviance. Three studies tested these ideas. All of the studies supported the hypothesized relationships. In addition, self-control was found to be a moderator of the relationship between revenge cognitions and deviant acts; the relationship was weaker for people high in self-control.

Social comparison and perceived breach of psychological contract: their effects on burnout in a multigroup analysis.

PubMed

Cantisano, Gabriela Topa; Domínguez, J Francisco Morales; García, J Luis Caeiro

2007-05-01

This study focuses on the mediator role of social comparison in the relationship between perceived breach of psychological contract and burnout. A previous model showing the hypothesized effects of perceived breach on burnout, both direct and mediated, is proposed. The final model reached an optimal fit to the data and was confirmed through multigroup analysis using a sample of Spanish teachers (N = 401) belonging to preprimary, primary, and secondary schools. Multigroup analyses showed that the model fit all groups adequately.

Advanced Computational Methods for Security Constrained Financial Transmission Rights: Structure and Parallelism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Elbert, Stephen T.; Kalsi, Karanjit; Vlachopoulou, Maria

Financial Transmission Rights (FTRs) help power market participants reduce price risks associated with transmission congestion. FTRs are issued based on a process of solving a constrained optimization problem with the objective to maximize the FTR social welfare under power flow security constraints. Security constraints for different FTR categories (monthly, seasonal or annual) are usually coupled and the number of constraints increases exponentially with the number of categories. Commercial software for FTR calculation can only provide limited categories of FTRs due to the inherent computational challenges mentioned above. In this paper, a novel non-linear dynamical system (NDS) approach is proposed tomore » solve the optimization problem. The new formulation and performance of the NDS solver is benchmarked against widely used linear programming (LP) solvers like CPLEX™ and tested on large-scale systems using data from the Western Electricity Coordinating Council (WECC). The NDS is demonstrated to outperform the widely used CPLEX algorithms while exhibiting superior scalability. Furthermore, the NDS based solver can be easily parallelized which results in significant computational improvement.« less

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Coaches in the Courtroom: Recovery in Actions for Breach of Employment Contracts.

ERIC Educational Resources Information Center

Graves, Judson

1986-01-01

The rapid hiring and firing of college athletic coaches, the litigation brought in breach of employment contracts, and the special problems presented by coaching contracts have raised hard legal questions about proper methods of contract enforcement and recovery of damages. (MSE)

First HIV legal precedent in Kyrgyzstan: breach of medical privacy.

PubMed

Iriskulbekov, Erik; Balybaeva, Asylgul

2007-12-01

A recent court case of a breach of the privacy rights of a person living with HIV/AIDS in Kyrgyzstan is the first of its kind in Central Asia, write Erik Iriskulbekov and Asylgul Balybaeva. ADILET, the NGO that brought the case to court, is one of only a few NGOs in Central Asia that provide legal assistance related to HIV and AIDS.

Single-electron random-number generator (RNG) for highly secure ubiquitous computing applications

NASA Astrophysics Data System (ADS)

Uchida, Ken; Tanamoto, Tetsufumi; Fujita, Shinobu

2007-11-01

Since the security of all modern cryptographic techniques relies on unpredictable and irreproducible digital keys generated by random-number generators (RNGs), the realization of high-quality RNG is essential for secure communications. In this report, a new RNG, which utilizes single-electron phenomena, is proposed. A room-temperature operating silicon single-electron transistor (SET) having nearby an electron pocket is used as a high-quality, ultra-small RNG. In the proposed RNG, stochastic single-electron capture/emission processes to/from the electron pocket are detected with high sensitivity by the SET, and result in giant random telegraphic signals (GRTS) on the SET current. It is experimentally demonstrated that the single-electron RNG generates extremely high-quality random digital sequences at room temperature, in spite of its simple configuration. Because of its small-size and low-power properties, the single-electron RNG is promising as a key nanoelectronic device for future ubiquitous computing systems with highly secure mobile communication capabilities.

Relationship between Trustworthiness, Transparency, and Security in Cloud Computing Environments: A Regression Analysis

ERIC Educational Resources Information Center

Ibrahim, Sara

2017-01-01

The insider security threat causes new and dangerous dimensions in cloud computing. Those internal threats are originated from contractors or the business partners' input that have access to the systems. A study of trustworthiness and transparency might assist the organizations to monitor employees' activity more cautiously on cloud technologies…

Security Approaches in Using Tablet Computers for Primary Data Collection in Clinical Research

PubMed Central

Wilcox, Adam B.; Gallagher, Kathleen; Bakken, Suzanne

2013-01-01

Next-generation tablets (iPads and Android tablets) may potentially improve the collection and management of clinical research data. The widespread adoption of tablets, coupled with decreased software and hardware costs, has led to increased consideration of tablets for primary research data collection. When using tablets for the Washington Heights/Inwood Infrastructure for Comparative Effectiveness Research (WICER) project, we found that the devices give rise to inherent security issues associated with the potential use of cloud-based data storage approaches. This paper identifies and describes major security considerations for primary data collection with tablets; proposes a set of architectural strategies for implementing data collection forms with tablet computers; and discusses the security, cost, and workflow of each strategy. The paper briefly reviews the strategies with respect to their implementation for three primary data collection activities for the WICER project. PMID:25848559

Security approaches in using tablet computers for primary data collection in clinical research.

PubMed

Wilcox, Adam B; Gallagher, Kathleen; Bakken, Suzanne

2013-01-01

Next-generation tablets (iPads and Android tablets) may potentially improve the collection and management of clinical research data. The widespread adoption of tablets, coupled with decreased software and hardware costs, has led to increased consideration of tablets for primary research data collection. When using tablets for the Washington Heights/Inwood Infrastructure for Comparative Effectiveness Research (WICER) project, we found that the devices give rise to inherent security issues associated with the potential use of cloud-based data storage approaches. This paper identifies and describes major security considerations for primary data collection with tablets; proposes a set of architectural strategies for implementing data collection forms with tablet computers; and discusses the security, cost, and workflow of each strategy. The paper briefly reviews the strategies with respect to their implementation for three primary data collection activities for the WICER project.

Framework for Deploying a Virtualized Computing Environment for Collaborative and Secure Data Analytics

PubMed Central

Meyer, Adrian; Green, Laura; Faulk, Ciearro; Galla, Stephen; Meyer, Anne-Marie

2016-01-01

Introduction: Large amounts of health data generated by a wide range of health care applications across a variety of systems have the potential to offer valuable insight into populations and health care systems, but robust and secure computing and analytic systems are required to leverage this information. Framework: We discuss our experiences deploying a Secure Data Analysis Platform (SeDAP), and provide a framework to plan, build and deploy a virtual desktop infrastructure (VDI) to enable innovation, collaboration and operate within academic funding structures. It outlines 6 core components: Security, Ease of Access, Performance, Cost, Tools, and Training. Conclusion: A platform like SeDAP is not simply successful through technical excellence and performance. It’s adoption is dependent on a collaborative environment where researchers and users plan and evaluate the requirements of all aspects. PMID:27683665

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

NASA Technical Reports Server (NTRS)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

The nursing shortage: breach of ideology as an unexplored cause.

PubMed

Censullo, Joan L

2008-01-01

The worldwide nursing shortage is unprecedented. Studies show increasing demand for nursing services coupled with a finite nursing supply. Many theories have been developed to explain the nursing shortage, to no avail. One unexplored theory is the psychological contract, which explores the impact of unwritten yet real expectations on work relationships. Understanding breach of the psychological contract is essential to resolution of the ongoing nursing shortage.

Privacy and Security in Mobile Health (mHealth) Research.

PubMed

Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

2014-01-01

Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

Privacy and Security in Mobile Health (mHealth) Research

PubMed Central

Arora, Shifali; Yttri, Jennifer; Nilsen, Wendy

2014-01-01

Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions—some in real time—while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

25 CFR 224.88 - What must the Director do after receiving notice of a violation or breach from the tribe?

Code of Federal Regulations, 2010 CFR

2010-04-01

... receiving notice of a violation or breach from the tribe, the Director will: (a) Review the notice and... review of relevant records, including transactions and reports. (b) If the Director determines, after the investigation, that a violation or breach is not causing or will not cause imminent jeopardy to a physical trust...

The Relationship between Psychological Contract Breach and Organizational Commitment: Exchange Imbalance as a Moderator of the Mediating Role of Violation

ERIC Educational Resources Information Center

Cassar, Vincent; Briner, Rob B.

2011-01-01

This study tested the mediating role of violation in the relationship between breach and both affective and continuance commitment and the extent to which this mediating role is moderated by exchange imbalance amongst a sample of 103 sales personnel. Results suggest that violation mediated the relationship between breach and commitment. Also,…

Cloud computing security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Shin, Dongwan; Claycomb, William R.; Urias, Vincent E.

Cloud computing is a paradigm rapidly being embraced by government and industry as a solution for cost-savings, scalability, and collaboration. While a multitude of applications and services are available commercially for cloud-based solutions, research in this area has yet to fully embrace the full spectrum of potential challenges facing cloud computing. This tutorial aims to provide researchers with a fundamental understanding of cloud computing, with the goals of identifying a broad range of potential research topics, and inspiring a new surge in research to address current issues. We will also discuss real implementations of research-oriented cloud computing systems for bothmore » academia and government, including configuration options, hardware issues, challenges, and solutions.« less

76 FR 64813 - Electronic Prescriptions for Controlled Substances Clarification

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-19

... employees' laptop computers and employee's mobile devices.\\9\\ Numerous recent news articles describe...,'' Office of Applied Studies, 2010 (NSDUH Series H-38A, HHS Publication No. SMA 10-4856), http://www.oas..., ``2009 Parents and Teens Attitude Tracking Study Report'' March 2, 2010. Increased Security Breaches...