Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

ERIC Educational Resources Information Center

Szuba, Tom

This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

Security. Review Software for Advanced CHOICE. CHOICE (Challenging Options in Career Education).

ERIC Educational Resources Information Center

Pitts, Ilse M.; And Others

CHOICE Security is an Apple computer game activity designed to help secondary migrant students memorize their social security numbers and reinforce job and role information presented in "Career Notes, First Applications." The learner may choose from four time options and whether to have the social security number visible on the screen or…

Overreaction to External Attacks on Computer Systems Could Be More Harmful than the Viruses Themselves.

ERIC Educational Resources Information Center

King, Kenneth M.

1988-01-01

Discussion of the recent computer virus attacks on computers with vulnerable operating systems focuses on the values of educational computer networks. The need for computer security procedures is emphasized, and the ethical use of computer hardware and software is discussed. (LRW)

Association of Small Computer Users in Education (ASCUE) Summer Conference Proceedings (29th, North Myrtle Beach, South Carolina, June 9-13, 1996).

ERIC Educational Resources Information Center

Smith, Peter, Ed.

Papers from a conference on small college computing issues are: "Ethics, Privacy, and Security in Higher Education Technology" (John A. Anderson); "Multimedia in the Classroom: Recollections After Two Years" (Stephen T. Anderson Sr.); "Creating a Computer Competency Requirement for Mary Washington College Students" (David J. Ayersman, Ernest C.…

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

How Secure Is Education in Information Technology? A Method for Evaluating Security Education in IT

ERIC Educational Resources Information Center

Grover, Mark; Reinicke, Bryan; Cummings, Jeff

2016-01-01

As the popularity of Information Technology programs has expanded at many universities, there are a number of questions to be answered from a curriculum standpoint. As many of these programs are either interdisciplinary, or at least exist outside of the usual Computer Science and Information Systems programs, questions of what is appropriate for…

Workshop on Education in Computer Security (WECS6) (6th): Avoiding Fear, Uncertainty and Doubt Through Effective Security Education, Held in Monterey, California on 12-16 July 2004

DTIC Science & Technology

2004-07-01

Melissa ) is created in the controlled environment and propagated. The students learn how viruses are written, how they are propagated via mediums like...vulnerabilities and threats, establishing disaster response and recovery procedures. Joseph Giordano , Technical Advisor, Information Warfare Branch, AFRL 60 The

Qualitative Case Study Exploring Operational Barriers Impeding Small and Private, Nonprofit Higher Education Institutions from Implementing Information Security Controls

ERIC Educational Resources Information Center

Liesen, Joseph J.

2017-01-01

The higher education industry uses the very latest technologies to effectively prepare students for their careers, but these technologies often contain vulnerabilities that can be exploited via their connection to the Internet. The complex task of securing information and computing systems is made more difficult at institutions of higher education…

A Human Endeavor: Lessons from Shakespeare and Beyond

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bishop, Matt; Frincke, Deb A.

This article discusses human-oriented educational activities that support the study of computer security. It poses the point that technology is perhaps the least important aspect of security solutions, and that because of this, the fields of psychology, literature, business, and political science have significant value for any serious student of the science of security.

The Case for Inclusion of Competitive Teams in Security Education

ERIC Educational Resources Information Center

Serapiglia, Anthony

2016-01-01

Through industry news as well as contemporary reporting, the topic of computer security has become omnipresent in our daily lives. Whether the news is about corporate data breaches, international cyber espionage, or personal data compromises and identity theft--EVERYONE has had to deal with digital security in some way. Because of this, one of the…

PLAYGROUND: Preparing Students for the Cyber Battleground

ERIC Educational Resources Information Center

Nielson, Seth James

2017-01-01

Attempting to educate practitioners of computer security can be difficult if for no other reason than the breadth of knowledge required today. The security profession includes widely diverse subfields including cryptography, network architectures, programming, programming languages, design, coding practices, software testing, pattern recognition,…

37 CFR 201.40 - Exemption to prohibition against circumvention.

Code of Federal Regulations, 2010 CFR

2010-07-01

... that compromise the security of personal computers, when circumvention is accomplished solely for the... works for educational use in the classroom by media studies or film professors. (2) Computer programs...) Computer programs protected by dongles that prevent access due to malfunction or damage and which are...

Making grandma's data secure: a security architecture for home telemedicine.

PubMed Central

Starren, J.; Sengupta, S.; Hripcsak, G.; Ring, G.; Klerer, R.; Shea, S.

2001-01-01

Home telemedicine presents special challenges for data security and privacy. Experience in the Informatics for Diabetes Education And Telemedicine (IDEATel) project has demonstrated that data security is not a one-size-fits-all problem. The IDEATel users include elderly patients in their homes, nurse case managers, physicians, and researchers. The project supports multiple computer systems that require a variety of user interactions, including: data entry, data review, patient education, videoconferencing, and electronic monitoring. To meet these various needs, a number of different of security solutions were utilized, including: UserID/Password, PKI certificates, time-based tokens, IP filtering, VPNs, symmetric and asymmetric encryption schemes, firewalls and dedicated connections. These were combined in different ways to meet the needs of each user groups. PMID:11825267

The Sociocultural Factors That Influenced the Success of Non-Traditional, Latina, Pre-Service Teachers in a Required Online Instructional Media and Technology Course

ERIC Educational Resources Information Center

Hernandez Reyes, Christine M.

2013-01-01

Home computer ownership and Internet access have become essential to education, job security and economic opportunity. The digital divide, the gap between those who can afford and can use computer technologies remains greatest for ethnic/racial groups placing them at a disadvantage for economic and educational opportunities. The purpose of the…

78 FR 52224 - Self-Regulatory Organizations; BOX Options Exchange LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-22

... Trader Continuing Education Program (S501) is a computer-based education program developed by many of the... Continuing Education Program, which is developed and maintained by the Securities Industry Regulatory Council... change will authorize the Exchange to administer different CE programs to differently registered...

Network and computing infrastructure for scientific applications in Georgia

NASA Astrophysics Data System (ADS)

Kvatadze, R.; Modebadze, Z.

2016-09-01

Status of network and computing infrastructure and available services for research and education community of Georgia are presented. Research and Educational Networking Association - GRENA provides the following network services: Internet connectivity, network services, cyber security, technical support, etc. Computing resources used by the research teams are located at GRENA and at major state universities. GE-01-GRENA site is included in European Grid infrastructure. Paper also contains information about programs of Learning Center and research and development projects in which GRENA is participating.

Poised for the Millennium.

ERIC Educational Resources Information Center

Agron, Joe, Ed.

1999-01-01

Presents advice from five school administrators on how schools are meeting facility and business challenges in the new millennium. Issues discussed concern power needs, the Y2K computer problem, the explosion of new educational technology, school security, educational finance, and building deterioration. (GR)

Cybersecurity Education: Bridging the Gap between Hardware and Software Domains

ERIC Educational Resources Information Center

Lukowiak, Marcin; Radziszowski, Stanislaw; Vallino, James; Wood, Christopher

2014-01-01

With the continuous growth of cyberinfrastructure throughout modern society, the need for secure computing and communication is more important than ever before. As a result, there is also an increasing need for entry-level developers who are capable of designing and building practical solutions for systems with stringent security requirements.…

A New Look at Security Education: YouTube as YouTool

ERIC Educational Resources Information Center

Werner, Laurie A.; Frank, Charles E.

2010-01-01

Teaching a computer security course which includes network administration and protection software is especially challenging because textbook tools are out of date by the time the text is published. In an effort to use lab activities that work effectively, we turned to the internet. This paper describes several resources for teaching computer…

Java: A New Brew for Educators, Administrators and Students.

ERIC Educational Resources Information Center

Gordon, Barbara

1996-01-01

Java is an object-oriented programming language developed by Sun Microsystems; its benefits include platform independence, security, and interactivity. Within the college community, Java is being used in programming courses, collaborative technology research projects, computer graphics instruction, and distance education. (AEF)

Conception of a course for professional training and education in the field of computer and mobile forensics, part III: network forensics and penetration testing

NASA Astrophysics Data System (ADS)

Kröger, Knut; Creutzburg, Reiner

2014-02-01

IT security and computer forensics are important components in the information technology. From year to year, incidents and crimes increase that target IT systems or were done with their help. More and more companies and authorities have security problems in their own IT infrastructure. To respond to these incidents professionally, it is important to have well trained staff. The fact that many agencies and companies work with very sensitive data make it necessary to further train the own employees in the field of network forensics and penetration testing. Motivated by these facts, this paper - a continuation of a paper of January 2012 [1], which showed the conception of a course for professional training and education in the field of computer and mobile forensics - addresses the practical implementation important relationships of network forensic and penetration testing.

Virtualization Technologies in Information Systems Education

ERIC Educational Resources Information Center

Lunsford, Dale L.

2009-01-01

Information systems educators must balance the need to protect the stability, availability, and security of computer laboratories with the learning objectives of various courses. In advanced courses where students need to install, configure, and otherwise manipulate application and operating system settings, this is especially problematic as these…

76 FR 34965 - Cybersecurity, Innovation, and the Internet Economy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-15

... disrupt computing systems. These threats are exacerbated by the interconnected and interdependent architecture of today's computing environment. Theoretically, security deficiencies in one area may provide... does the move to cloud-based services have on education and research efforts in the I3S? 45. What is...

Legal issues of the electronic dental record: security and confidentiality.

PubMed

Szekely, D G; Milam, S; Khademi, J A

1996-01-01

Computer-based, electronic dental record keeping involves complex issues of patient privacy and the dental practitioner's ethical duty of confidentiality. Federal and state law is responding to the new legal issues presented by computer technology. Authenticating the electronic record in terms of ensuring its reliability and accuracy is essential in order to protect its admissibility as evidence in legal actions. Security systems must be carefully planned to limit access and provide for back-up and storage of dental records. Carefully planned security systems protect the patient from disclosure without the patient's consent and also protect the practitioner from the liability that would arise from such disclosure. Human errors account for the majority of data security problems. Personnel security is assured through pre-employment screening, employment contracts, policies, and staff education. Contracts for health information systems should include provisions for indemnification and ensure the confidentiality of the system by the vendor.

The Need to Address Mobile Device Security in the Higher Education IT Curriculum

ERIC Educational Resources Information Center

Patten, Karen P.; Harris, Mark A.

2013-01-01

Mobile devices, including smartphones and tablets, enable users to access corporate data from anywhere. In 2013, people will purchase 1.2 billion mobile devices, surpassing personal computers as the most common method for accessing the Internet. However, security of these mobile devices is a major concern for organizations. The two leading…

Outsourcing in Higher Education. ERIC Digest.

ERIC Educational Resources Information Center

Wood, Patricia A.

Higher education has increasingly turned to outsourcing to improve service in the face of declining resources. Outsourcing has traditionally been used to operate campus bookstores and dining services and has more recently become a legitimate option for additional campus functions, such as facilities operation, computer services, security, child…

The Internet: friend or foe when providing patient education?

PubMed

Anderson, Amy Shelton; Klemm, Paula

2008-02-01

The Internet has changed how patients with cancer learn about and cope with their disease. Newly diagnosed patients with cancer often have complex educational and informational needs related to diagnosis and treatment. Nurses frequently encounter time and work-related constraints that can interfere with the provision of patient education. They are challenged to educate patients in an environment of rapidly expanding and innovative computer technology. Barriers that hinder nurses in integrating educational Internet resources into patient care include lack of training, time constraints, and inadequate administrative support. Advantages of Internet use for patient education and support include wide-ranging and current information, a variety of teaching formats, patient empowerment, new communication options, and support 24 hours a day, seven days a week. Pitfalls associated with Internet use for patients with cancer include inaccurate information, lack of access, poor quality of online resources, and security and privacy issues. Nurses routinely use computer technology in the workplace and follow rigorous security and privacy standards to protect patient information. Those skills can provide the foundation for the use of online sources for patient teaching. Nurses play an important role in helping patients evaluate the veracity of online information and introducing them to reliable Internet resources.

Selecting, Evaluating and Creating Policies for Computer-Based Resources in the Behavioral Sciences and Education.

ERIC Educational Resources Information Center

Richardson, Linda B., Comp.; And Others

This collection includes four handouts: (1) "Selection Critria Considerations for Computer-Based Resources" (Linda B. Richardson); (2) "Software Collection Policies in Academic Libraries" (a 24-item bibliography, Jane W. Johnson); (3) "Circulation and Security of Software" (a 19-item bibliography, Sara Elizabeth Williams); and (4) "Bibliography of…

Impact of Collaborative Work on Technology Acceptance: A Case Study from Virtual Computing

ERIC Educational Resources Information Center

Konak, Abdullah; Kulturel-Konak, Sadan; Nasereddin, Mahdi; Bartolacci, Michael R.

2017-01-01

Aim/Purpose: This paper utilizes the Technology Acceptance Model (TAM) to examine the extent to which acceptance of Remote Virtual Computer Laboratories (RVCLs) is affected by students' technological backgrounds and the role of collaborative work. Background: RVCLs are widely used in information technology and cyber security education to provide…

Implications of the Third Industrial Revolution on the Elements of National Power and Their Impact on National Security Strategy

DTIC Science & Technology

1992-03-16

34A Hidden U.S. Export: Higher Education ." The WashinQton Post, 16 February 1992, H1 and H4. Brandin , David H., and Michael A. Harrison. The...frequent significant technological change now occurs within the individual person’s working lifespan, life-long education is a necessity to remain...INDUSTRIAL REVOLUTION The phenomenal increase in speed and in raw power of computer processors, the shrinking size and cost of basic computing systems, the

Use of a secure Internet Web site for collaborative medical research.

PubMed

Marshall, W W; Haley, R W

2000-10-11

Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849.

Server-Based and Server-Less Byod Solutions to Support Electronic Learning

DTIC Science & Technology

2016-06-01

Knowledge Online NSD National Security Directive OS operating system OWA Outlook Web Access PC personal computer PED personal electronic device PDA...mobile devices, institute mobile device policies and standards, and promote the development and use of DOD mobile and web -enabled applications” (DOD...with an isolated BYOD web server, properly educated system administrators must carry out and execute the necessary, pre-defined network security

Computer-based testing: initial report of extensive use in a medical school curriculum.

PubMed

Peterson, Michael W; Gordon, Joel; Elliott, Scott; Kreiter, Clarence

2004-01-01

Computer-based digital technology offers many opportunities in medical education. One type of digital technology, computer-based testing (CBT), has potentially wide application in undergraduate, graduate, and continuing medical education. This articles describes the development of CBT in an undergraduate medical curriculum. An early step in evaluating CBT is to be sure that the exam format is measuring the examinees' knowledge and not their comfort level or confidence with the technology. It is, therefore, important that the CBT reproduce or accommodate traditional test-taking behavior. CBT also provides for a number of enhancements not easily achieved with traditional paper-and-pencil exams. These include easier control and editing of exam items, better incorporation of testing into the learning environment using specific feedback, and enhancing the questions by incorporating multimedia. CBT does present some unique challenges in testing security, and this article discusses the approach to the security issues. In addition, before initiating CBT into a medical curriculum, the institution must understand the technical and infrastructure requirements for CBT. By providing a 5-year experience with CBT in the medical curriculum, this article hopes to facilitate discussions among medical educators in its appropriate application and evaluation.

Design Possibilities for the e-Schoolbag: Addressing the 1:1 Challenge within China

ERIC Educational Resources Information Center

Gu, Xiaoqing; Xu, Xiaojuan; Wang, Huawen; Crook, Charles

2017-01-01

There is widespread enthusiasm for 1:1 computing in education. Recognizing that secure innovation of educational practice should be built upon contextual sensitivity, this article reported two case studies anticipating the potential development of 1:1 classes in the particular cultural context of China. The first case described how the new…

Taking the Network on the Road: Portable Network Solutions for Computer Security Educators

ERIC Educational Resources Information Center

Rosenberg, Timothy; Hoffman, Lance J.

2006-01-01

Educational institutions that wish to implement a specialized teaching laboratory often have a variety of obstacles to overcome. Some of these obstacles are related to adapting existing classroom infrastructure, building the laboratory, and meeting the demands for multiple-use classrooms to maximize the return on investment. In some cases, such as…

Seeking Balance in Cyber Education

DTIC Science & Technology

2015-02-01

properties that can be applied to computer systems, networks, and software. For example, in our Introduction to Cyber Security Course, given to...Below is the submittal schedule for the areas of emphasis we are looking for: Data Mining in Metrics? Jul/ JAug 2015 Issue Submission Deadline: Feb...Phone Arena. PhoneArena.com, 12 Nov. 2013. Web. 08 Aug. 2014. 8. Various. “SI110: Introduction to Cyber Security, Technical Foundations.” SI110

Acquisition of a High Performance Computing Instrument for Big Data Research and Education

DTIC Science & Technology

2015-12-03

Security and Privacy , University of Texas at Dallas, TX, September 16-17, 2014. • Chopade, P., Zhan, J., Community Detection in Large Scale Big Data...Security and Privacy in Communication Networks, Beijing, China, September 24-26, 2014. • Pravin Chopade, Kenneth Flurchick, Justin Zhan and Marwan...Balkirat Kaur, Malcolm Blow, and Justin Zhan, Digital Image Authentication in Social Media, The Sixth ASE International Conference on Privacy

77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-25

... pension payment data from its system of records (SOR) entitled the ``Compensation, Pension, Education, and... monthly. The actual match will take place approximately during the first week of every month. E. Inclusive...

The High-Tech Surge. Focus on Careers.

ERIC Educational Resources Information Center

Vo, Chuong-Dai Hong

1996-01-01

The computer industry is growing at a phenomenal rate as technology advances and prices fall, stimulating unprecedented demand from business, government, and individuals. Higher levels of education will be the key to securing employment as organizations increasingly rely on sophisticated technology. (Author)

An analysis of United States K-12 stem education versus STEM workforce at the dawn of the digital revolution

NASA Astrophysics Data System (ADS)

Cataldo, Franca

The world is at the dawn of a third industrial revolution, the digital revolution, that brings great changes the world over. Today, computing devices, the Internet, and the World Wide Web are vital technology tools that affect every aspect of everyday life and success. While computing technologies offer enormous benefits, there are equally enormous safety and security risks that have been growing exponentially since they became widely available to the public in 1994. Cybercriminals are increasingly implementing sophisticated and serious hack attacks and breaches upon our nation's government, financial institutions, organizations, communities, and private citizens. There is a great need for computer scientists to carry America's innovation and economic growth forward and for cybersecurity professionals to keep our nation safe from criminal hacking. In this digital age, computer science and cybersecurity are essential foundational ingredients of technological innovation, economic growth, and cybersecurity that span all industries. Yet, America's K-12 education institutions are not teaching the computer science and cybersecurity skills required to produce a technologically-savvy 21st century workforce. Education is the key to preparing students to enter the workforce and, therefore, American K-12 STEM education must be reformed to accommodate the teachings required in the digital age. Keywords: Cybersecurity Education, Cybersecurity Education Initiatives, Computer Science Education, Computer Science Education Initiatives, 21 st Century K-12 STEM Education Reform, 21st Century Digital Literacies, High-Tech Innovative Problem-Solving Skills, 21st Century Digital Workforce, Standardized Testing, Foreign Language and Culture Studies, Utica College, Professor Chris Riddell.

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

Breaking Free with Wireless Networks.

ERIC Educational Resources Information Center

Fleischman, John

2002-01-01

Discusses wireless local area networks (LANs) which typically consist of laptop computers that connect to fixed access points via infrared or radio signals. Topics include wide area networks; personal area networks; problems, including limitations of available bandwidth, interference, and security concerns; use in education; interoperability;…

77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-06

..., Education, and Vocational Rehabilitation and Employment Records-VA'' (58VA21/22/28), published at 74 FR.... Inclusive Dates of the Matching Program The effective date of this matching program is October 2, 2012...

Pricing the Services of the Computer Center at the Catholic University of Louvain. Program on Institutional Management in Higher Education.

ERIC Educational Resources Information Center

Hecquet, Ignace; And Others

Principles are outlined that are used as a basis for the system of pricing the services of the Computer Centre. The system illustrates the use of a management method to secure better utilization of university resources. Departments decide how to use the appropriations granted to them and establish a system of internal prices that reflect the cost…

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2011 CFR

2011-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2011-10-01 2011-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2014 CFR

2014-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2014-10-01 2014-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2012 CFR

2012-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2012-10-01 2012-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2013 CFR

2013-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2013-10-01 2013-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Information assurance...

National research and education network

NASA Technical Reports Server (NTRS)

Villasenor, Tony

1991-01-01

Some goals of this network are as follows: Extend U.S. technological leadership in high performance computing and computer communications; Provide wide dissemination and application of the technologies both to the speed and the pace of innovation and to serve the national economy, national security, education, and the global environment; and Spur gains in the U.S. productivity and industrial competitiveness by making high performance computing and networking technologies an integral part of the design and production process. Strategies for achieving these goals are as follows: Support solutions to important scientific and technical challenges through a vigorous R and D effort; Reduce the uncertainties to industry for R and D and use of this technology through increased cooperation between government, industry, and universities and by the continued use of government and government funded facilities as a prototype user for early commercial HPCC products; and Support underlying research, network, and computational infrastructures on which U.S. high performance computing technology is based.

Introducing Computer-Based Testing in High-Stakes Exams in Higher Education: Results of a Field Experiment.

PubMed

Boevé, Anja J; Meijer, Rob R; Albers, Casper J; Beetsma, Yta; Bosker, Roel J

2015-01-01

The introduction of computer-based testing in high-stakes examining in higher education is developing rather slowly due to institutional barriers (the need of extra facilities, ensuring test security) and teacher and student acceptance. From the existing literature it is unclear whether computer-based exams will result in similar results as paper-based exams and whether student acceptance can change as a result of administering computer-based exams. In this study, we compared results from a computer-based and paper-based exam in a sample of psychology students and found no differences in total scores across the two modes. Furthermore, we investigated student acceptance and change in acceptance of computer-based examining. After taking the computer-based exam, fifty percent of the students preferred paper-and-pencil exams over computer-based exams and about a quarter preferred a computer-based exam. We conclude that computer-based exam total scores are similar as paper-based exam scores, but that for the acceptance of high-stakes computer-based exams it is important that students practice and get familiar with this new mode of test administration.

PLAYGROUND: preparing students for the cyber battleground

NASA Astrophysics Data System (ADS)

Nielson, Seth James

2016-12-01

Attempting to educate practitioners of computer security can be difficult if for no other reason than the breadth of knowledge required today. The security profession includes widely diverse subfields including cryptography, network architectures, programming, programming languages, design, coding practices, software testing, pattern recognition, economic analysis, and even human psychology. While an individual may choose to specialize in one of these more narrow elements, there is a pressing need for practitioners that have a solid understanding of the unifying principles of the whole. We created the Playground network simulation tool and used it in the instruction of a network security course to graduate students. This tool was created for three specific purposes. First, it provides simulation sufficiently powerful to permit rigorous study of desired principles while simultaneously reducing or eliminating unnecessary and distracting complexities. Second, it permitted the students to rapidly prototype a suite of security protocols and mechanisms. Finally, with equal rapidity, the students were able to develop attacks against the protocols that they themselves had created. Based on our own observations and student reviews, we believe that these three features combine to create a powerful pedagogical tool that provides students with a significant amount of breadth and intense emotional connection to computer security in a single semester.

Touching the Future by Training Students as Technology Workers.

ERIC Educational Resources Information Center

Wodarz, Nan

1999-01-01

Describes a technology consultant's training of promising students as network administrators as part of a high-school work-study program. Success hinged on combining work with education, providing supervision and mentoring, using knowledgeable trainers, not substituting students for staff shortcomings, and installing adequate computer security.…

What Makes a Computer Lab: Use These Ideas to Design Your Own.

ERIC Educational Resources Information Center

Day, C. William; Herlihy, John J.

1989-01-01

Although educators have succeeded in informing the public about the transformative power of electronic and telecommunications tools, they have frequently overlooked physical features of spaces needed to house them. This article discusses workspace, arrangements, flooring, environment, electrical wiring, lighting, acoustics, and security features…

Conception of a course for professional training and education in the field of computer and mobile forensics

NASA Astrophysics Data System (ADS)

Kröger, Knut; Creutzburg, Reiner

2012-06-01

IT security and computer forensics are important components in the information technology. From year to year, incidents and crimes increase that target IT systems or was done with their help. More and more companies and authorities have security problems in their own IT infrastructure. To respond to these incidents professionally, it is important to have well trained staff. The fact that many agencies and companies work with very sensitive data makes it necessary to further train the own employees in the field of IT forensics. Motivated by these facts, a training concept, which allows the creation of practical exercises, is presented in this paper. The focus is on the practical implementation of forensic important relationships.

The security of patient identifiable information in doctors' homes.

PubMed

McLean, Iain; Anderson, C Mary

2004-08-01

Ethically and legally doctors bear a responsibility to ensure the security of patient identifiable information in their possession. Many doctors, especially those in forensic medicine, hold paper or computerised medical records at home. This survey was conducted to assess the level of security for these records and awareness of the issues. Fifty-six forensic physicians (30 male, 26 female) answered a questionnaire. Eighty-nine percent used a computer to write patient notes and reports, but only 26 of these were on the Data Protection Register, and only 24 password-protected their files. Few doctors took steps to protect data on old computers they had stopped using. Of those responding, 88% held paper records at home but only of these had lockable filing cabinets. Burglar alarms were fitted in 77% of homes, yet 36% of homes had been burgled. No participants had written instructions for disposal of records and reports after their death. Older participants were more likely to have been burgled, yet less likely to have antiviral software than their younger counterparts. Participants expressed the need for information, education and training in data security.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

The Awareness and Challenges of Cloud Computing Adoption on Tertiary Education in Malaysia

NASA Astrophysics Data System (ADS)

Hazreeni Hamzah, Nor; Mahmud, Maziah; Zukri, Shamsunarnie Mohamed; Yaacob, Wan Fairos Wan; Yacob, Jusoh

2017-09-01

This preliminary study aims to investigate the awareness of the adoption of cloud computing among the academicians in tertiary education in Malaysia. Besides, this study also want to explore the possible challenges faced by the academician while adopting this new technology. The pilot study was done on 40 lecturers in Universiti Teknologi MARA Kampus Kota Bharu (UiTMKB) by using self administered questionnaire. The results found that almost half (40 percent) were not aware on the existing of cloud computing in teaching and learning (T&L) process. The challenges confronting the adoption of cloud computing are data insecurity, data insecurity, unsolicited advertisement, lock-in, reluctance to eliminate staff positions, privacy concerns, reliability challenge, regulatory compliance concerns/user control and institutional culture/resistance to change in technology. This possible challenges can be factorized in two major factors which were security and dependency factor and user control and mentality factor.

Surviving OR computerization.

PubMed

Beach, Myra Jo; Sions, Jacqueline A

2011-02-01

In 2007, a steering committee at West Virginia University Hospitals, Morgantown, began a three-year, accelerated design, computer implementation project to institute an automated perioperative record. The process included budgeting, selecting a vendor, designing and building the system, educating perioperative staff members, implementing the system, and re-evaluating the system for upgrades. Important steps in designing and building the system included mapping patient care and documentation processes, assessing software and hardware needs, and creating a new preference card system and surgical scheduling system. Staff members were educated to use the new computer applications via contests, inservice programs, hands-on learning modules, and a preimplementation rehearsal. Role-based security ensures that staff members are granted access to the computer applications they need to perform the work defined by their scope of practice. Planning ensures that the computer system will be maintained and enhanced over time. Copyright © 2011 AORN, Inc. Published by Elsevier Inc. All rights reserved.

Columbia University's Informatics for Diabetes Education and Telemedicine (IDEATel) Project

PubMed Central

Starren, Justin; Hripcsak, George; Sengupta, Soumitra; Abbruscato, C.R.; Knudson, Paul E.; Weinstock, Ruth S.; Shea, Steven

2002-01-01

The Columbia University Informatics for Diabetes Education and Telemedicine IDEATel) project is a four-year demonstration project funded by the Centers for Medicare and Medicaid Services with the overall goal of evaluating the feasibility, acceptability, effectiveness, and cost-effectiveness of telemedicine. The focal point of the intervention is the home telemedicine unit (HTU), which provides four functions: synchronous videoconferencing over standard telephone lines, electronic transmission for fingerstick glucose and blood pressure readings, secure Web-based messaging and clinical data review, and access to Web-based educational materials. The HTU must be usable by elderly patients with no prior computer experience. Providing these functions through the HTU requires tight integration of six components: the HTU itself, case management software, a clinical information system, Web-based educational material, data security, and networking and telecommunications. These six components were integrated through a variety of interfaces, providing a system that works well for patients and providers. With more than 400 HTUs installed, IDEATel has demonstrated the feasibility of large-scale home telemedicine. PMID:11751801

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Introducing Computer-Based Testing in High-Stakes Exams in Higher Education: Results of a Field Experiment

PubMed Central

Boevé, Anja J.; Meijer, Rob R.; Albers, Casper J.; Beetsma, Yta; Bosker, Roel J.

2015-01-01

The introduction of computer-based testing in high-stakes examining in higher education is developing rather slowly due to institutional barriers (the need of extra facilities, ensuring test security) and teacher and student acceptance. From the existing literature it is unclear whether computer-based exams will result in similar results as paper-based exams and whether student acceptance can change as a result of administering computer-based exams. In this study, we compared results from a computer-based and paper-based exam in a sample of psychology students and found no differences in total scores across the two modes. Furthermore, we investigated student acceptance and change in acceptance of computer-based examining. After taking the computer-based exam, fifty percent of the students preferred paper-and-pencil exams over computer-based exams and about a quarter preferred a computer-based exam. We conclude that computer-based exam total scores are similar as paper-based exam scores, but that for the acceptance of high-stakes computer-based exams it is important that students practice and get familiar with this new mode of test administration. PMID:26641632

The Rise of the CISO

ERIC Educational Resources Information Center

Gale, Doug

2007-01-01

The late 1980s was an exciting time to be a CIO in higher education. Computing was being decentralized as microcomputers replaced mainframes, networking was emerging, and the National Science Foundation Network (NSFNET) was introducing the concept of an "internet" to hundreds of thousands of new users. Security wasn't much of an issue;…

A Hybrid Computing Testbed for Mobile Threat Detection and Enhanced Research and Education in Information

DTIC Science & Technology

2014-11-20

techniques to defend against stealthy malware, i.e., rootkits. For example, we have been developing new virtualization-based security service called AirBag ...for mobile devices. AirBag is a virtualization-based system that enables dynamic switching of (guest) Android im- ages in one VM, with one image

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

Large-Scale Survey Findings Inform Patients’ Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment

PubMed Central

Patel, Nitin R; Lind, Jason D; Antinori, Nicole

2015-01-01

Background Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users’ experiences in using secure email messaging. Objective To quantitatively assess veteran patients’ experiences in using secure email messaging in a large patient sample. Methods A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations’ Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. Results The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared with individuals with lower reported health literacy. Many respondents (n=328, 40.0%) reported that they would like to receive education and/or felt other veterans would benefit from education on how to access and use the electronic patient portal and secure messaging (n=652, 79.6%). Conclusions Survey findings validated qualitative findings found in previous research, such that veterans perceive secure email messaging as a useful tool for communicating with health care teams. To maximize sustained utilization of secure email messaging, marketing, education, skill building, and system modifications are needed. These findings can inform ongoing efforts to promote the sustained use of this electronic tool to support for patient-provider communication. PMID:26690761

Large-Scale Survey Findings Inform Patients' Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment.

PubMed

Haun, Jolie N; Patel, Nitin R; Lind, Jason D; Antinori, Nicole

2015-12-21

Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users' experiences in using secure email messaging. To quantitatively assess veteran patients' experiences in using secure email messaging in a large patient sample. A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations' Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared with individuals with lower reported health literacy. Many respondents (n=328, 40.0%) reported that they would like to receive education and/or felt other veterans would benefit from education on how to access and use the electronic patient portal and secure messaging (n=652, 79.6%). Survey findings validated qualitative findings found in previous research, such that veterans perceive secure email messaging as a useful tool for communicating with health care teams. To maximize sustained utilization of secure email messaging, marketing, education, skill building, and system modifications are needed. These findings can inform ongoing efforts to promote the sustained use of this electronic tool to support for patient-provider communication.

Achieving Learning Objectives through E-Voting Case Studies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bishop, Matt; Frincke, Deb

2007-01-01

The recent explosion in the use of electronic voting machines provides a wonderful opportunity to teach students about computer security. Because voting is the cornerstone of any democracy or republic, the need for secure voting systems is obvious. Further, students are familiar with how to vote. But the complexity of mapping a traditional process of voting using secret ballots to an electronic environment shows the difficulties of implementing secure processes and systems. In this article, we show a high level mapping from selected security and privacy education outcomes into a target ‘case study’ of developing electronic voting machines intended formore » traditional secret ballot elections. Our intent is to motivate both a set of lessons specifically involving e-voting, as well as illustrating the usefulness of having a mapping from outcomes to simplified case studies.« less

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

32 CFR 154.61 - Security education.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Security education. 154.61 Section 154.61... PERSONNEL SECURITY PROGRAM REGULATION Continuing Security Responsibilities § 154.61 Security education. (a.... Through security briefings and education, the Department of Defense continues to provide for the...

32 CFR 154.61 - Security education.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 1 2012-07-01 2012-07-01 false Security education. 154.61 Section 154.61... PERSONNEL SECURITY PROGRAM REGULATION Continuing Security Responsibilities § 154.61 Security education. (a.... Through security briefings and education, the Department of Defense continues to provide for the...

32 CFR 154.61 - Security education.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 1 2013-07-01 2013-07-01 false Security education. 154.61 Section 154.61... PERSONNEL SECURITY PROGRAM REGULATION Continuing Security Responsibilities § 154.61 Security education. (a.... Through security briefings and education, the Department of Defense continues to provide for the...

32 CFR 154.61 - Security education.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 1 2014-07-01 2014-07-01 false Security education. 154.61 Section 154.61... PERSONNEL SECURITY PROGRAM REGULATION Continuing Security Responsibilities § 154.61 Security education. (a.... Through security briefings and education, the Department of Defense continues to provide for the...

32 CFR 154.61 - Security education.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Security education. 154.61 Section 154.61... PERSONNEL SECURITY PROGRAM REGULATION Continuing Security Responsibilities § 154.61 Security education. (a.... Through security briefings and education, the Department of Defense continues to provide for the...

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

Promoting Continuing Computer Science Education through a Massively Open Online Course

ERIC Educational Resources Information Center

Oliver, Kevin

2016-01-01

This paper presents the results of a comparison study between graduate students taking a software security course at an American university and international working professionals taking a version of the same course online through a free massive open online course (MOOC) created in the Google CourseBuilder learning environment. A goal of the study…

Cyber-Security Concerns Mount as Student Hacking Hits Schools: Districts Straining to Safeguard Online Networks

ERIC Educational Resources Information Center

Borja, Rhea R.

2006-01-01

While schools rightly fear break-ins to their computer systems by professional criminals, students are increasingly giving educators almost as much to worry about. Reports of students' gaining access to school networks to change grades, delete teachers' files, or steal data are becoming more common, experts say, and many districts remain highly…

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

Perceptions about computers and the internet in a pediatric clinic population.

PubMed

Carroll, Aaron E; Zimmerman, Frederick J; Rivara, Frederick P; Ebel, Beth E; Christakis, Dimitri A

2005-01-01

A digital divide with respect to computer and Internet access has been noted in numerous studies and reports. Equally important to ownership is comfort with computers and Internet technology, and concerns about privacy of personal data. To measure how households in a pediatric clinic vary in their attitudes toward computers, concerns about Internet confidentiality, and comfort using the Internet and whether these views are associated with household income or education. A phone survey was administered to a population-based sample of parents with children aged 0 to 11 years. All children received medical care from a community-based clinic network serving patients in King County, Wash. Eighty-eight percent of respondents used a computer once a week or more, and 83% of respondents reported favorable feelings toward computers. Although 97% of respondents were willing to share personal information over the Internet, many respondents considered data security important. While household income and parental education were associated with comfort and familiarity with computers, the effect is small. Respondents who already owned a computer and had Internet access did not differ in their perceptions according to socioeconomic or educational attainment. Most families like using computers and feel comfortable using the Internet regardless of socioeconomic status. Fears about the digital divide's impact on the attitudes of parents toward computers or their comfort using the Internet should not be seen as a barrier to developing Internet-based health interventions for a pediatric clinic population.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Communication and computing technology in biocontainment laboratories using the NEIDL as a model.

PubMed

McCall, John; Hardcastle, Kath

2014-07-01

The National Emerging Infectious Diseases Laboratories (NEIDL), Boston University, is a globally unique biocontainment research facility housing biosafety level 2 (BSL-2), BSL-3, and BSL-4 laboratories. Located in the BioSquare area at the University's Medical Campus, it is part of a national network of secure facilities constructed to study infectious diseases of major public health concern. The NEIDL allows for basic, translational, and clinical phases of research to be carried out in a single facility with the overall goal of accelerating understanding, treatment, and prevention of infectious diseases. The NEIDL will also act as a center of excellence providing training and education in all aspects of biocontainment research. Within every detail of NEIDL operations is a primary emphasis on safety and security. The ultramodern NEIDL has required a new approach to communications technology solutions in order to ensure safety and security and meet the needs of investigators working in this complex building. This article discusses the implementation of secure wireless networks and private cloud computing to promote operational efficiency, biosecurity, and biosafety with additional energy-saving advantages. The utilization of a dedicated data center, virtualized servers, virtualized desktop integration, multichannel secure wireless networks, and a NEIDL-dedicated Voice over Internet Protocol (VoIP) network are all discussed. © 2014 Federation of European Microbiological Societies. Published by John Wiley & Sons Ltd. All rights reserved.

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... providing security education and training. A licensee or other entity subject to part 95 may obtain...

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

Development of an Innovative Interactive Virtual Classroom System for K-12 Education Using Google App Engine

ERIC Educational Resources Information Center

Mumba, Frackson; Zhu, Mengxia

2013-01-01

This paper presents a Simulation-based interactive Virtual ClassRoom web system (SVCR: www.vclasie.com) powered by the state-of-the-art cloud computing technology from Google SVCR integrates popular free open-source math, science and engineering simulations and provides functions such as secure user access control and management of courses,…

Office of Educational Programs 2009 Summer Internship Symposium and Poster Session

DOE Office of Scientific and Technical Information (OSTI.GOV)

White,K.; Morris, M.; Osiecki, C.

2009-08-06

Brookhaven National Laboratory offers college and pre-college faculty and students many opportunities to participate in Laboratory educational programs. The programs administered by the Office of Educational Programs are primarily funded by the U.S. Department of Energy, Brookhaven Science Associates, and other federal and non-federal agencies. Faculty and student research participation is welcomed in physical and life sciences, computer science and engineering, as well as in a variety of applied research areas relating to alternative energy, conservation, environmental technology, and national security. Visit our website at http://www.bnl.gov/education for application deadlines and more details. Following is a description of the programs managedmore » by the Office of Educational Programs.« less

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

PubMed

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will... conditions under which SSA will disclose Social Security benefit data to OPM via direct computer link. OPM...

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

Grids: The Top Ten Questions

DOE PAGES

Schopf, Jennifer M.; Nitzberg, Bill

2002-01-01

The design and implementation of a national computing system and data grid has become a reachable goal from both the computer science and computational science point of view. A distributed infrastructure capable of sophisticated computational functions can bring many benefits to scientific work, but poses many challenges, both technical and socio-political. Technical challenges include having basic software tools, higher-level services, functioning and pervasive security, and standards, while socio-political issues include building a user community, adding incentives for sites to be part of a user-centric environment, and educating funding sources about the needs of this community. This paper details the areasmore » relating to Grid research that we feel still need to be addressed to fully leverage the advantages of the Grid.« less

SOCR: Statistics Online Computational Resource

PubMed Central

Dinov, Ivo D.

2011-01-01

The need for hands-on computer laboratory experience in undergraduate and graduate statistics education has been firmly established in the past decade. As a result a number of attempts have been undertaken to develop novel approaches for problem-driven statistical thinking, data analysis and result interpretation. In this paper we describe an integrated educational web-based framework for: interactive distribution modeling, virtual online probability experimentation, statistical data analysis, visualization and integration. Following years of experience in statistical teaching at all college levels using established licensed statistical software packages, like STATA, S-PLUS, R, SPSS, SAS, Systat, etc., we have attempted to engineer a new statistics education environment, the Statistics Online Computational Resource (SOCR). This resource performs many of the standard types of statistical analysis, much like other classical tools. In addition, it is designed in a plug-in object-oriented architecture and is completely platform independent, web-based, interactive, extensible and secure. Over the past 4 years we have tested, fine-tuned and reanalyzed the SOCR framework in many of our undergraduate and graduate probability and statistics courses and have evidence that SOCR resources build student’s intuition and enhance their learning. PMID:21451741

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

6 CFR 13.27 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Computation of time. 13.27 Section 13.27 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.27 Computation of time. (a) In computing any period of time under this part or in an order issued...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

The National Security Education Program and Its Service Requirement: An Exploratory Study of What Areas of Government and for What Duration National Security Education Program Recipients Have Worked

ERIC Educational Resources Information Center

Comp, David J.

2013-01-01

The National Security Education Program, established under the National Security Education Act of 1991, has had a post-funding service requirement in the Federal Government for undergraduate scholarship and graduate fellowship recipients since its inception. The service requirement, along with the concern that the National Security Education…

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

78 FR 31525 - National Security Education Board; Notice of Federal Advisory Committee Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-24

... Security Education Program Service Requirements Updates. 4:45 p.m.--Board Discussion. 5:30 p.m.--Adjourn... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board; Notice of Federal... and National Security Education Office (DLNSEO), DoD. ACTION: Meeting notice. SUMMARY: Under the...

78 FR 54634 - National Security Education Board; Notice of Federal Advisory Committee Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-05

... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board; Notice of Federal... and National Security Education Office (DLNSEO), Office of the Secretary, DoD. ACTION: Meeting notice... committee working group meeting of the National Security Education Board will take place. DATES: Monday...

15 CFR 2008.16 - Security education program.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 3 2010-01-01 2010-01-01 false Security education program. 2008.16... REPRESENTATIVE Safeguards § 2008.16 Security education program. (a) The Office of the Special Representative for... charged with the implementation of this security education program and shall issue detailed procedures for...

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

Thundercloud: Domain specific information security training for the smart grid

NASA Astrophysics Data System (ADS)

Stites, Joseph

In this paper, we describe a cloud-based virtual smart grid test bed: ThunderCloud, which is intended to be used for domain-specific security training applicable to the smart grid environment. The test bed consists of virtual machines connected using a virtual internal network. ThunderCloud is remotely accessible, allowing students to undergo educational exercises online. We also describe a series of practical exercises that we have developed for providing the domain-specific training using ThunderCloud. The training exercises and attacks are designed to be realistic and to reflect known vulnerabilities and attacks reported in the smart grid environment. We were able to use ThunderCloud to offer practical domain-specific security training for smart grid environment to computer science students at little or no cost to the department and no risk to any real networks or systems.

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Online database for documenting clinical pathology resident education.

PubMed

Hoofnagle, Andrew N; Chou, David; Astion, Michael L

2007-01-01

Training of clinical pathologists is evolving and must now address the 6 core competencies described by the Accreditation Council for Graduate Medical Education (ACGME), which include patient care. A substantial portion of the patient care performed by the clinical pathology resident takes place while the resident is on call for the laboratory, a practice that provides the resident with clinical experience and assists the laboratory in providing quality service to clinicians in the hospital and surrounding community. Documenting the educational value of these on-call experiences and providing evidence of competence is difficult for residency directors. An online database of these calls, entered by residents and reviewed by faculty, would provide a mechanism for documenting and improving the education of clinical pathology residents. With Microsoft Access we developed an online database that uses active server pages and secure sockets layer encryption to document calls to the clinical pathology resident. Using the data collected, we evaluated the efficacy of 3 interventions aimed at improving resident education. The database facilitated the documentation of more than 4 700 calls in the first 21 months it was online, provided archived resident-generated data to assist in serving clients, and demonstrated that 2 interventions aimed at improving resident education were successful. We have developed a secure online database, accessible from any computer with Internet access, that can be used to easily document clinical pathology resident education and competency.

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

NASA Astrophysics Data System (ADS)

Fleischmann, Kenneth R.

The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

77 FR 9214 - National Security Education Board Members Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-16

... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting... meeting of the National Security Education Board. The purpose of the meeting is to review and make... Security Education Act, Title VII of Public Law 102- 183, as amended. DATES: March 15, 2012, from 9 a.m.-2...

Knowledge management: Role of the the Radiation Safety Information Computational Center (RSICC)

NASA Astrophysics Data System (ADS)

Valentine, Timothy

2017-09-01

The Radiation Safety Information Computational Center (RSICC) at Oak Ridge National Laboratory (ORNL) is an information analysis center that collects, archives, evaluates, synthesizes and distributes information, data and codes that are used in various nuclear technology applications. RSICC retains more than 2,000 software packages that have been provided by code developers from various federal and international agencies. RSICC's customers (scientists, engineers, and students from around the world) obtain access to such computing codes (source and/or executable versions) and processed nuclear data files to promote on-going research, to ensure nuclear and radiological safety, and to advance nuclear technology. The role of such information analysis centers is critical for supporting and sustaining nuclear education and training programs both domestically and internationally, as the majority of RSICC's customers are students attending U.S. universities. Additionally, RSICC operates a secure CLOUD computing system to provide access to sensitive export-controlled modeling and simulation (M&S) tools that support both domestic and international activities. This presentation will provide a general review of RSICC's activities, services, and systems that support knowledge management and education and training in the nuclear field.

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0006] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

Challenges and Security in Cloud Computing

NASA Astrophysics Data System (ADS)

Chang, Hyokyung; Choi, Euiin

People who live in this world want to solve any problems as they happen then. An IT technology called Ubiquitous computing should help the situations easier and we call a technology which makes it even better and powerful cloud computing. Cloud computing, however, is at the stage of the beginning to implement and use and it faces a lot of challenges in technical matters and security issues. This paper looks at the cloud computing security.

32 CFR 2001.70 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Security Education and Training § 2001.70 General. (a) Purpose. This subpart sets standards for agency security education and... uniformity in the conduct of agency security education and training programs; and (3) Reduce instances of...

Conception of a course for professional training and education in the field of computer and mobile forensics: Part II: Android Forensics

NASA Astrophysics Data System (ADS)

Kröger, Knut; Creutzburg, Reiner

2013-03-01

The growth of Android in the mobile sector and the interest to investigate these devices from a forensic point of view has rapidly increased. Many companies have security problems with mobile devices in their own IT infrastructure. To respond to these incidents, it is important to have professional trained staff. Furthermore, it is necessary to further train their existing employees in the practical applications of mobile forensics owing to the fact that a lot of companies are trusted with very sensitive data. Inspired by these facts, this paper - a continuation of a paper of January 2012 [1] which showed the conception of a course for professional training and education in the field of computer and mobile forensics - addresses training approaches and practical exercises to investigate Android mobile devices.

Avionics Collaborative Engineering Technology Delivery Order 0035: Secure Knowledge Management (SKM) Technology Research Roadmap - Technology Trends for Collaborative Information and Knowledge Management Research

DTIC Science & Technology

2004-06-01

such as that represented in the know-how of the master craftsman), and cognitive (know why, perceptions, values, beliefs, and mental models).4... cognitive engineering, educational technology, industrial/organizational psychology, sociology, cultural anthropology, and computational...such as human-human interaction, interface design and evaluation methodology, cognitive models and user models, health and ergonomic studies, empirical

20 CFR 229.65 - Initial reduction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... wage (see § 225.2 of this chapter) used to compute the DIB O/M under the Social Security Act rules... that exceed the maximum used in computing social security benefits) for the 5 consecutive years after... earnings that exceed the maximum used in computing social security benefits) for the year of highest...

A Computational Model and Multi-Agent Simulation for Information Assurance

DTIC Science & Technology

2002-06-01

Podell , Information Security: an Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, 1994. Brinkley, D. L. and Schell, R...R., “What is There to Worry About? An Introduction to the Computer Security Problem,” ed. Abrams and Jajodia and Podell , Information Security: an

Distributed intrusion detection system based on grid security model

NASA Astrophysics Data System (ADS)

Su, Jie; Liu, Yahui

2008-03-01

Grid computing has developed rapidly with the development of network technology and it can solve the problem of large-scale complex computing by sharing large-scale computing resource. In grid environment, we can realize a distributed and load balance intrusion detection system. This paper first discusses the security mechanism in grid computing and the function of PKI/CA in the grid security system, then gives the application of grid computing character in the distributed intrusion detection system (IDS) based on Artificial Immune System. Finally, it gives a distributed intrusion detection system based on grid security system that can reduce the processing delay and assure the detection rates.

A Lightweight Protocol for Secure Video Streaming

PubMed Central

Morkevicius, Nerijus; Bagdonas, Kazimieras

2018-01-01

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing “Fog Node-End Device” layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard. PMID:29757988

A Lightweight Protocol for Secure Video Streaming.

PubMed

Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

2018-05-14

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

PubMed Central

2013-01-01

Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy. PMID:23937965

Uncover the Cloud for Geospatial Sciences and Applications to Adopt Cloud Computing

NASA Astrophysics Data System (ADS)

Yang, C.; Huang, Q.; Xia, J.; Liu, K.; Li, J.; Xu, C.; Sun, M.; Bambacus, M.; Xu, Y.; Fay, D.

2012-12-01

Cloud computing is emerging as the future infrastructure for providing computing resources to support and enable scientific research, engineering development, and application construction, as well as work force education. On the other hand, there is a lot of doubt about the readiness of cloud computing to support a variety of scientific research, development and educations. This research is a project funded by NASA SMD to investigate through holistic studies how ready is the cloud computing to support geosciences. Four applications with different computing characteristics including data, computing, concurrent, and spatiotemporal intensities are taken to test the readiness of cloud computing to support geosciences. Three popular and representative cloud platforms including Amazon EC2, Microsoft Azure, and NASA Nebula as well as a traditional cluster are utilized in the study. Results illustrates that cloud is ready to some degree but more research needs to be done to fully implemented the cloud benefit as advertised by many vendors and defined by NIST. Specifically, 1) most cloud platform could help stand up new computing instances, a new computer, in a few minutes as envisioned, therefore, is ready to support most computing needs in an on demand fashion; 2) the load balance and elasticity, a defining characteristic, is ready in some cloud platforms, such as Amazon EC2, to support bigger jobs, e.g., needs response in minutes, while some are not ready to support the elasticity and load balance well. All cloud platform needs further research and development to support real time application at subminute level; 3) the user interface and functionality of cloud platforms vary a lot and some of them are very professional and well supported/documented, such as Amazon EC2, some of them needs significant improvement for the general public to adopt cloud computing without professional training or knowledge about computing infrastructure; 4) the security is a big concern in cloud computing platform, with the sharing spirit of cloud computing, it is very hard to ensure higher level security, except a private cloud is built for a specific organization without public access, public cloud platform does not support FISMA medium level yet and may never be able to support FISMA high level; 5) HPC jobs needs of cloud computing is not well supported and only Amazon EC2 supports this well. The research is being taken by NASA and other agencies to consider cloud computing adoption. We hope the publication of the research would also benefit the public to adopt cloud computing.

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

77 FR 49439 - National Security Education Board Members Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-16

.... ADDRESSES: Defense Language and National Security Education Office, 1101 Wilson Boulevard, Suite 1210... National Security Education Office (DLNSEO), 1101 Wilson Boulevard, Suite 1210, Rosslyn, Virginia 22209...

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

A Semantic Based Policy Management Framework for Cloud Computing Environments

ERIC Educational Resources Information Center

Takabi, Hassan

2013-01-01

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access…

Education and Strategic Research Collaborations

Science.gov Websites

Los Alamos National Laboratory National Security Education Center Image Search Site submit LaboratoryNational Security Education Center Menu Program Offices Energy Security Council New Mexico Consortium Geophysics, Planetary Physics, Signatures Events Collaborations for education and strategic research, student

Computer Security: the Achilles’ Heel of the Electronic Air Force?

DTIC Science & Technology

2013-02-01

commercials not enough. In the Pentagon a General Electric system called “GCOS” provided classified (secret) com- putation for the Air Staff and others...necessary computer function. January–February 2013 Air & Space Power Journal | 169 Historical Highlight Government designers not perfect. After the Pentagon ...laboratory computer to evaluate Multics as a potential multilevel secure computer for the Pentagon . Although it had the best security design of any system

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

Analysis of Alternatives (AoA) of Open Colllaboration and Research Capabilities Collaboratipon in Research and Engineering in Advanced Technology and Education and High-Performance Computing Innovation Center (HPCIC) on the LVOC.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Vrieling, P. Douglas

2016-01-01

The Livermore Valley Open Campus (LVOC), a joint initiative of the National Nuclear Security Administration (NNSA), Lawrence Livermore National Laboratory (LLNL), and Sandia National Laboratories (SNL), enhances the national security missions of NNSA by promoting greater collaboration between world-class scientists at the national security laboratories, and their partners in industry and academia. Strengthening the science, technology, and engineering (ST&E) base of our nation is one of the NNSA’s top goals. By conducting coordinated and collaborative programs, LVOC enhances both the NNSA and the broader national science and technology base, and helps to ensure the health of core capabilities at LLNLmore » and SNL. These capabilities must remain strong to enable the laboratories to execute their primary mission for NNSA.« less

Computer Security: The Human Element.

ERIC Educational Resources Information Center

Guynes, Carl S.; Vanacek, Michael T.

1981-01-01

The security and effectiveness of a computer system are dependent on the personnel involved. Improved personnel and organizational procedures can significantly reduce the potential for computer fraud. (Author/MLF)

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

.../index.html/ . Agenda: --Cloud Computing Implementations --Health IT --OpenID --Pending Cyber Security... will be available for the public and media. --OpenID --Cloud Computing Implementations --Security...

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 2

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

NNSA Administrator Addresses the Next Generation of Nuclear Security Professionals: Part 1

ScienceCinema

Thomas D'Agostino

2017-12-09

Administrator Thomas DAgostino of the National Nuclear Security Administration addressed the next generation of nuclear security professionals during the opening session of todays 2009 Department of Energy (DOE) Computational Science Graduate Fellowship Annual Conference. Administrator DAgostino discussed NNSAs role in implementing President Obamas nuclear security agenda and encouraged the computing science fellows to consider careers in nuclear security.

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2010 CFR

2010-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2014 CFR

2014-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2012 CFR

2012-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2013 CFR

2013-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2011 CFR

2011-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

34 CFR 668.36 - Social security number.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 34 Education 3 2011-07-01 2011-07-01 false Social security number. 668.36 Section 668.36 Education..., DEPARTMENT OF EDUCATION STUDENT ASSISTANCE GENERAL PROVISIONS Student Eligibility § 668.36 Social security... Islands, and the Republic of Palau, the Secretary attempts to confirm the social security number a student...

25 CFR 40.4 - Security.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 25 Indians 1 2014-04-01 2014-04-01 false Security. 40.4 Section 40.4 Indians BUREAU OF INDIAN AFFAIRS, DEPARTMENT OF THE INTERIOR EDUCATION ADMINISTRATION OF EDUCATIONAL LOANS, GRANTS AND OTHER ASSISTANCE FOR HIGHER EDUCATION § 40.4 Security. If a borrower or cosigner has security to offer for an...

25 CFR 40.4 - Security.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 25 Indians 1 2011-04-01 2011-04-01 false Security. 40.4 Section 40.4 Indians BUREAU OF INDIAN AFFAIRS, DEPARTMENT OF THE INTERIOR EDUCATION ADMINISTRATION OF EDUCATIONAL LOANS, GRANTS AND OTHER ASSISTANCE FOR HIGHER EDUCATION § 40.4 Security. If a borrower or cosigner has security to offer for an...

25 CFR 40.4 - Security.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 25 Indians 1 2013-04-01 2013-04-01 false Security. 40.4 Section 40.4 Indians BUREAU OF INDIAN AFFAIRS, DEPARTMENT OF THE INTERIOR EDUCATION ADMINISTRATION OF EDUCATIONAL LOANS, GRANTS AND OTHER ASSISTANCE FOR HIGHER EDUCATION § 40.4 Security. If a borrower or cosigner has security to offer for an...

25 CFR 40.4 - Security.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 25 Indians 1 2010-04-01 2010-04-01 false Security. 40.4 Section 40.4 Indians BUREAU OF INDIAN AFFAIRS, DEPARTMENT OF THE INTERIOR EDUCATION ADMINISTRATION OF EDUCATIONAL LOANS, GRANTS AND OTHER ASSISTANCE FOR HIGHER EDUCATION § 40.4 Security. If a borrower or cosigner has security to offer for an...

25 CFR 40.4 - Security.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 25 Indians 1 2012-04-01 2011-04-01 true Security. 40.4 Section 40.4 Indians BUREAU OF INDIAN AFFAIRS, DEPARTMENT OF THE INTERIOR EDUCATION ADMINISTRATION OF EDUCATIONAL LOANS, GRANTS AND OTHER ASSISTANCE FOR HIGHER EDUCATION § 40.4 Security. If a borrower or cosigner has security to offer for an...

34 CFR 668.36 - Social security number.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 34 Education 3 2013-07-01 2013-07-01 false Social security number. 668.36 Section 668.36 Education..., DEPARTMENT OF EDUCATION STUDENT ASSISTANCE GENERAL PROVISIONS Student Eligibility § 668.36 Social security... Islands, and the Republic of Palau, the Secretary attempts to confirm the social security number a student...

34 CFR 668.36 - Social security number.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 34 Education 3 2012-07-01 2012-07-01 false Social security number. 668.36 Section 668.36 Education..., DEPARTMENT OF EDUCATION STUDENT ASSISTANCE GENERAL PROVISIONS Student Eligibility § 668.36 Social security... Islands, and the Republic of Palau, the Secretary attempts to confirm the social security number a student...

34 CFR 668.36 - Social security number.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 34 Education 3 2014-07-01 2014-07-01 false Social security number. 668.36 Section 668.36 Education..., DEPARTMENT OF EDUCATION STUDENT ASSISTANCE GENERAL PROVISIONS Student Eligibility § 668.36 Social security... Islands, and the Republic of Palau, the Secretary attempts to confirm the social security number a student...

34 CFR 668.36 - Social security number.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 34 Education 3 2010-07-01 2010-07-01 false Social security number. 668.36 Section 668.36 Education..., DEPARTMENT OF EDUCATION STUDENT ASSISTANCE GENERAL PROVISIONS Student Eligibility § 668.36 Social security... Islands, and the Republic of Palau, the Secretary attempts to confirm the social security number a student...

A Formal Specification and Verification Method for the Prevention of Denial of Service in Ada Services

DTIC Science & Technology

1988-03-01

Mechanism; Computer Security. 16. PRICE CODE 17. SECURITY CLASSIFICATION IS. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. UMrrATION OF ABSTRACT...denial of service. This paper assumes that the reader is a computer science or engineering professional working in the area of formal specification and...recovery from such events as deadlocks and crashes can be accounted for in the computation of the waiting time for each service in the service hierarchy

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Cognitive Computing for Security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Debenedictis, Erik; Rothganger, Fredrick; Aimone, James Bradley

Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

76 FR 28960 - National Security Education Board Members Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-19

... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting... Education Board. The purpose of the meeting is to review and make recommendations to the Secretary of Defense concerning requirements established by the David L. Boren National Security Education Act, Title...

77 FR 27739 - National Security Education Board Members Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-11

... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting... Education Board. The purpose of the meeting is to review and make recommendations to the Secretary of Defense concerning requirements established by the David L. Boren National Security Education Act, Title...

Enhancing Security by System-Level Virtualization in Cloud Computing Environments

NASA Astrophysics Data System (ADS)

Sun, Dawei; Chang, Guiran; Tan, Chunguang; Wang, Xingwei

Many trends are opening up the era of cloud computing, which will reshape the IT industry. Virtualization techniques have become an indispensable ingredient for almost all cloud computing system. By the virtual environments, cloud provider is able to run varieties of operating systems as needed by each cloud user. Virtualization can improve reliability, security, and availability of applications by using consolidation, isolation, and fault tolerance. In addition, it is possible to balance the workloads by using live migration techniques. In this paper, the definition of cloud computing is given; and then the service and deployment models are introduced. An analysis of security issues and challenges in implementation of cloud computing is identified. Moreover, a system-level virtualization case is established to enhance the security of cloud computing environments.

77 FR 34029 - National Security Education Board Members Meeting; Cancellation of Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-08

.... to 2 p.m. at Defense Language and National Security Education Office, 1101 Wilson Boulevard, Suite..., Defense Language and National Security Education Office (DLNSEO), 1101 Wilson Boulevard, Suite 1210...

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

The Naval Postgraduate School SECURE ARCHIVAL STORAGE SYSTEM. Part II. Segment and Process Management Implementation.

DTIC Science & Technology

1981-03-01

Research Instructor of Computer Scienr-. Reviewed by: Released by: WILLIAM M. TOLLES Department puter Science Dean of Research 4c t SECURITY...Lyle A. Cox, Roger R. Schell, and Sonja L. Perdue 9. PERFORMING ORGANIZATION NAME ANO ADDRESS 10. PROGRAM ELEMENT. PROJECT. TASK AREA A WORK UNIT... Computer Networks, Operating Systems, Computer Security 20. AftUrCT (Cnthm, w v re eae old* It n..*p and idm 0 F W blk ..m.m.o’) ",A_;he security

Private quantum computation: an introduction to blind quantum computing and related protocols

NASA Astrophysics Data System (ADS)

Fitzsimons, Joseph F.

2017-06-01

Quantum technologies hold the promise of not only faster algorithmic processing of data, via quantum computation, but also of more secure communications, in the form of quantum cryptography. In recent years, a number of protocols have emerged which seek to marry these concepts for the purpose of securing computation rather than communication. These protocols address the task of securely delegating quantum computation to an untrusted device while maintaining the privacy, and in some instances the integrity, of the computation. We present a review of the progress to date in this emerging area.

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

77 FR 65215 - In the Matter of Licensee Identified in Attachment 1 and all Other Persons Who Obtain Safeguards...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-25

... a computing environment that has adequate computer security controls in place to prevent... NRC intends to issue a security Order to this Licensee in the near future. The Order will require compliance with specific Additional Security Measures to enhance the security for certain radioactive...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Computer applications for the hospital security department--buying or developing a shift log reporting system.

PubMed

Gruber, T

1996-01-01

The author presents guidelines to help a security department select a computer system to track security activities--whether it's a commercial software product, an in-house developed program, or a do-it-yourself designed system. Computerized security activity reporting, he believes, is effective and beneficial.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

DOT National Transportation Integrated Search

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

Motivating Contributions for Home Computer Security

ERIC Educational Resources Information Center

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

Proposal for founding mistrustful quantum cryptography on coin tossing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian; Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZ,

2003-07-01

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process, or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multiparty computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signaling constraints into account. The best that can be hoped for, in general, aremore » quantum protocols which are computationally secure against quantum attack. Here a method is described for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin-tossing protocol. No security proof is attempted, but reasons are sketched why these protocols might resist quantum computational attack.« less

Nuclear Security Education Program at the Pennsylvania State University

DOE Office of Scientific and Technical Information (OSTI.GOV)

Uenlue, Kenan; The Pennsylvania State University, Department of Mechanical and Nuclear Engineering, University Park, PA 16802-2304; Jovanovic, Igor

The availability of trained and qualified nuclear and radiation security experts worldwide has decreased as those with hands-on experience have retired while the demand for these experts and skills have increased. The U.S. Department of Energy's National Nuclear Security Administration's (NNSA) Global Threat Reduction Initiative (GTRI) has responded to the continued loss of technical and policy expertise amongst personnel and students in the security field by initiating the establishment of a Nuclear Security Education Initiative, in partnership with Pennsylvania State University (PSU), Texas A and M (TAMU), and Massachusetts Institute of Technology (MIT). This collaborative, multi-year initiative forms the basismore » of specific education programs designed to educate the next generation of personnel who plan on careers in the nonproliferation and security fields with both domestic and international focus. The three universities worked collaboratively to develop five core courses consistent with the GTRI mission, policies, and practices. These courses are the following: Global Nuclear Security Policies, Detectors and Source Technologies, Applications of Detectors/Sensors/Sources for Radiation Detection and Measurements Nuclear Security Laboratory, Threat Analysis and Assessment, and Design and Analysis of Security Systems for Nuclear and Radiological Facilities. The Pennsylvania State University (PSU) Nuclear Engineering Program is a leader in undergraduate and graduate-level nuclear engineering education in the USA. The PSU offers undergraduate and graduate programs in nuclear engineering. The PSU undergraduate program in nuclear engineering is the largest nuclear engineering programs in the USA. The PSU Radiation Science and Engineering Center (RSEC) facilities are being used for most of the nuclear security education program activities. Laboratory space and equipment was made available for this purpose. The RSEC facilities include the Penn State Breazeale Reactor (PSBR), gamma irradiation facilities (in-pool irradiator, dry irradiator, and hot cells), neutron beam laboratory, radiochemistry laboratories, and various radiation detection and measurement laboratories. A new nuclear security education laboratory was created with DOE NNSA- GTRI funds at RSEC. The nuclear security graduate level curriculum enables the PSU to educate and train future nuclear security experts, both within the United States as well as worldwide. The nuclear security education program at Penn State will grant a Master's degree in nuclear security starting fall 2015. The PSU developed two courses: Nuclear Security- Detector And Source Technologies and Nuclear Security- Applications of Detectors/Sensors/Sources for Radiation Detection and Measurements (Laboratory). Course descriptions and course topics of these courses are described briefly: - Nuclear Security - Detector and Source Technologies; - Nuclear Security - Applications of Detectors/Sensors/Sources for Radiation Detection and Measurements Laboratory.« less

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

Network gateway security method for enterprise Grid: a literature review

NASA Astrophysics Data System (ADS)

Sujarwo, A.; Tan, J.

2017-03-01

The computational Grid has brought big computational resources closer to scientists. It enables people to do a large computational job anytime and anywhere without any physical border anymore. However, the massive and spread of computer participants either as user or computational provider arise problems in security. The challenge is on how the security system, especially the one which filters data in the gateway could works in flexibility depends on the registered Grid participants. This paper surveys what people have done to approach this challenge, in order to find the better and new method for enterprise Grid. The findings of this paper is the dynamically controlled enterprise firewall to secure the Grid resources from unwanted connections with a new firewall controlling method and components.

A Test-Bed of Secure Mobile Cloud Computing for Military Applications

DTIC Science & Technology

2016-09-13

searching databases. This kind of applications is a typical example of mobile cloud computing (MCC). MCC has lots of applications in the military...Release; Distribution Unlimited UU UU UU UU 13-09-2016 1-Aug-2014 31-Jul-2016 Final Report: A Test-bed of Secure Mobile Cloud Computing for Military...Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-2211 Test-bed, Mobile Cloud Computing , Security, Military Applications REPORT

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Case Study: Creation of a Degree Program in Computer Security. White Paper.

ERIC Educational Resources Information Center

Belon, Barbara; Wright, Marie

This paper reports on research into the field of computer security, and undergraduate degrees offered in that field. Research described in the paper reveals only one computer security program at the associate's degree level in the entire country. That program, at Texas State Technical College in Waco, is a 71-credit-hour program leading to an…

Understanding Mobile Apps

MedlinePlus

... share personal information let your kids spend real money — even if the app is free include ads link to social media What’s more, ... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making ... Security "Free" Security Scans Computer Security Disposing of Old Computers ...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

A Trusted Portable Computing Device

NASA Astrophysics Data System (ADS)

Ming-wei, Fang; Jun-jun, Wu; Peng-fei, Yu; Xin-fang, Zhang

A trusted portable computing device and its security mechanism were presented to solve the security issues, such as the attack of virus and Trojan horse, the lost and stolen of storage device, in mobile office. It used smart card to build a trusted portable security base, virtualization to create a secure virtual execution environment, two-factor authentication mechanism to identify legitimate users, and dynamic encryption to protect data privacy. The security environment described in this paper is characteristic of portability, security and reliability. It can meet the security requirement of mobile office.

Repositioning Technical and Vocational Education and Training (TVET) for Youths Employment and National Security in Nigeria

ERIC Educational Resources Information Center

Ogbunaya, T. C.; Udoudo, Ekereobong S.

2015-01-01

The paper focused on repositioning Technical and Vocational Education and Training (TVET) for youth's employment and national security in Nigeria. It examined briefly the concepts of technical vocational education and training (TVET), youths, unemployment and national security as well as the effects of unemployment on national security in Nigeria.…

Evaluating User Experiences of the Secure Messaging Tool on the Veterans Affairs’ Patient Portal System

PubMed Central

Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-01-01

Background The United States Department of Veterans Affairs has implemented an electronic asynchronous “Secure Messaging” tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients’ experiences and preferences for using Secure Messaging. Objective The objectives of this mixed-methods study were to (1) characterize veterans’ experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans’ use of Secure Messaging. Methods We recruited 33 veterans who had access to and had previously used the portal’s Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants’ computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. Results The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Conclusions Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users’ experiences in a representative sample to validate qualitative findings. PMID:24610454

Evaluating user experiences of the secure messaging tool on the Veterans Affairs' patient portal system.

PubMed

Haun, Jolie N; Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-03-06

The United States Department of Veterans Affairs has implemented an electronic asynchronous "Secure Messaging" tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients' experiences and preferences for using Secure Messaging. The objectives of this mixed-methods study were to (1) characterize veterans' experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans' use of Secure Messaging. We recruited 33 veterans who had access to and had previously used the portal's Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants' computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users' experiences in a representative sample to validate qualitative findings.

Administrator, National Security Education Program

DTIC Science & Technology

1993-01-19

1. Administer, direct, and manage the resources for the lit program. 2. Establish and direct an international education center, as approved by the...approve the hiring of, and evaluate the performance of personnel who staff the international education center. 4. Ensure appropriate internal management...Administrator, National Security Education Program * References: (a) DoD Directive 1025.2 , "National Security * Education Program," January 13, 1993

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

ERIC Educational Resources Information Center

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of Standards and Technology, Computer Security Division, Information Technology Laboratory, National... standards are available from the National Institute of Standards and Technology, Computer Security Division... 140-2, Security Requirements for Cryptographic Modules, May 25, 2001, as amended by Change Notices 2...

The Elements of a Network to Educate for World Security.

ERIC Educational Resources Information Center

Network to Educate for World Security, New York, NY.

This publication examines efforts to educate for peace and disarmament. A proposal by the Network to Educate for World Security for the establishment of a United Nations sponsored disarmament fund devoted to worldwide peace and security education is presented in Section One. Section Two contains papers that suggest how the traditional way to…

Interactive Synthesis of Code Level Security Rules

DTIC Science & Technology

2017-04-01

Interactive Synthesis of Code-Level Security Rules A Thesis Presented by Leo St. Amour to The Department of Computer Science in partial fulfillment...of the requirements for the degree of Master of Science in Computer Science Northeastern University Boston, Massachusetts April 2017 DISTRIBUTION...Abstract of the Thesis Interactive Synthesis of Code-Level Security Rules by Leo St. Amour Master of Science in Computer Science Northeastern University

Secure distributed genome analysis for GWAS and sequence comparison computation.

PubMed

Zhang, Yihua; Blanton, Marina; Almashaqbeh, Ghada

2015-01-01

The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice.

Secure distributed genome analysis for GWAS and sequence comparison computation

PubMed Central

2015-01-01

Background The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. Methods In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. Results We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. Conclusions This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice. PMID:26733307

Education and human survival: The relevance of the global security framework to international education

NASA Astrophysics Data System (ADS)

Williams, Christopher

2000-07-01

The nature of international education as a field of studies has been affected by global changes over the past decade. At the same time, the concept of global security has emerged, bringing together studies related to development, the environment and the understanding of violence. Although much of the education literature reflects the global security approach, it is not a field that has been subjected to much analysis as a whole. This paper provides an assessment of international education as a discipline, and outlines the global security framework. It examines how this framework is reflected in the forms of analysis used by international educationists. Finally it suggests how the central purpose of global security, namely ensuring human survival, could be adopted within international education to provide a clear sense of direction. This has specific implications for such areas as curriculum, assessment, educational provision and planning.

Non-developmental item computer systems and the malicious software threat

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

Securing the Data Storage and Processing in Cloud Computing Environment

ERIC Educational Resources Information Center

Owens, Rodney

2013-01-01

Organizations increasingly utilize cloud computing architectures to reduce costs and energy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth…

Computer Virus Bibliography, 1988-1989.

ERIC Educational Resources Information Center

Bologna, Jack, Comp.

This bibliography lists 14 books, 154 journal articles, 34 newspaper articles, and 3 research papers published during 1988-1989 on the subject of computer viruses, software protection and 'cures', virus hackers, and other related issues. Some of the sources listed include Computers and Security, Computer Security Digest, PC Week, Time, the New…

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

Design Principles and Guidelines for Security

DTIC Science & Technology

2007-11-21

Padula , Secure Computer Systems: Unified Exposition and Multics Interpretation. Electronic Systems Division, USAF. ESD-TR-75-306, MTR-2997 Rev.1...Hanscom AFB, MA. March 1976 [7] David Elliott Bell. “Looking Back at the Bell-La Padula Model,” Proc. Annual Computer Security Applications Conference

20 CFR 225.15 - Overall Minimum PIA.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security Act based on combined railroad and social security earnings. The Overall Minimum PIA is used in computing the social security overall minimum guaranty amount. The overall minimum guaranty rate annuity... INSURANCE AMOUNT DETERMINATIONS PIA's Used in Computing Employee, Spouse and Divorced Spouse Annuities § 225...

National Computer Security Conference Proceedings (11th): A Postscript: Computer Security--Into the Future, 17-20 October 1988

DTIC Science & Technology

1988-10-20

The LOCK project , from its very beginnings as an implementation study for the Provably Secure Operating System in 1979...to the security field, can study to gain insight into the evaluation process. The project has developed an innovative format for the DTLS and FTLS...management tern becomes available, the Al Secure DBMS will be system (DBMS) that is currently being developed un- ported to it . der the Advanced

Report: EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0847, September 21, 2012.Our review of the security posture and in-place environmental controls of EPA’s Radiation and Indoor Environments National Laboratory computer room disclosed an array of security and environmental control deficiencies.

Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and securitymore » vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.« less

Education, Underdevelopment, Unnecessary War and Human Security in Kosovo/Kosova

ERIC Educational Resources Information Center

Nelles, W.

2005-01-01

This paper examines educational linkages to persistent conflicts and contemporary security challenges in Kosovo. It reviews some historic foundations, debates and socioeconomic contexts concerning education as a security issue. It argues that poverty and underdevelopment coupled with failed diplomacy (particularly surrounding a 1996 ''Education…

Blind Quantum Signature with Blind Quantum Computation

NASA Astrophysics Data System (ADS)

Li, Wei; Shi, Ronghua; Guo, Ying

2017-04-01

Blind quantum computation allows a client without quantum abilities to interact with a quantum server to perform a unconditional secure computing protocol, while protecting client's privacy. Motivated by confidentiality of blind quantum computation, a blind quantum signature scheme is designed with laconic structure. Different from the traditional signature schemes, the signing and verifying operations are performed through measurement-based quantum computation. Inputs of blind quantum computation are securely controlled with multi-qubit entangled states. The unique signature of the transmitted message is generated by the signer without leaking information in imperfect channels. Whereas, the receiver can verify the validity of the signature using the quantum matching algorithm. The security is guaranteed by entanglement of quantum system for blind quantum computation. It provides a potential practical application for e-commerce in the cloud computing and first-generation quantum computation.

Computers Launch Faster, Better Job Matching

ERIC Educational Resources Information Center

Stevenson, Gloria

1976-01-01

Employment Security Automation Project (ESAP), a five-year program sponsored by the Employment and Training Administration, features an innovative computer-assisted job matching system and instantaneous computer-assisted service for unemployment insurance claimants. ESAP will also consolidate existing automated employment security systems to…

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption

PubMed Central

2015-01-01

Background The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. Methods We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. Results The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Conclusions Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics. PMID:26733391

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption.

PubMed

Zhang, Yuchen; Dai, Wenrui; Jiang, Xiaoqian; Xiong, Hongkai; Wang, Shuang

2015-01-01

The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics.

Portable appliance security apparatus

NASA Technical Reports Server (NTRS)

Kerley, J. J. (Inventor)

1981-01-01

An apparatus for securing a small computer, or other portable appliance, against theft is described. It is comprised of a case having an open back through which the computer is installed or removed. Guide members in the form of slots are formed in a rear portion of opposite walls of the case for receiving a back plate to cover the opening and thereby secure the computer within the case. An opening formed in the top wall of the case exposes the keyboard and display of the computer. The back plate is locked in the closed position by a key-operated plug type lock. The lock is attached to one end of a hold down cable, the opposite end thereof being secured to a desk top or other stationary object. Thus, the lock simultaneously secures the back plate to the case and retains the case to the stationary object.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

76 FR 5973 - Privacy Act of 1974; Notice; Publication of the Systems of Records Managed by the Commodity...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-02

...: Paper records are stored in file folders, binders, computer files (eLaw) and computer disks. Electronic records, including computer files, are stored on the Commission's network and other electronic media as... physical security measures. Technical security measures within CFTC include restrictions on computer access...

75 FR 53005 - Privacy Act of 1974, as amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-30

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as amended; Notice of Computer Matching Program...

78 FR 34678 - Privacy Act of 1974, as Amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer Matching Program...

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

One Health in food safety and security education: Subject matter outline for a curricular framework.

PubMed

Angelos, John A; Arens, Amanda L; Johnson, Heather A; Cadriel, Jessica L; Osburn, Bennie I

2017-06-01

Educating students in the range of subjects encompassing food safety and security as approached from a One Health perspective requires consideration of a variety of different disciplines and the interrelationships among disciplines. The Western Institute for Food Safety and Security developed a subject matter outline to accompany a previously published One Health in food safety and security curricular framework. The subject matter covered in this outline encompasses a variety of topics and disciplines related to food safety and security including effects of food production on the environment. This subject matter outline should help guide curriculum development and education in One Health in food safety and security and provides useful information for educators, researchers, students, and public policy-makers facing the inherent challenges of maintaining and/or developing safe and secure food supplies without destroying Earth's natural resources.

New security infrastructure model for distributed computing systems

NASA Astrophysics Data System (ADS)

Dubenskaya, J.; Kryukov, A.; Demichev, A.; Prikhodko, N.

2016-02-01

At the paper we propose a new approach to setting up a user-friendly and yet secure authentication and authorization procedure in a distributed computing system. The security concept of the most heterogeneous distributed computing systems is based on the public key infrastructure along with proxy certificates which are used for rights delegation. In practice a contradiction between the limited lifetime of the proxy certificates and the unpredictable time of the request processing is a big issue for the end users of the system. We propose to use unlimited in time hashes which are individual for each request instead of proxy certificate. Our approach allows to avoid using of the proxy certificates. Thus the security infrastructure of distributed computing system becomes easier for development, support and use.

Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines

ERIC Educational Resources Information Center

Waguespack, Leslie J.

2014-01-01

With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…

76 FR 30150 - Establishment of a New System of Records for Personal Information Collected by the Environmental...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... the entire information system with respect to computer security, prohibition and detection of any.... Safeguards: --Computer-stored information is protected in accordance with the Agency's security requirements..., loaner car agreement, cash incentives agreement (includes social security number for mandatory tax...

Security Locks

ERIC Educational Resources Information Center

Hart, Kevin

2010-01-01

According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Birds of a Feather: Supporting Secure Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Braswell III, H V

2006-04-24

Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management,more » PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.« less

Secure public cloud platform for medical images sharing.

PubMed

Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

2015-01-01

Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

Introduction to Numerical Methods

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schoonover, Joseph A.

2016-06-14

These are slides for a lecture for the Parallel Computing Summer Research Internship at the National Security Education Center. This gives an introduction to numerical methods. Repetitive algorithms are used to obtain approximate solutions to mathematical problems, using sorting, searching, root finding, optimization, interpolation, extrapolation, least squares regresion, Eigenvalue problems, ordinary differential equations, and partial differential equations. Many equations are shown. Discretizations allow us to approximate solutions to mathematical models of physical systems using a repetitive algorithm and introduce errors that can lead to numerical instabilities if we are not careful.

Computer simulation of functioning of elements of security systems

NASA Astrophysics Data System (ADS)

Godovykh, A. V.; Stepanov, B. P.; Sheveleva, A. A.

2017-01-01

The article is devoted to issues of development of the informational complex for simulation of functioning of the security system elements. The complex is described from the point of view of main objectives, a design concept and an interrelation of main elements. The proposed conception of the computer simulation provides an opportunity to simulate processes of security system work for training security staff during normal and emergency operation.

Grid and Cloud for Developing Countries

NASA Astrophysics Data System (ADS)

Petitdidier, Monique

2014-05-01

The European Grid e-infrastructure has shown the capacity to connect geographically distributed heterogeneous compute resources in a secure way taking advantages of a robust and fast REN (Research and Education Network). In many countries like in Africa the first step has been to implement a REN and regional organizations like Ubuntunet, WACREN or ASREN to coordinate the development, improvement of the network and its interconnection. The Internet connections are still exploding in those countries. The second step has been to fill up compute needs of the scientists. Even if many of them have their own multi-core or not laptops for more and more applications it is not enough because they have to face intensive computing due to the large amount of data to be processed and/or complex codes. So far one solution has been to go abroad in Europe or in America to run large applications or not to participate to international communities. The Grid is very attractive to connect geographically-distributed heterogeneous resources, aggregate new ones and create new sites on the REN with a secure access. All the users have the same servicers even if they have no resources in their institute. With faster and more robust internet they will be able to take advantage of the European Grid. There are different initiatives to provide resources and training like UNESCO/HP Brain Gain initiative, EUMEDGrid, ..Nowadays Cloud becomes very attractive and they start to be developed in some countries. In this talk challenges for those countries to implement such e-infrastructures, to develop in parallel scientific and technical research and education in the new technologies will be presented illustrated by examples.

A secure file manager for UNIX

DOE Office of Scientific and Technical Information (OSTI.GOV)

DeVries, R.G.

1990-12-31

The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure filemore » manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.« less

A Dedicated Computational Platform for Cellular Monte Carlo T-CAD Software Tools

DTIC Science & Technology

2015-07-14

computer that establishes an encrypted Virtual Private Network ( OpenVPN [44]) based on the Secure Socket Layer (SSL) paradigm. Each user is given a...security certificate for each device used to connect to the computing nodes. Stable OpenVPN clients are available for Linux, Microsoft Windows, Apple OSX...platform is granted by an encrypted connection base on the Secure Socket Layer (SSL) protocol, and implemented in the OpenVPN Virtual Personal Network

Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication

DTIC Science & Technology

2017-05-22

Proceedings of the International Conference on Security and Management (SAM 󈧇) In Proceedings of the 2014 ACM SIGSAC Conference on Computer and...Communications Security (CCS ’14) In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’10) In Proceedings of the 3rd Symposium...on Usable Privacy and Security (SOUPS ’07) In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’12) In Proceedings of

The hack attack - Increasing computer system awareness of vulnerability threats

NASA Technical Reports Server (NTRS)

Quann, John; Belford, Peter

1987-01-01

The paper discusses the issue of electronic vulnerability of computer based systems supporting NASA Goddard Space Flight Center (GSFC) by unauthorized users. To test the security of the system and increase security awareness, NYMA, Inc. employed computer 'hackers' to attempt to infiltrate the system(s) under controlled conditions. Penetration procedures, methods, and descriptions are detailed in the paper. The procedure increased the security consciousness of GSFC management to the electronic vulnerability of the system(s).

76 FR 52353 - Assumption Buster Workshop: “Current Implementations of Cloud Computing Indicate a New Approach...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-22

... explored in this series is cloud computing. The workshop on this topic will be held in Gaithersburg, MD on October 21, 2011. Assertion: ``Current implementations of cloud computing indicate a new approach to security'' Implementations of cloud computing have provided new ways of thinking about how to secure data...

76 FR 43278 - Privacy Act; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-20

... computer (PC). The Security Management Officer's office remains locked when not in use. RETENTION AND... records to include names, addresses, social security numbers, service computation dates, leave usage data... that resides on a desktop computer. RETRIEVABILITY: Records maintained in file folders are indexed and...

78 FR 15730 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... 1974; Computer Matching Program AGENCY: U.S. Citizenship and Immigration Services, Department of... Matching Program between the Department of Homeland Security, U.S. Citizenship and Immigration Services and... computer matching program between the Department of Homeland Security, U.S. Citizenship and Immigration...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2012 CFR

2012-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2010 CFR

2010-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2013 CFR

2013-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2011 CFR

2011-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2014 CFR

2014-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0007] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

The Globalization of Higher Education as a Societal and Cultural Security Problem

ERIC Educational Resources Information Center

Samier, Eugenie A.

2015-01-01

In this article, I propose a theory of the globalization of higher education as societal and cultural security problems for many regions of the world. The first section examines the field of security studies for theoretical frameworks appropriate to critiquing globalized higher education, including critical human, societal and cultural security…

The Impact of Regional Higher Education Spaces on the Security of International Students

ERIC Educational Resources Information Center

Forbes-Mewett, Helen

2016-01-01

The security of international students in regional higher education spaces in Australia has been overlooked. Contingency theory provides the framework for this case study to explore the organisational structure and support services relevant to a regional higher education space and how this impacts the security of international students. In-depth…

The Role Of Moral Awareness In Computer Security

NASA Astrophysics Data System (ADS)

Stawinski, Arthur

1984-08-01

Maintaining security of databases and other computer systems requires constraining the behavior of those persons who are able to access these systems so that they do not obtain, alter, or abuse the information contained in these systems. Three types of constraints are available: Physical contraints are obstructions designed to prevent (or at least make difficult) access to data by unauthorized persons; external constraints restrict behavior through threat of detection and punishment; internal constraints are self-imposed limitations on behavior which are derived from a person's moral standards. This paper argues that an effective computer security program will require attention to internal constraints as well as physical and external ones. Recent developments in moral philosophy and the psychology of moral development have given us new understanding of how individuals grow in moral awareness and how this growth can be encouraged. These insights are the foundation for some practical proposals for encouraging morally responsible behavior by computer professionals and others with access to confidential data. The aim of this paper is to encourage computer security professionals to discuss, refine and incorporate systems of internal constraints in developing methods of maintaining security.

Exploring the Educational Needs of the Homeland Security Community

ERIC Educational Resources Information Center

France, Paul

2012-01-01

This study involved an evaluation of the subjective perspectives held by a panel of 16 homeland security subject matter experts to determine what the needs of the homeland security professional community are for educational programs. The researcher examined the knowledge, skills, and abilities deemed important in homeland security to determine…

Security, Extremism and Education: Safeguarding or Surveillance?

ERIC Educational Resources Information Center

Davies, Lynn

2016-01-01

This article analyses how education is positioned in the current concerns about security and extremism. This means firstly examining the different meanings of security (national, human and societal) and who provides security for whom. Initially, a central dilemma is acknowledged: that schooling appears to be simultaneously irrelevant to the huge…

Department of Defense High Performance Computing Modernization Program. 2008 Annual Report

DTIC Science & Technology

2009-04-01

place to another on the network. Without it, a computer could only talk to itself - no email, no web browsing, and no iTunes . Most of the Internet...Your SecurID Card ), Ken Renard Secure Wireless, Rob Scott and Stephen Bowman Securing Today’s Networks, Rich Whittney, Juniper Networks, Federal

Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

ERIC Educational Resources Information Center

Telecommunications Policy Research Conference, Inc., Washington, DC.

In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

ERIC Educational Resources Information Center

Foltz, C. Bryan; Renwick, Janet S.

2011-01-01

The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Tools for Administration of a UNIX-Based Network

NASA Technical Reports Server (NTRS)

LeClaire, Stephen; Farrar, Edward

2004-01-01

Several computer programs have been developed to enable efficient administration of a large, heterogeneous, UNIX-based computing and communication network that includes a variety of computers connected to a variety of subnetworks. One program provides secure software tools for administrators to create, modify, lock, and delete accounts of specific users. This program also provides tools for users to change their UNIX passwords and log-in shells. These tools check for errors. Another program comprises a client and a server component that, together, provide a secure mechanism to create, modify, and query quota levels on a network file system (NFS) mounted by use of the VERITAS File SystemJ software. The client software resides on an internal secure computer with a secure Web interface; one can gain access to the client software from any authorized computer capable of running web-browser software. The server software resides on a UNIX computer configured with the VERITAS software system. Directories where VERITAS quotas are applied are NFS-mounted. Another program is a Web-based, client/server Internet Protocol (IP) address tool that facilitates maintenance lookup of information about IP addresses for a network of computers.

A New Approach to Understanding Information Assurance

NASA Astrophysics Data System (ADS)

Blyth, Andrew; Williams, Colin; Bryant, Ian; Mattinson, Harvey

The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include Non-Repudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modern use of computing has generated. Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

NASA Nice Climate Change Education

NASA Astrophysics Data System (ADS)

Frink, K.; Crocker, S.; Jones, W., III; Marshall, S. S.; Anuradha, D.; Stewart-Gurley, K.; Howard, E. M.; Hill, E.; Merriweather, E.

2013-12-01

Authors: 1 Kaiem Frink, 4 Sherry Crocker, 5 Willie Jones, III, 7 Sophia S.L. Marshall, 6 Anuadha Dujari 3 Ervin Howard 1 Kalota Stewart-Gurley 8 Edwinta Merriweathe Affiliation: 1. Mathematics & Computer Science, Virginia Union University, Richmond, VA, United States. 2. Mathematics & Computer Science, Elizabeth City State Univ, Elizabeth City, NC, United States. 3. Education, Elizabeth City State University, Elizabeth City, NC, United States. 4. College of Education, Fort Valley State University , Fort Valley, GA, United States. 5. Education, Tougaloo College, Jackson, MS, United States. 6. Mathematics, Delaware State University, Dover, DE, United States. 7. Education, Jackson State University, Jackson, MS, United States. 8. Education, Alabama Agricultural and Mechanical University, Huntsville, AL, United States. ABSTRACT: In this research initiative, the 2013-2014 NASA NICE workshop participants will present best educational practices for incorporating climate change pedagogy. The presentation will identify strategies to enhance instruction of pre-service teachers to aligned with K-12 Science, Technology, Engineering and Mathematics (STEM) standards. The presentation of best practices should serve as a direct indicator to address pedagogical needs to include climate education within a K-12 curriculum Some of the strategies will include inquiry, direct instructions, and cooperative learning . At this particular workshop, we have learned about global climate change in regards to how this is going to impact our life. Participants have been charged to increase the scientific understanding of pre-service teachers education programs nationally to incorporate climate education lessons. These recommended practices will provide feasible instructional strategies that can be easily implemented and used to clarify possible misconceptions and ambiguities in scientific knowledge. Additionally, the presentation will promote an awareness to the many facets in which climate change education can be beneficial to future learners and general public. The main scope is to increase the amount of STEM knowledge throughout the nations scientific literacy as we are using the platform of climate change. Federal entities which may include but not limited to National Security Agency and the Department of Homeland Security and Management will serve as resources partners for this common goal of having a more knowledgeable technological savvy and scientific literate society. The presentation will show that incorporating these best practices into elementary and early childhood education undergraduate programs will assist with increasing a enhance scientific literate society. As a measurable outcome have a positive impact on instructional effectiveness of future teachers. Their successfully preparing students in meeting the standards of the Common Core Initiative will attempt to measure across the curriculum uniformly.

Analysis of health professional security behaviors in a real clinical setting: an empirical study.

PubMed

Fernández-Alemán, José Luis; Sánchez-Henarejos, Ana; Toval, Ambrosio; Sánchez-García, Ana Belén; Hernández-Hernández, Isabel; Fernandez-Luque, Luis

2015-06-01

The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=0.085, P=0.254). Age was weakly correlated with good security practices (Pearson's r=-0.169, P=0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (U=2536, P=0.792, n=178). The results of the study suggest that more efforts are required to improve security education for health personnel. It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Theoretical Interpretation of the Fluorescence Spectra of Toluene and P- Cresol

DTIC Science & Technology

1994-07-01

NUMBER OF PAGES Toluene Geometrica 25 p-Cresol Fluorescence Is. PRICE CODE Spectra 17. SECURITY CLASSIFICATION 13. SECURITY CLASSIFICATION 19...State Frequencies of Toluene ................ 19 6 Computed and exp" Ground State Frequencies of p-Cresol ............... 20 7 Correction Factors for...Computed Ground State Vibrational Frequencies ....... 21 8 Computed and Corrected Excited State Frequencies of Toluene ............. 22 9 Computed and

An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

ERIC Educational Resources Information Center

Bergart, Jeffrey G.; And Others

This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

Rotting from Within: American Education and National Security

DTIC Science & Technology

2011-03-04

Service, Training, Obesity, Health, Physical Fitness, Economic, Security, Training Education, High School, Pre-School, Teachers, Leaders, Military...Accessions, Citizenship, Quality, Selfless Service, Training, Obesity, Health, Physical Fitness, Economic, Security, Training Education, High School...subject areas 4 such as the arts and physical fitness. This emphasis on core-courses was mostly adhered to by America‘s diverse school systems

Peace and Security Education in the Federal Republic of Germany. Three Essays.

ERIC Educational Resources Information Center

Lessing, Clemens; And Others

Three essays related to peace and security education in the Federal Republic of Germany (FRG) are presented. The first essay, "An Example of Controversial Themes in Education: Peace and Security," by Clemens Lessing, uses a 1980 controversial discussion of the Committee of the Cultural Ministry as an example of controversial themes in…

Department of Veterans Affairs' Implementation of Information Security Education Assistance Program. GAO-10-170R

ERIC Educational Resources Information Center

Wilshusen, Gregory C.; Melvin, Valerie C.

2009-01-01

The Veterans Benefits, Health Care, and Information Technology Act of 2006 authorizes the Secretary of Veterans Affairs to establish an educational assistance program for information security. The Information Security Education Assistance Program is envisioned as a means for the Department of Veterans Affairs (VA) to attract and retain individuals…

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

Education Secured? The School Performance of Adolescents in Secure Residential Youth Care

ERIC Educational Resources Information Center

Harder, Annemiek T.; Huyghen, Anne-Marie N.; Knot-Dickscheit, Jana; Kalverboer, Margrite E.; Köngeter, Stefan; Zeller, Maren; Knorth, Erik J.

2014-01-01

Background: Despite poor school performance by adolescents in secure residential care and the potential importance of education during care, little is known about how to achieve academic success with these adolescents. Objective: Therefore, the aim of the present study is to assess adolescents' academic achievement during secure residential…

17 CFR 171.4 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 171.4 Section 171.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... computing any period of time prescribed by these rules or allowed by the Commission, the day of the act...

17 CFR 12.5 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 12.5 Section 12.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... general. In computing any period of time prescribed by these rules or allowed by the Commission, the...

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

75 FR 68396 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

78 FR 16564 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0073] Privacy Act of 1974, as Amended...

78 FR 12127 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... 1310 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0007] Privacy Act of 1974, as Amended...

75 FR 51154 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... 1310 AGENCY: Social Security Administration (SSA) ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0035] Privacy Act of 1974, as Amended...

78 FR 69926 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0059] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

76 FR 21091 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0022] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2011 CFR

2011-07-01

... ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Security Education and Training § 2001.71 Coverage. (a) General. Each department or agency shall establish and maintain a formal security education and training program which provides for initial training, refresher training...

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Securing Secrets and Managing Trust in Modern Computing Applications

ERIC Educational Resources Information Center

Sayler, Andy

2016-01-01

The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control…

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

Security Meets Real-World Computing. Building Digital Libraries

ERIC Educational Resources Information Center

Huwe, Terence K.

2005-01-01

The author of this column describes several instances in which secure data on computers were compromised. In each of these instances, a different route was involved in gaining access to the secure data--one by office-based theft, one by hacking, and one by burglary. Is is proposed that the most difficult factor to guarantee in the protection of…

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

ERIC Educational Resources Information Center

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

Database Design Methodology and Database Management System for Computer-Aided Structural Design Optimization.

DTIC Science & Technology

1984-12-01

52242 Prepared for the AIR FORCE OFFICE OF SCIENTIFIC RESEARCH Under Grant No. AFOSR 82-0322 December 1984 ~ " ’w Unclassified SECURITY CLASSIFICATION4...OF THIS PAGE REPORT DOCUMENTATION PAGE is REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS Unclassified None 20 SECURITY CLASSIFICATION...designer .and computer- are 20 DIiRIBUTION/AVAILABI LIT Y 0P ABSTR4ACT 21 ABSTRACT SECURITY CLASSIFICA1ONr UNCLASSIFIED/UNLIMITED SAME AS APT OTIC USERS

Bridging the digital divide by increasing computer and cancer literacy: community technology centers for head-start parents and families.

PubMed

Salovey, Peter; Williams-Piehota, Pamela; Mowad, Linda; Moret, Marta Elisa; Edlund, Denielle; Andersen, Judith

2009-01-01

This article describes the establishment of two community technology centers affiliated with Head Start early childhood education programs focused especially on Latino and African American parents of children enrolled in Head Start. A 6-hour course concerned with computer and cancer literacy was presented to 120 parents and other community residents who earned a free, refurbished, Internet-ready computer after completing the program. Focus groups provided the basis for designing the structure and content of the course and modifying it during the project period. An outcomes-based assessment comparing program participants with 70 nonparticipants at baseline, immediately after the course ended, and 3 months later suggested that the program increased knowledge about computers and their use, knowledge about cancer and its prevention, and computer use including health information-seeking via the Internet. The creation of community computer technology centers requires the availability of secure space, capacity of a community partner to oversee project implementation, and resources of this partner to ensure sustainability beyond core funding.

The Digital Divide and Patient Portals: Internet Access Explained Differences in Patient Portal Use for Secure Messaging by Age, Race, and Income.

PubMed

Graetz, Ilana; Gordon, Nancy; Fung, Vick; Hamity, Courtnee; Reed, Mary E

2016-08-01

Online access to health records and the ability to exchange secure messages with physicians can improve patient engagement and outcomes; however, the digital divide could limit access to web-based portals among disadvantaged groups. To understand whether sociodemographic differences in patient portal use for secure messaging can be explained by differences in internet access and care preferences. Cross-sectional survey to examine the association between patient sociodemographic characteristics and internet access and care preferences; then, the association between sociodemographic characteristics and secure message use with and without adjusting for internet access and care preference. One thousand forty-one patients with chronic conditions in a large integrated health care delivery system (76% response rate). Internet access, portal use for secure messaging, preference for in-person or online care, and sociodemographic and health characteristics. Internet access and preference mediated some of the differences in secure message use by age, race, and income. For example, using own computer to access the internet explained 52% of the association between race and secure message use and 60% of the association between income and use (Sobel-Goodman mediation test, P<0.001 for both). Education and sex-related differences in portal use remained statistically significant when controlling for internet access and preference. As the availability and use of patient portals increase, it is important to understand which patients have limited access and the barriers they may face. Improving internet access and making portals available across multiple platforms, including mobile, may reduce some disparities in secure message use.

Joint the Center for Applied Scientific Computing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gamblin, Todd; Bremer, Timo; Van Essen, Brian

The Center for Applied Scientific Computing serves as Livermore Lab’s window to the broader computer science, computational physics, applied mathematics, and data science research communities. In collaboration with academic, industrial, and other government laboratory partners, we conduct world-class scientific research and development on problems critical to national security. CASC applies the power of high-performance computing and the efficiency of modern computational methods to the realms of stockpile stewardship, cyber and energy security, and knowledge discovery for intelligence applications.

A nested virtualization tool for information technology practical education.

PubMed

Pérez, Carlos; Orduña, Juan M; Soriano, Francisco R

2016-01-01

A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses. This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments. The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. Also, its portability allows to reproduce classroom activities, as well as the students' autonomous work.

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-04-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-01-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

How Data Mining Threatens Student Privacy. Joint Hearing before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, House of Representatives Serial No. 113-76 and the Subcommittee on Early Childhood, Elementary, and Secondary Education of the Committee on Education and the Workforce, House of Representatives Serial No. 113-61, House of Representatives, One Hundred Thirteenth Congress, Second Session (June 25, 2014)

ERIC Educational Resources Information Center

US House of Representatives, 2015

2015-01-01

This paper presents the first joint hearing of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security and the Subcommittee on Early Childhood, Elementary, and Secondary Education of the Committee on Education and the Workforce. The subcommittees met to examine data collection…

Protecting genomic data analytics in the cloud: state of the art and opportunities.

PubMed

Tang, Haixu; Jiang, Xiaoqian; Wang, Xiaofeng; Wang, Shuang; Sofia, Heidi; Fox, Dov; Lauter, Kristin; Malin, Bradley; Telenti, Amalio; Xiong, Li; Ohno-Machado, Lucila

2016-10-13

The outsourcing of genomic data into public cloud computing settings raises concerns over privacy and security. Significant advancements in secure computation methods have emerged over the past several years, but such techniques need to be rigorously evaluated for their ability to support the analysis of human genomic data in an efficient and cost-effective manner. With respect to public cloud environments, there are concerns about the inadvertent exposure of human genomic data to unauthorized users. In analyses involving multiple institutions, there is additional concern about data being used beyond agreed research scope and being prcoessed in untrused computational environments, which may not satisfy institutional policies. To systematically investigate these issues, the NIH-funded National Center for Biomedical Computing iDASH (integrating Data for Analysis, 'anonymization' and SHaring) hosted the second Critical Assessment of Data Privacy and Protection competition to assess the capacity of cryptographic technologies for protecting computation over human genomes in the cloud and promoting cross-institutional collaboration. Data scientists were challenged to design and engineer practical algorithms for secure outsourcing of genome computation tasks in working software, whereby analyses are performed only on encrypted data. They were also challenged to develop approaches to enable secure collaboration on data from genomic studies generated by multiple organizations (e.g., medical centers) to jointly compute aggregate statistics without sharing individual-level records. The results of the competition indicated that secure computation techniques can enable comparative analysis of human genomes, but greater efficiency (in terms of compute time and memory utilization) are needed before they are sufficiently practical for real world environments.

Secure Cloud Computing Implementation Study For Singapore Military Operations

DTIC Science & Technology

2016-09-01

COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS by Lai Guoquan September 2016 Thesis Advisor: John D. Fulp Co-Advisor...DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SECURE CLOUD COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS 5. FUNDING NUMBERS...addition, from the military perspective, the benefits of cloud computing were analyzed from a study of the U.S. Department of Defense. Then, using

How Attitude toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention

ERIC Educational Resources Information Center

Johnson, David P.

2017-01-01

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human…

A security mechanism based on evolutionary game in fog computing.

PubMed

Sun, Yan; Lin, Fuhong; Zhang, Nan

2018-02-01

Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

Information Security in the Age of Cloud Computing

ERIC Educational Resources Information Center

Sims, J. Eric

2012-01-01

Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

77 FR 33547 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare and Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare and Medicaid Services (CMS))--Match Number 1094 AGENCY: Social Security Administration (SSA). ACTION: Notice of a new computer matching program that will expire...

Business Administration and Computer Science Degrees: Earnings, Job Security, and Job Satisfaction

ERIC Educational Resources Information Center

Mehta, Kamlesh; Uhlig, Ronald

2017-01-01

This paper examines the potential of business administration vs. computer science degrees in terms of earnings, job security, and job satisfaction. The paper focuses on earnings potential five years and ten years after the completion of business administration and computer science degrees. Moreover, the paper presents the income changes with…

77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-11

... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...

20 CFR 225.24 - SS Earnings PIA used in survivor annuities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security Earnings PIA (SS Earnings PIA) used in survivor annuities may be used in computing the tier II... the Social Security Act as in effect on December 31, 1974. It is computed using the deceased employee... RETIREMENT ACT PRIMARY INSURANCE AMOUNT DETERMINATIONS PIA's Used in Computing Survivor Annuities and the...

Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria. Version 1.

DTIC Science & Technology

1987-07-01

for Secure Computer Systema, MTR-3153, The MITRE Corporation, Bedford, MA, June 1975. 1 See, for example, M. D. Abrams and H. J. Podell , Tutorial...References References Abrams, M. D. and H. J. Podell , Tutorial: Computer and Network Security, IEEE Com- puter Society Press, 1987. Addendum to the

17 CFR 10.5 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 10.5 Section 10.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE... computed is to be included unless it is a Saturday, a Sunday, or a legal holiday; in which event the period...

77 FR 49849 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-17

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer-matching... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0021] Privacy Act of 1974, as Amended...

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

hPIN/hTAN: Low-Cost e-Banking Secure against Untrusted Computers

NASA Astrophysics Data System (ADS)

Li, Shujun; Sadeghi, Ahmad-Reza; Schmitz, Roland

We propose hPIN/hTAN, a low-cost token-based e-banking protection scheme when the adversary has full control over the user's computer. Compared with existing hardware-based solutions, hPIN/hTAN depends on neither second trusted channel, nor secure keypad, nor computationally expensive encryption module.

77 FR 38880 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-29

... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0002] Privacy Act of 1974, as Amended...

77 FR 27108 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-08

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching... protections for such persons. The Privacy Act, as amended, regulates the use of computer matching by Federal... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0010] Privacy Act of 1974, as Amended...

78 FR 37647 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0010] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing computer matching program that will expire on...

78 FR 51264 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-20

... 1016 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0022] Privacy Act of 1974, as Amended...

77 FR 24756 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0084] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988...

77 FR 6620 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/the States); Match 6000 and 6003

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-08

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0102] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ the States); Match 6000 and 6003 AGENCY: Social Security Administration..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

75 FR 18251 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0066] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match 1305 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

76 FR 12398 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0034] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1304 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

77 FR 24757 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0083] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1015 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 62623 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match Number 1016 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 59780 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-28

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0040] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security...: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L.) 100-503), amended the...

Research and realization implementation of monitor technology on illegal external link of classified computer

NASA Astrophysics Data System (ADS)

Zhang, Hong

2017-06-01

In recent years, with the continuous development and application of network technology, network security has gradually entered people's field of vision. The host computer network external network of violations is an important reason for the threat of network security. At present, most of the work units have a certain degree of attention to network security, has taken a lot of means and methods to prevent network security problems such as the physical isolation of the internal network, install the firewall at the exit. However, these measures and methods to improve network security are often not comply with the safety rules of human behavior damage. For example, the host to wireless Internet access and dual-network card to access the Internet, inadvertently formed a two-way network of external networks and computer connections [1]. As a result, it is possible to cause some important documents and confidentiality leak even in the the circumstances of user unaware completely. Secrecy Computer Violation Out-of-band monitoring technology can largely prevent the violation by monitoring the behavior of the offending connection. In this paper, we mainly research and discuss the technology of secret computer monitoring.

The method of a joint intraday security check system based on cloud computing

NASA Astrophysics Data System (ADS)

Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

2017-01-01

The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

PubMed

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

A System Architecture to Support a Verifiably Secure Multilevel Security System.

DTIC Science & Technology

1980-06-01

4] Newmann, P.G., R. Fabry, K. Levitt, L. Robin - provide a tradeoff between cost and system secur- son, J. Wensley , "On the Design of a Provably ity...ICS-80/05 NL 112. 11W1 --1.25 1111 6 Mli,’O~ll Rl OIIION W AII .q3 0 School of Information and Computer Science S =GEORGIA INSTITUTE OF TECHNOLOGY 808...Multilevel Security Systemt (Extended Abstract) George I. Davida Department of Electical Engineering and Computer Science University of Wisconsin

Recommended Methodology for Inter-Service/Agency Automated Message Processing Exchange (I-S/A AMPE). Cost and Schedule Analysis of Security Alternatives.

DTIC Science & Technology

1982-02-23

segregate the computer and storage from the outside world 2. Administrative security to control access to secure computer facilities 3. Network security to...Classification Alternative A- 8 NETWORK KG GENSER DSSCS AMPE TERMINALS TP No. 022-4668-A Figure A-2. Dedicated Switching Architecture Alternative A- 9...communications protocol with the network and GENSER message transmission to the - I-S/A AMPE processor. 7. DSSCS TPU - Handles communications protocol with

75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-01

... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...

Complete Insecurity of Quantum Protocols for Classical Two-Party Computation

NASA Astrophysics Data System (ADS)

Buhrman, Harry; Christandl, Matthias; Schaffner, Christian

2012-10-01

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other’s input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.

Complete insecurity of quantum protocols for classical two-party computation.

PubMed

Buhrman, Harry; Christandl, Matthias; Schaffner, Christian

2012-10-19

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other's input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.

Desktop Security ... Now More than Ever

ERIC Educational Resources Information Center

Huber, Joe

2005-01-01

Desktop security is the foundation of your overall security plan in K-12 education. National Educational Technology Standards (NETS) mainly states that students at all grade levels should know to make changes in the default settings for the operating system and its applications.

75 FR 25844 - Federal Advisory Committee; National Security Education Board Members Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-10

... Education Program; 1101 Wilson Blvd., Suite 1210; Rosslyn, VA 22219. FOR FURTHER INFORMATION CONTACT: Dr. Kevin Gormley, Program Officer, National Security Education Program, 1101 Wilson Boulevard, Suite 1210...

Genomics and privacy: implications of the new reality of closed data for the field.

PubMed

Greenbaum, Dov; Sboner, Andrea; Mu, Xinmeng Jasmine; Gerstein, Mark

2011-12-01

Open source and open data have been driving forces in bioinformatics in the past. However, privacy concerns may soon change the landscape, limiting future access to important data sets, including personal genomics data. Here we survey this situation in some detail, describing, in particular, how the large scale of the data from personal genomic sequencing makes it especially hard to share data, exacerbating the privacy problem. We also go over various aspects of genomic privacy: first, there is basic identifiability of subjects having their genome sequenced. However, even for individuals who have consented to be identified, there is the prospect of very detailed future characterization of their genotype, which, unanticipated at the time of their consent, may be more personal and invasive than the release of their medical records. We go over various computational strategies for dealing with the issue of genomic privacy. One can "slice" and reformat datasets to allow them to be partially shared while securing the most private variants. This is particularly applicable to functional genomics information, which can be largely processed without variant information. For handling the most private data there are a number of legal and technological approaches-for example, modifying the informed consent procedure to acknowledge that privacy cannot be guaranteed, and/or employing a secure cloud computing environment. Cloud computing in particular may allow access to the data in a more controlled fashion than the current practice of downloading and computing on large datasets. Furthermore, it may be particularly advantageous for small labs, given that the burden of many privacy issues falls disproportionately on them in comparison to large corporations and genome centers. Finally, we discuss how education of future genetics researchers will be important, with curriculums emphasizing privacy and data security. However, teaching personal genomics with identifiable subjects in the university setting will, in turn, create additional privacy issues and social conundrums. © 2011 Greenbaum et al.

Valuable use of computer-aided surgery in congenital bony aural atresia.

PubMed

Caversaccio, Marco; Romualdez, Joel; Baechler, Richard; Nolte, Lutz-Peter; Kompis, Martin; Häusler, Rudolf

2003-04-01

Congenital aural atresia repair is difficult owing to unpredictable anatomy. Benefits may be gained from computer-aided surgery (CAS), but its exact role has yet to be clearly defined. This is a retrospective study of 18 patients with bony type C (Schuknecht classification) congenital atresia. In the first group (n = 9), repair was performed with CAS while in the second group (n = 9), similar intervention was applied without CAS. Intra- and post-operative clinical and audiological findings were compared. CAS computed tomography (CT) images correlated well with intra-operative findings giving the surgeon more security and reducing operative time by 25 minutes. In our estimation, CAS is valuable for type C congenital aural atresia repair. It serves as an educational tool and as a guide for the experienced surgeon in critical situations where anatomical landmarks are distorted and where access is limited.

A pedagogical example of second-order arithmetic sequences applied to the construction of computer passwords by upper elementary grade students

NASA Astrophysics Data System (ADS)

Coggins, Porter E.

2015-04-01

The purpose of this paper is (1) to present how general education elementary school age students constructed computer passwords using digital root sums and second-order arithmetic sequences, (2) argue that computer password construction can be used as an engaging introduction to generate interest in elementary school students to study mathematics related to computer science, and (3) share additional mathematical ideas accessible to elementary school students that can be used to create computer passwords. This paper serves to fill a current gap in the literature regarding the integration of mathematical content accessible to upper elementary school students and aspects of computer science in general, and computer password construction in particular. In addition, the protocols presented here can serve as a hook to generate further interest in mathematics and computer science. Students learned to create a random-looking computer password by using biometric measurements of their shoe size, height, and age in months and to create a second-order arithmetic sequence, then converted the resulting numbers into characters that become their computer passwords. This password protocol can be used to introduce students to good computer password habits that can serve a foundation for a life-long awareness of data security. A refinement of the password protocol is also presented.

Hybrid cloud: bridging of private and public cloud computing

NASA Astrophysics Data System (ADS)

Aryotejo, Guruh; Kristiyanto, Daniel Y.; Mufadhol

2018-05-01

Cloud Computing is quickly emerging as a promising paradigm in the recent years especially for the business sector. In addition, through cloud service providers, cloud computing is widely used by Information Technology (IT) based startup company to grow their business. However, the level of most businesses awareness on data security issues is low, since some Cloud Service Provider (CSP) could decrypt their data. Hybrid Cloud Deployment Model (HCDM) has characteristic as open source, which is one of secure cloud computing model, thus HCDM may solve data security issues. The objective of this study is to design, deploy and evaluate a HCDM as Infrastructure as a Service (IaaS). In the implementation process, Metal as a Service (MAAS) engine was used as a base to build an actual server and node. Followed by installing the vsftpd application, which serves as FTP server. In comparison with HCDM, public cloud was adopted through public cloud interface. As a result, the design and deployment of HCDM was conducted successfully, instead of having good security, HCDM able to transfer data faster than public cloud significantly. To the best of our knowledge, Hybrid Cloud Deployment model is one of secure cloud computing model due to its characteristic as open source. Furthermore, this study will serve as a base for future studies about Hybrid Cloud Deployment model which may relevant for solving big security issues of IT-based startup companies especially in Indonesia.

Multi-Party Privacy-Preserving Set Intersection with Quasi-Linear Complexity

NASA Astrophysics Data System (ADS)

Cheon, Jung Hee; Jarecki, Stanislaw; Seo, Jae Hong

Secure computation of the set intersection functionality allows n parties to find the intersection between their datasets without revealing anything else about them. An efficient protocol for such a task could have multiple potential applications in commerce, health care, and security. However, all currently known secure set intersection protocols for n>2 parties have computational costs that are quadratic in the (maximum) number of entries in the dataset contributed by each party, making secure computation of the set intersection only practical for small datasets. In this paper, we describe the first multi-party protocol for securely computing the set intersection functionality with both the communication and the computation costs that are quasi-linear in the size of the datasets. For a fixed security parameter, our protocols require O(n2k) bits of communication and Õ(n2k) group multiplications per player in the malicious adversary setting, where k is the size of each dataset. Our protocol follows the basic idea of the protocol proposed by Kissner and Song, but we gain efficiency by using different representations of the polynomials associated with users' datasets and careful employment of algorithms that interpolate or evaluate polynomials on multiple points more efficiently. Moreover, the proposed protocol is robust. This means that the protocol outputs the desired result even if some corrupted players leave during the execution of the protocol.

State of the Art of Network Security Perspectives in Cloud Computing

NASA Astrophysics Data System (ADS)

Oh, Tae Hwan; Lim, Shinyoung; Choi, Young B.; Park, Kwang-Roh; Lee, Heejo; Choi, Hyunsang

Cloud computing is now regarded as one of social phenomenon that satisfy customers' needs. It is possible that the customers' needs and the primary principle of economy - gain maximum benefits from minimum investment - reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user's environment based on the customer's needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments.

Bigdata Driven Cloud Security: A Survey

NASA Astrophysics Data System (ADS)

Raja, K.; Hanifa, Sabibullah Mohamed

2017-08-01

Cloud Computing (CC) is a fast-growing technology to perform massive-scale and complex computing. It eliminates the need to maintain expensive computing hardware, dedicated space, and software. Recently, it has been observed that massive growth in the scale of data or big data generated through cloud computing. CC consists of a front-end, includes the users’ computers and software required to access the cloud network, and back-end consists of various computers, servers and database systems that create the cloud. In SaaS (Software as-a-Service - end users to utilize outsourced software), PaaS (Platform as-a-Service-platform is provided) and IaaS (Infrastructure as-a-Service-physical environment is outsourced), and DaaS (Database as-a-Service-data can be housed within a cloud), where leading / traditional cloud ecosystem delivers the cloud services become a powerful and popular architecture. Many challenges and issues are in security or threats, most vital barrier for cloud computing environment. The main barrier to the adoption of CC in health care relates to Data security. When placing and transmitting data using public networks, cyber attacks in any form are anticipated in CC. Hence, cloud service users need to understand the risk of data breaches and adoption of service delivery model during deployment. This survey deeply covers the CC security issues (covering Data Security in Health care) so as to researchers can develop the robust security application models using Big Data (BD) on CC (can be created / deployed easily). Since, BD evaluation is driven by fast-growing cloud-based applications developed using virtualized technologies. In this purview, MapReduce [12] is a good example of big data processing in a cloud environment, and a model for Cloud providers.

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing.

PubMed

Kumar, Vinod; Jangirala, Srinivas; Ahmad, Musheer

2018-06-28

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.'s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.

Security and privacy issues in implantable medical devices: A comprehensive survey.

PubMed

Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

2015-06-01

Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. Copyright © 2015 Elsevier Inc. All rights reserved.

Bootstrapping and Maintaining Trust in the Cloud

DTIC Science & Technology

2016-12-01

proliferation and popularity of infrastructure-as-a- service (IaaS) cloud computing services such as Amazon Web Services and Google Compute Engine means...IaaS trusted computing system: • Secure Bootstrapping – the system should enable the tenant to securely install an initial root secret into each cloud ...elastically instantiated and terminated. Prior cloud trusted computing solutions address a subset of these features, but none achieve all. Excalibur [31] sup

78 FR 40541 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA)-Match Number 1014

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0019] Privacy Act of 1974, as Amended; Computer Matching Program (SSA)--Match Number 1014 AGENCY: Social Security Administration (SSA). [[Page 40542

Trusted computing strengthens cloud authentication.

PubMed

Ghazizadeh, Eghbal; Zamani, Mazdak; Ab Manan, Jamalul-lail; Alizadeh, Mojtaba

2014-01-01

Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model.

Trusted Computing Strengthens Cloud Authentication

PubMed Central

2014-01-01

Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model. PMID:24701149

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

MCloud: Secure Provenance for Mobile Cloud Users

DTIC Science & Technology

2016-10-03

Feasibility of Smartphone Clouds , 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid). 04-MAY- 15, Shenzhen, China...final decision. MCloud: Secure Provenance for Mobile Cloud Users Final Report Bogdan Carbunar Florida International University Computing and...Release; Distribution Unlimited UU UU UU UU 03-10-2016 31-May-2013 30-May-2016 Final Report: MCloud: Secure Provenance for Mobile Cloud Users The views

Computing Game-Theoretic Solutions for Security in the Medium Term

DTIC Science & Technology

This project concerns the design of algorithms for computing game- theoretic solutions . (Game theory concerns how to act in a strategically optimal...way in environments with other agents who also seek to act optimally but have different , and possibly opposite, interests .) Such algorithms have...recently found application in a number of real-world security applications, including among others airport security, scheduling Federal Air Marshals, and

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension.

PubMed

Chen, Feng; Wang, Chenghong; Dai, Wenrui; Jiang, Xiaoqian; Mohammed, Noman; Al Aziz, Md Momin; Sadat, Md Nazmus; Sahinalp, Cenk; Lauter, Kristin; Wang, Shuang

2017-07-26

Advances in DNA sequencing technologies have prompted a wide range of genomic applications to improve healthcare and facilitate biomedical research. However, privacy and security concerns have emerged as a challenge for utilizing cloud computing to handle sensitive genomic data. We present one of the first implementations of Software Guard Extension (SGX) based securely outsourced genetic testing framework, which leverages multiple cryptographic protocols and minimal perfect hash scheme to enable efficient and secure data storage and computation outsourcing. We compared the performance of the proposed PRESAGE framework with the state-of-the-art homomorphic encryption scheme, as well as the plaintext implementation. The experimental results demonstrated significant performance over the homomorphic encryption methods and a small computational overhead in comparison to plaintext implementation. The proposed PRESAGE provides an alternative solution for secure and efficient genomic data outsourcing in an untrusted cloud by using a hybrid framework that combines secure hardware and multiple crypto protocols.

Use of Computer-Generated Holograms in Security Hologram Applications

NASA Astrophysics Data System (ADS)

Bulanovs, A.; Bakanas, R.

2016-10-01

The article discusses the use of computer-generated holograms (CGHs) for the application as one of the security features in the relief-phase protective holograms. An improved method of calculating CGHs is presented, based on ray-tracing approach in the case of interference of parallel rays. Software is developed for the calculation of multilevel phase CGHs and their integration in the application of security holograms. Topology of calculated computer-generated phase holograms was recorded on the photoresist by the optical greyscale lithography. Parameters of the recorded microstructures were investigated with the help of the atomic-force microscopy (AFM) and scanning electron microscopy (SEM) methods. The results of the research have shown highly protective properties of the security elements based on CGH microstructures. In our opinion, a wide use of CGHs is very promising in the structure of complex security holograms for increasing the level of protection against counterfeit.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Solis, John Hector

In this paper, we present a modular framework for constructing a secure and efficient program obfuscation scheme. Our approach, inspired by the obfuscation with respect to oracle machines model of [4], retains an interactive online protocol with an oracle, but relaxes the original computational and storage restrictions. We argue this is reasonable given the computational resources of modern personal devices. Furthermore, we relax the information-theoretic security requirement for computational security to utilize established cryptographic primitives. With this additional flexibility we are free to explore different cryptographic buildingblocks. Our approach combines authenticated encryption with private information retrieval to construct a securemore » program obfuscation framework. We give a formal specification of our framework, based on desired functionality and security properties, and provide an example instantiation. In particular, we implement AES in Galois/Counter Mode for authenticated encryption and the Gentry-Ramzan [13]constant communication-rate private information retrieval scheme. We present our implementation results and show that non-trivial sized programs can be realized, but scalability is quickly limited by computational overhead. Finally, we include a discussion on security considerations when instantiating specific modules.« less

Mobile healthcare applications: system design review, critical issues and challenges.

PubMed

Baig, Mirza Mansoor; GholamHosseini, Hamid; Connolly, Martin J

2015-03-01

Mobile phones are becoming increasingly important in monitoring and delivery of healthcare interventions. They are often considered as pocket computers, due to their advanced computing features, enhanced preferences and diverse capabilities. Their sophisticated sensors and complex software applications make the mobile healthcare (m-health) based applications more feasible and innovative. In a number of scenarios user-friendliness, convenience and effectiveness of these systems have been acknowledged by both patients as well as healthcare providers. M-health technology employs advanced concepts and techniques from multidisciplinary fields of electrical engineering, computer science, biomedical engineering and medicine which benefit the innovations of these fields towards healthcare systems. This paper deals with two important aspects of current mobile phone based sensor applications in healthcare. Firstly, critical review of advanced applications such as; vital sign monitoring, blood glucose monitoring and in-built camera based smartphone sensor applications. Secondly, investigating challenges and critical issues related to the use of smartphones in healthcare including; reliability, efficiency, mobile phone platform variability, cost effectiveness, energy usage, user interface, quality of medical data, and security and privacy. It was found that the mobile based applications have been widely developed in recent years with fast growing deployment by healthcare professionals and patients. However, despite the advantages of smartphones in patient monitoring, education, and management there are some critical issues and challenges related to security and privacy of data, acceptability, reliability and cost that need to be addressed.

Cardiology office computer use: primer, pointers, pitfalls.

PubMed

Shepard, R B; Blum, R I

1986-10-01

An office computer is a utility, like an automobile, with benefits and costs that are both direct and hidden and potential for disaster. For the cardiologist or cardiovascular surgeon, the increasing power and decreasing costs of computer hardware and the availability of software make use of an office computer system an increasingly attractive possibility. Management of office business functions is common; handling and scientific analysis of practice medical information are less common. The cardiologist can also access national medical information systems for literature searches and for interactive further education. Selection and testing of programs and the entire computer system before purchase of computer hardware will reduce the chances of disappointment or serious problems. Personnel pretraining and planning for office information flow and medical information security are necessary. Some cardiologists design their own office systems, buy hardware and software as needed, write programs for themselves and carry out the implementation themselves. For most cardiologists, the better course will be to take advantage of the professional experience of expert advisors. This article provides a starting point from which the practicing cardiologist can approach considering, specifying or implementing an office computer system for business functions and for scientific analysis of practice results.

Hand-held computer operating system program for collection of resident experience data.

PubMed

Malan, T K; Haffner, W H; Armstrong, A Y; Satin, A J

2000-11-01

To describe a system for recording resident experience involving hand-held computers with the Palm Operating System (3 Com, Inc., Santa Clara, CA). Hand-held personal computers (PCs) are popular, easy to use, inexpensive, portable, and can share data among other operating systems. Residents in our program carry individual hand-held database computers to record Residency Review Committee (RRC) reportable patient encounters. Each resident's data is transferred to a single central relational database compatible with Microsoft Access (Microsoft Corporation, Redmond, WA). Patient data entry and subsequent transfer to a central database is accomplished with commercially available software that requires minimal computer expertise to implement and maintain. The central database can then be used for statistical analysis or to create required RRC resident experience reports. As a result, the data collection and transfer process takes less time for residents and program director alike, than paper-based or central computer-based systems. The system of collecting resident encounter data using hand-held computers with the Palm Operating System is easy to use, relatively inexpensive, accurate, and secure. The user-friendly system provides prompt, complete, and accurate data, enhancing the education of residents while facilitating the job of the program director.

Quantum attack-resistent certificateless multi-receiver signcryption scheme.

PubMed

Li, Huixian; Chen, Xubao; Pang, Liaojun; Shi, Weisong

2013-01-01

The existing certificateless signcryption schemes were designed mainly based on the traditional public key cryptography, in which the security relies on the hard problems, such as factor decomposition and discrete logarithm. However, these problems will be easily solved by the quantum computing. So the existing certificateless signcryption schemes are vulnerable to the quantum attack. Multivariate public key cryptography (MPKC), which can resist the quantum attack, is one of the alternative solutions to guarantee the security of communications in the post-quantum age. Motivated by these concerns, we proposed a new construction of the certificateless multi-receiver signcryption scheme (CLMSC) based on MPKC. The new scheme inherits the security of MPKC, which can withstand the quantum attack. Multivariate quadratic polynomial operations, which have lower computation complexity than bilinear pairing operations, are employed in signcrypting a message for a certain number of receivers in our scheme. Security analysis shows that our scheme is a secure MPKC-based scheme. We proved its security under the hardness of the Multivariate Quadratic (MQ) problem and its unforgeability under the Isomorphism of Polynomials (IP) assumption in the random oracle model. The analysis results show that our scheme also has the security properties of non-repudiation, perfect forward secrecy, perfect backward secrecy and public verifiability. Compared with the existing schemes in terms of computation complexity and ciphertext length, our scheme is more efficient, which makes it suitable for terminals with low computation capacity like smart cards.

Bibliography for computer security, integrity, and safety

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports.

Secure Multi-party Computation Protocol for Defense Applications in Military Operations Using Virtual Cryptography

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

With the advent into the 20th century whole world has been facing the common dilemma of Terrorism. The suicide attacks on US twin towers 11 Sept. 2001, Train bombings in Madrid Spain 11 Mar. 2004, London bombings 7 Jul. 2005 and Mumbai attack 26 Nov. 2008 were some of the most disturbing, destructive and evil acts by terrorists in the last decade which has clearly shown their evil intent that they can go to any extent to accomplish their goals. Many terrorist organizations such as al Quaida, Harakat ul-Mujahidin, Hezbollah, Jaish-e-Mohammed, Lashkar-e-Toiba, etc. are carrying out training camps and terrorist operations which are accompanied with latest technology and high tech arsenal. To counter such terrorism our military is in need of advanced defense technology. One of the major issues of concern is secure communication. It has to be made sure that communication between different military forces is secure so that critical information is not leaked to the adversary. Military forces need secure communication to shield their confidential data from terrorist forces. Leakage of concerned data can prove hazardous, thus preservation and security is of prime importance. There may be a need to perform computations that require data from many military forces, but in some cases the associated forces would not want to reveal their data to other forces. In such situations Secure Multi-party Computations find their application. In this paper, we propose a new highly scalable Secure Multi-party Computation (SMC) protocol and algorithm for Defense applications which can be used to perform computation on encrypted data. Every party encrypts their data in accordance with a particular scheme. This encrypted data is distributed among some created virtual parties. These Virtual parties send their data to the TTP through an Anonymizer layer. TTP performs computation on encrypted data and announces the result. As the data sent was encrypted its actual value can’t be known by TTP and with the use of Anonymizers we have covered the identity of true source of data. Modifier tokens are generated along encryption of data which are distributed among virtual parties, then sent to TTP and finally used in the computation. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have also given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved.

75 FR 43492 - Federal Advisory Committee; National Security Education Board; Charter Renewal

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... Education Board; Charter Renewal AGENCY: Department of Defense (DoD). ACTION: Renewal of Federal Advisory... Department of Defense gives notice that it is renewing the charter for the National Security Education Board... students desiring scholarships or fellowships, and institutions of higher education desiring grants under...

Asian Educational Discourse: Construction of Ontological Security

ERIC Educational Resources Information Center

Khalina, Natalya V.; Kovaleva, Alla V.; Voronin, Maksim S.; Anikin, Denis V.; Valyulina, Ekaterina V.

2018-01-01

This article considers the problem of ontology security through Asian educational discourse, which is structurally determined by the process of moral self-improvement. Considered are trends in improving the management of educational system by developing the culture of quality, which is considered as the next stage of the Asian education systems…

An Examination of Issues Surrounding Information Security in California Colleges

ERIC Educational Resources Information Center

Butler, Robert D.

2013-01-01

Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

DOE's Computer Incident Advisory Capability (CIAC)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schultz, E.

1990-09-01

Computer security is essential in maintaining quality in the computing environment. Computer security incidents, however, are becoming more sophisticated. The DOE Computer Incident Advisory Capability (CIAC) team was formed primarily to assist DOE sites in responding to computer security incidents. Among CIAC's other responsibilities are gathering and distributing information to DOE sites, providing training workshops, coordinating with other agencies, response teams, and vendors, creating guidelines for incident handling, and developing software tools. CIAC has already provided considerable assistance to DOE sites faced with virus infections and worm and hacker attacks, has issued over 40 information bulletins, and has developed andmore » presented a workshop on incident handling. CIAC's experience in helping sites has produced several lessons learned, including the need to follow effective procedures to avoid virus infections in small systems and the need for sound password management and system administration in networked systems. CIAC's activity and scope will expand in the future. 4 refs.« less

A new data collaboration service based on cloud computing security

NASA Astrophysics Data System (ADS)

Ying, Ren; Li, Hua-Wei; Wang, Li na

2017-09-01

With the rapid development of cloud computing, the storage and usage of data have undergone revolutionary changes. Data owners can store data in the cloud. While bringing convenience, it also brings many new challenges to cloud data security. A key issue is how to support a secure data collaboration service that supports access and updates to cloud data. This paper proposes a secure, efficient and extensible data collaboration service, which prevents data leaks in cloud storage, supports one to many encryption mechanisms, and also enables cloud data writing and fine-grained access control.

Secure Multiparty AES

NASA Astrophysics Data System (ADS)

Damgård, Ivan; Keller, Marcel

We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

Secure telemonitoring system for delivering telerehabilitation therapy to enhance children's communication function to home.

PubMed

Parmanto, Bambang; Saptono, Andi; Murthi, Raymond; Safos, Charlotte; Lathan, Corinna E

2008-11-01

A secure telemonitoring system was developed to transform CosmoBot system, a stand-alone speech-language therapy software, into a telerehabilitation system. The CosmoBot system is a motivating, computer-based play character designed to enhance children's communication skills and stimulate verbal interaction during the remediation of speech and language disorders. The CosmoBot system consists of the Mission Control human interface device and Cosmo's Play and Learn software featuring a robot character named Cosmo that targets educational goals for children aged 3-5 years. The secure telemonitoring infrastructure links a distant speech-language therapist and child/parents at home or school settings. The result is a telerehabilitation system that allows a speech-language therapist to monitor children's activities at home while providing feedback and therapy materials remotely. We have developed the means for telerehabilitation of communication skills that can be implemented in children's home settings. The architecture allows the therapist to remotely monitor the children after completion of the therapy session and to provide feedback for the following session.

System and method for secure group transactions

DOEpatents

Goldsmith, Steven Y [Rochester, MN

2006-04-25

A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

Welfare, Liberty, and Security for All? U.S. Sex Education Policy and the 1996 Title V Section 510 of the Social Security Act.

PubMed

Lerner, Justin E; Hawkins, Robert L

2016-07-01

When adolescents delay (meaning they wait until after middle school) engaging in sexual intercourse, they use condoms at higher rates and have fewer sexual partners than those who have sex earlier, thus resulting in a lower risk for unintended pregnancies and sexually transmitted infections. The 1996 Section 510 of Title V of the Social Security Act (often referred to as A-H) is a policy that promotes abstinence-only-until-marriage education (AOE) within public schools. Using Stone's (2012) policy analysis framework, this article explores how A-H limits welfare, liberty, and security among adolescents due to the poor empirical outcomes of AOE policy. We recommend incorporating theory-informed comprehensive sex education in addition to theory-informed abstinence education that utilizes Fishbein and Ajzen's (2010) reasoned action model within schools in order to begin to address adolescent welfare, liberty, and security.

Guidelines for Network Security in the Learning Environment.

ERIC Educational Resources Information Center

Littman, Marlyn Kemper

1996-01-01

Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

Data Privacy and Security in Higher Education

ERIC Educational Resources Information Center

Williams, Tracy

2003-01-01

As institutions review and strengthen their plans to secure confidential data, what proactive role does the human resource professional play as a strategic partner? Why are employees a critical part of the solution? And how are they educated regarding their responsibilities with data security? Datatel's HR product manager shares some…

A National Partnership for Careers in Public Safety and Security

ERIC Educational Resources Information Center

Coffee, Joseph

2007-01-01

A partnership of state, local and federal public safety agencies, secondary and postsecondary educational institutions, and professional and educational associations, the National Partnership for Careers in Law, Public Safety, Corrections and Security also serves as the lead organization for the Law, Public Safety, Corrections and Security Career…

Information Security in Higher Education. Professional Paper Series, #5.

ERIC Educational Resources Information Center

Elliott, Raymond; And Others

Intended to generate discussion and motivate proactive intervention in matters of information security, this paper defines and discusses some of the key issues relating to information security on college and university campuses based on in-depth interviews conducted at eight selected higher education institutions of varying size and composition in…

Composing Alternatives to a National Security Language Policy

ERIC Educational Resources Information Center

Wible, Scott

2009-01-01

President Bush's National Security Language Initiative focuses narrowly on gearing language education to security and military needs. English educators should work with their counterparts in foreign language departments to promote a broader view, one that encourages study of the multiple language groups that currently exist within the United…

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

High-Performance Secure Database Access Technologies for HEP Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Matthew Vranicar; John Weicher

2006-04-17

The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysismore » capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure authorization is pushed into the database engine will eliminate inefficient data transfer bottlenecks. Furthermore, traditionally separated database and security layers provide an extra vulnerability, leaving a weak clear-text password authorization as the only protection on the database core systems. Due to the legacy limitations of the systems’ security models, the allowed passwords often can not even comply with the DOE password guideline requirements. We see an opportunity for the tight integration of the secure authorization layer with the database server engine resulting in both improved performance and improved security. Phase I has focused on the development of a proof-of-concept prototype using Argonne National Laboratory’s (ANL) Argonne Tandem-Linac Accelerator System (ATLAS) project as a test scenario. By developing a grid-security enabled version of the ATLAS project’s current relation database solution, MySQL, PIOCON Technologies aims to offer a more efficient solution to secure database access.« less

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., specialized training, and termination briefings. This subpart establishes fundamental security education and... authorities, security managers, classification management officers, security specialists, and all other.... Classification management officers, security managers, security specialists, declassification authorities, and...

Voices from the Field: Working Together for Safe and Secure Schools. Summary of Findings from Florida Education Commissioner Charlie Crist's School Safety and Security Summits.

ERIC Educational Resources Information Center

Florida State Dept. of Education, Tallahassee.

During summer and fall 2001, the Florida Commissioner of Education conducted eight regional meetings, open to the public, on school safety and security. The purpose of the meetings was to explore safety issues faced by districts and schools, share best safety practices, and generate local discussion on matters of school safety and security. This…

Assessing the Need for an On-Line Educational Module for Volunteer Leaders on Bio-Security in Washington State 4-H Livestock Projects

ERIC Educational Resources Information Center

Stevenson, Jill L.; Moore, Dale A.; Newman, Jerry; Schmidt, Janet L.; Smith, Sarah M.; Smith, Jean; Kerr, Susan; Wallace, Michael; BoyEs, Pat

2011-01-01

4-H livestock projects present disease transmission risks that can be reduced by the use of bio-security practices. The responsibility of teaching bio-security to youth belongs primarily to volunteer leaders, who may not be aware of the importance of these practices. A needs assessment for an online educational module about bio-security revealed…

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation

PubMed Central

Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-01-01

Background Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Objective Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Methods Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Results Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. Conclusions To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. PMID:29506966

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation.

PubMed

Sadat, Md Nazmus; Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-03-05

Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. ©Md Nazmus Sadat, Xiaoqian Jiang, Md Momin Al Aziz, Shuang Wang, Noman Mohammed. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 05.03.2018.

Quantum And Relativistic Protocols For Secure Multi-Party Computation

NASA Astrophysics Data System (ADS)

Colbeck, Roger

2009-11-01

After a general introduction, the thesis is divided into four parts. In the first, we discuss the task of coin tossing, principally in order to highlight the effect different physical theories have on security in a straightforward manner, but, also, to introduce a new protocol for non-relativistic strong coin tossing. This protocol matches the security of the best protocol known to date while using a conceptually different approach to achieve the task. In the second part variable bias coin tossing is introduced. This is a variant of coin tossing in which one party secretly chooses one of two biased coins to toss. It is shown that this can be achieved with unconditional security for a specified range of biases, and with cheat-evident security for any bias. We also discuss two further protocols which are conjectured to be unconditionally secure for any bias. The third section looks at other two-party secure computations for which, prior to our work, protocols and no-go theorems were unknown. We introduce a general model for such computations, and show that, within this model, a wide range of functions are impossible to compute securely. We give explicit cheating attacks for such functions. In the final chapter we discuss the task of expanding a private random string, while dropping the usual assumption that the protocol's user trusts her devices. Instead we assume that all quantum devices are supplied by an arbitrarily malicious adversary. We give two protocols that we conjecture securely perform this task. The first allows a private random string to be expanded by a finite amount, while the second generates an arbitrarily large expansion of such a string.

Physics through the 1990s: Scientific interfaces and technological applications

NASA Technical Reports Server (NTRS)

1986-01-01

The volume examines the scientific interfaces and technological applications of physics. Twelve areas are dealt with: biological physics-biophysics, the brain, and theoretical biology; the physics-chemistry interface-instrumentation, surfaces, neutron and synchrotron radiation, polymers, organic electronic materials; materials science; geophysics-tectonics, the atmosphere and oceans, planets, drilling and seismic exploration, and remote sensing; computational physics-complex systems and applications in basic research; mathematics-field theory and chaos; microelectronics-integrated circuits, miniaturization, future trends; optical information technologies-fiber optics and photonics; instrumentation; physics applications to energy needs and the environment; national security-devices, weapons, and arms control; medical physics-radiology, ultrasonics, MNR, and photonics. An executive summary and many chapters contain recommendations regarding funding, education, industry participation, small-group university research and large facility programs, government agency programs, and computer database needs.

Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

PubMed Central

Wen, Qiaoyan; Zhang, Hua; Jin, Zhengping; Li, Wenmin

2014-01-01

We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function. PMID:24982949

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

PubMed Central

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-01-01

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

Two-cloud-servers-assisted secure outsourcing multiparty computation.

PubMed

Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Zhang, Hua; Jin, Zhengping; Li, Wenmin

2014-01-01

We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.

Continuous-variable quantum computing on encrypted data.

PubMed

Marshall, Kevin; Jacobsen, Christian S; Schäfermeier, Clemens; Gehring, Tobias; Weedbrook, Christian; Andersen, Ulrik L

2016-12-14

The ability to perform computations on encrypted data is a powerful tool for protecting a client's privacy, especially in today's era of cloud and distributed computing. In terms of privacy, the best solutions that classical techniques can achieve are unfortunately not unconditionally secure in the sense that they are dependent on a hacker's computational power. Here we theoretically investigate, and experimentally demonstrate with Gaussian displacement and squeezing operations, a quantum solution that achieves the security of a user's privacy using the practical technology of continuous variables. We demonstrate losses of up to 10 km both ways between the client and the server and show that security can still be achieved. Our approach offers a number of practical benefits (from a quantum perspective) that could one day allow the potential widespread adoption of this quantum technology in future cloud-based computing networks.

Continuous-variable quantum computing on encrypted data

PubMed Central

Marshall, Kevin; Jacobsen, Christian S.; Schäfermeier, Clemens; Gehring, Tobias; Weedbrook, Christian; Andersen, Ulrik L.

2016-01-01

The ability to perform computations on encrypted data is a powerful tool for protecting a client's privacy, especially in today's era of cloud and distributed computing. In terms of privacy, the best solutions that classical techniques can achieve are unfortunately not unconditionally secure in the sense that they are dependent on a hacker's computational power. Here we theoretically investigate, and experimentally demonstrate with Gaussian displacement and squeezing operations, a quantum solution that achieves the security of a user's privacy using the practical technology of continuous variables. We demonstrate losses of up to 10 km both ways between the client and the server and show that security can still be achieved. Our approach offers a number of practical benefits (from a quantum perspective) that could one day allow the potential widespread adoption of this quantum technology in future cloud-based computing networks. PMID:27966528

Continuous-variable quantum computing on encrypted data

NASA Astrophysics Data System (ADS)

Marshall, Kevin; Jacobsen, Christian S.; Schäfermeier, Clemens; Gehring, Tobias; Weedbrook, Christian; Andersen, Ulrik L.

2016-12-01

The ability to perform computations on encrypted data is a powerful tool for protecting a client's privacy, especially in today's era of cloud and distributed computing. In terms of privacy, the best solutions that classical techniques can achieve are unfortunately not unconditionally secure in the sense that they are dependent on a hacker's computational power. Here we theoretically investigate, and experimentally demonstrate with Gaussian displacement and squeezing operations, a quantum solution that achieves the security of a user's privacy using the practical technology of continuous variables. We demonstrate losses of up to 10 km both ways between the client and the server and show that security can still be achieved. Our approach offers a number of practical benefits (from a quantum perspective) that could one day allow the potential widespread adoption of this quantum technology in future cloud-based computing networks.

A review of automated image understanding within 3D baggage computed tomography security screening.

PubMed

Mouton, Andre; Breckon, Toby P

2015-01-01

Baggage inspection is the principal safeguard against the transportation of prohibited and potentially dangerous materials at airport security checkpoints. Although traditionally performed by 2D X-ray based scanning, increasingly stringent security regulations have led to a growing demand for more advanced imaging technologies. The role of X-ray Computed Tomography is thus rapidly expanding beyond the traditional materials-based detection of explosives. The development of computer vision and image processing techniques for the automated understanding of 3D baggage-CT imagery is however, complicated by poor image resolutions, image clutter and high levels of noise and artefacts. We discuss the recent and most pertinent advancements and identify topics for future research within the challenging domain of automated image understanding for baggage security screening CT.

Weaving a Secure Web around Education: A Guide to Technology Standards and Security.

ERIC Educational Resources Information Center

National Forum on Education Statistics (ED/OERI), Washington, DC.

The purpose of this guidebook is to assist education agencies and organizations--which include state education agencies or state departments of education, school districts, and schools--in the development, maintenance, and standardization of effective Web sites. Also included is a detailed examination of the procedures necessary to provide…

Guiding Principles for Providing High-Quality Education in Juvenile Justice Secure Care Settings

ERIC Educational Resources Information Center

US Department of Education, 2014

2014-01-01

Providing high-quality education in juvenile justice secure care settings presents unique challenges for the administrators, teachers, and staff who are responsible for the education, rehabilitation, and welfare of youths committed to their care. The United States departments of Education (ED) and Justice (DOJ) recognize that while these…

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2012 CFR

2012-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2013 CFR

2013-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

Organization of the secure distributed computing based on multi-agent system

NASA Astrophysics Data System (ADS)

Khovanskov, Sergey; Rumyantsev, Konstantin; Khovanskova, Vera

2018-04-01

Nowadays developing methods for distributed computing is received much attention. One of the methods of distributed computing is using of multi-agent systems. The organization of distributed computing based on the conventional network computers can experience security threats performed by computational processes. Authors have developed the unified agent algorithm of control system of computing network nodes operation. Network PCs is used as computing nodes. The proposed multi-agent control system for the implementation of distributed computing allows in a short time to organize using of the processing power of computers any existing network to solve large-task by creating a distributed computing. Agents based on a computer network can: configure a distributed computing system; to distribute the computational load among computers operated agents; perform optimization distributed computing system according to the computing power of computers on the network. The number of computers connected to the network can be increased by connecting computers to the new computer system, which leads to an increase in overall processing power. Adding multi-agent system in the central agent increases the security of distributed computing. This organization of the distributed computing system reduces the problem solving time and increase fault tolerance (vitality) of computing processes in a changing computing environment (dynamic change of the number of computers on the network). Developed a multi-agent system detects cases of falsification of the results of a distributed system, which may lead to wrong decisions. In addition, the system checks and corrects wrong results.

A compressive sensing based secure watermark detection and privacy preserving storage framework.

PubMed

Qia Wang; Wenjun Zeng; Jun Tian

2014-03-01

Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

Computer-Aided Sensor Development Focused on Security Issues.

PubMed

Bialas, Andrzej

2016-05-26

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Computer-Aided Sensor Development Focused on Security Issues

PubMed Central

Bialas, Andrzej

2016-01-01

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research. PMID:27240360

20 CFR 404.240 - Old-start method-general.

Code of Federal Regulations, 2010 CFR

2010-04-01

....240 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND DISABILITY INSURANCE (1950- ) Computing Primary Insurance Amounts Old-Start Method of Computing Primary Insurance Amounts § 404.240 Old-start method—general. If you had all or substantially all your social security...

Safeguarding Databases Basic Concepts Revisited.

ERIC Educational Resources Information Center

Cardinali, Richard

1995-01-01

Discusses issues of database security and integrity, including computer crime and vandalism, human error, computer viruses, employee and user access, and personnel policies. Suggests some precautions to minimize system vulnerability such as careful personnel screening, audit systems, passwords, and building and software security systems. (JKP)

10 CFR 2.4 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-01-01

... and safety or the common defense and security; security measures for the physical protection and... computer that contains the participant's name, e-mail address, and participant's digital signature, proves... inspection. It is also the place where NRC makes computer terminals available to access the Publicly...

10 CFR 2.4 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... and safety or the common defense and security; security measures for the physical protection and... computer that contains the participant's name, e-mail address, and participant's digital signature, proves... inspection. It is also the place where NRC makes computer terminals available to access the Publicly...

78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-20

... Institute of Standards and Technology (NIST), United States Department of Commerce. ACTION: Notice, extension of comment period. SUMMARY: NIST is extending the deadline for submitting comments relating to Computer Security Incident Coordination. NIST experienced technical difficulties with receiving email...

THE LONG REACH OF EDUCATION: EARLY RETIREMENT.

PubMed

Venti, Steven; Wise, David A

2015-12-01

The goal of this paper is to draw attention to the long lasting effect of education on economic outcomes. We use the relationship between education and two routes to early retirement - the receipt of Social Security Disability Insurance (DI) and the early claiming of Social Security retirement benefits - to illustrate the long-lasting influence of education. We find that for both men and women with less than a high school degree the median DI participation rate is 6.6 times the participation rate for those with a college degree or more. Similarly, men and women with less than a high school education are over 25 percentage points more likely to claim Social Security benefits early than those with a college degree or more. We focus on four critical "pathways" through which education may indirectly influence early retirement - health, employment, earnings, and the accumulation of assets. We find that for women health is the dominant pathway through which education influences DI participation. For men, the health, earnings, and wealth pathways are of roughly equal magnitude. For both men and women the principal channel through which education influences early Social Security claiming decisions is the earnings pathway. We also consider the direct effect of education that does not operate through these pathways. The direct effect of education is much greater for early claiming of Social Security benefits than for DI participation, accounting for 72 percent of the effect of education for men and 67 percent for women. For women the direct effect of education on DI participation is not statistically significant, suggesting that the total effect may be through the four pathways.

An overview of computer viruses in a research environment

NASA Technical Reports Server (NTRS)

Bishop, Matt

1991-01-01

The threat of attack by computer viruses is in reality a very small part of a much more general threat, specifically threats aimed at subverting computer security. Here, computer viruses are examined as a malicious logic in a research and development environment. A relation is drawn between the viruses and various models of security and integrity. Current research techniques aimed at controlling the threats posed to computer systems by threatening viruses in particular and malicious logic in general are examined. Finally, a brief examination of the vulnerabilities of research and development systems that malicious logic and computer viruses may exploit is undertaken.

14 CFR 1274.936 - Breach of safety or security.

Code of Federal Regulations, 2013 CFR

2013-01-01

.... (a) Security is the condition of safeguarding against espionage, sabotage, crime (including computer... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false Breach of safety or security. 1274.936... security. Breach of Safety or Security July 2002 Safety is the freedom from those conditions that can cause...

14 CFR 1274.936 - Breach of safety or security.

Code of Federal Regulations, 2010 CFR

2010-01-01

.... (a) Security is the condition of safeguarding against espionage, sabotage, crime (including computer... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Breach of safety or security. 1274.936... security. Breach of Safety or Security July 2002 Safety is the freedom from those conditions that can cause...

14 CFR 1274.936 - Breach of safety or security.

Code of Federal Regulations, 2011 CFR

2011-01-01

.... (a) Security is the condition of safeguarding against espionage, sabotage, crime (including computer... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Breach of safety or security. 1274.936... security. Breach of Safety or Security July 2002 Safety is the freedom from those conditions that can cause...

Identifying the Key Weaknesses in Network Security at Colleges.

ERIC Educational Resources Information Center

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

A Security Checklist for ERP Implementations

ERIC Educational Resources Information Center

Hughes, Joy R.; Beer, Robert

2007-01-01

The EDUCAUSE/Internet2 Computer and Network Security Task Force consulted with IT security professionals on campus about concerns with the current state of security in enterprise resource planning (ERP) systems. From these conversations, it was clear that security issues generally fell into one of two areas: (1) It has become extremely difficult…

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

NASA Astrophysics Data System (ADS)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

Security Verification of Secure MANET Routing Protocols

DTIC Science & Technology

2012-03-22

SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Matthew F. Steele, Captain, USAF AFIT/GCS/ ENG /12-03 DEPARTMENT OF THE AIR FORCE AIR...States AFIT/GCS/ ENG /12-03 SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Presented to the Faculty Department of Electrical and Computer...DISTRIBUTION UNLIMITED AFIT/GCS/ ENG /12-03 SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS Matthew F. Steele, B.S.E.E. Captain, USAF

Towards An Engineering Discipline of Computational Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mili, Ali; Sheldon, Frederick T; Jilani, Lamia Labed

2007-01-01

George Boole ushered the era of modern logic by arguing that logical reasoning does not fall in the realm of philosophy, as it was considered up to his time, but in the realm of mathematics. As such, logical propositions and logical arguments are modeled using algebraic structures. Likewise, we submit that security attributes must be modeled as formal mathematical propositions that are subject to mathematical analysis. In this paper, we approach this problem by attempting to model security attributes in a refinement-like framework that has traditionally been used to represent reliability and safety claims. Keywords: Computable security attributes, survivability, integrity,more » dependability, reliability, safety, security, verification, testing, fault tolerance.« less

An Infrastructure for Multi-Level Secure Service-Oriented Architecture (MLS-SOA) Using the Multiple Single-Level Approach

DTIC Science & Technology

2009-12-17

IEEE TDKE, 1996. 8( 1). 14. Garvey, T.D., The inference Problem for Computer Security. 1992, SRI International. 15. Chaum , D ., Blind Signatures for...Pervasive Computing Environments. IEEE Transactions on Vehicular Technology, 2006. 55(4). 17. Chaum , D ., Security without Identification: Transaction...Systems to make Big Brother Obsolete. Communications of the ACM 1985. 28(10). 18. Chaum , D ., Untraceable Electronic Mail, Return Addresses, and Digital

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

PubMed

Sahi, Aqeel; Lai, David; Li, Yan

2016-11-01

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.

National Security Education Act of 1991: Summary and Analysis. CRS Report for Congress.

ERIC Educational Resources Information Center

Riddle, Wayne Clifton

This report analyzes and summarizes the National Security Education Act of 1991 (NSEA) which authorizes a new program of aid for foreign language and area studies. The report discusses the legislation's aim to increase future national security through enhanced foreign language abilities and knowledge of other countries, the NSEA's authorized…

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

6 CFR 17.455 - Textbooks and curricular material.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Textbooks and curricular material. 17.455 Section 17.455 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY NONDISCRIMINATION ON THE BASIS OF SEX IN EDUCATION PROGRAMS OR ACTIVITIES RECEIVING FEDERAL FINANCIAL ASSISTANCE Discrimination on the Basis of Sex in Education...

The Handbook for Campus Safety and Security Reporting. 2016 Edition

ERIC Educational Resources Information Center

US Department of Education, 2016

2016-01-01

Campus security and safety is an important feature of postsecondary education. The Department of Education is committed to assisting schools in providing students nationwide a safe environment in which to learn and to keep students, parents and employees well informed about campus security. These goals were advanced by the Crime Awareness and…

Required Security Screenings for Researchers: A Policy Analysis and Commentary

ERIC Educational Resources Information Center

Zucker, Andrew A.

2011-01-01

After the attacks of 9/11/2001 the federal government implemented new policies intended to protect people and institutions in the United States. A surprising policy requires education researchers conducting research under contract to the U.S. Department of Education (ED) to obtain security clearances, sometimes known as security screenings.…

Computer science security research and human subjects: emerging considerations for research ethics boards.

PubMed

Buchanan, Elizabeth; Aycock, John; Dexter, Scott; Dittrich, David; Hvizdak, Erin

2011-06-01

This paper explores the growing concerns with computer science research, and in particular, computer security research and its relationship with the committees that review human subjects research. It offers cases that review boards are likely to confront, and provides a context for appropriate consideration of such research, as issues of bots, clouds, and worms enter the discourse of human subjects review.

Diamond High Assurance Security Program: Trusted Computing Exemplar

DTIC Science & Technology

2002-09-01

computing component, the Embedded MicroKernel Prototype. A third-party evaluation of the component will be initiated during development (e.g., once...target technologies and larger projects is a topic for future research. Trusted Computing Reference Component – The Embedded MicroKernel Prototype We...Kernel The primary security function of the Embedded MicroKernel will be to enforce process and data-domain separation, while providing primitive

Security Certification Challenges in a Cloud Computing Delivery Model

DTIC Science & Technology

2010-04-27

Relevant Security Standards, Certifications, and Guidance  NIST SP 800 series  ISO /IEC 27001 framework  Cloud Security Alliance  Statement of...CSA Domains / Cloud Features ISO 27001 Cloud Service Provider Responsibility Government Agency Responsibility Analyze Security gaps Compensating

Future of Assurance: Ensuring that a System is Trustworthy

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Verbauwhede, Ingrid; Vishik, Claire

Significant efforts are put in defining and implementing strong security measures for all components of the comput-ing environment. It is equally important to be able to evaluate the strength and robustness of these measures and establish trust among the components of the computing environment based on parameters and attributes of these elements and best practices associated with their production and deployment. Today the inventory of techniques used for security assurance and to establish trust -- audit, security-conscious development process, cryptographic components, external evaluation - is somewhat limited. These methods have their indisputable strengths and have contributed significantly to the advancement in the area of security assurance. However, shorter product and tech-nology development cycles and the sheer complexity of modern digital systems and processes have begun to decrease the efficiency of these techniques. Moreover, these approaches and technologies address only some aspects of security assurance and, for the most part, evaluate assurance in a general design rather than an instance of a product. Additionally, various components of the computing environment participating in the same processes enjoy different levels of security assurance, making it difficult to ensure adequate levels of protection end-to-end. Finally, most evaluation methodologies rely on the knowledge and skill of the evaluators, making reliable assessments of trustworthiness of a system even harder to achieve. The paper outlines some issues in security assurance that apply across the board, with the focus on the trustworthiness and authenticity of hardware components and evaluates current approaches to assurance.

Quantum Attack-Resistent Certificateless Multi-Receiver Signcryption Scheme

PubMed Central

Li, Huixian; Chen, Xubao; Pang, Liaojun; Shi, Weisong

2013-01-01

The existing certificateless signcryption schemes were designed mainly based on the traditional public key cryptography, in which the security relies on the hard problems, such as factor decomposition and discrete logarithm. However, these problems will be easily solved by the quantum computing. So the existing certificateless signcryption schemes are vulnerable to the quantum attack. Multivariate public key cryptography (MPKC), which can resist the quantum attack, is one of the alternative solutions to guarantee the security of communications in the post-quantum age. Motivated by these concerns, we proposed a new construction of the certificateless multi-receiver signcryption scheme (CLMSC) based on MPKC. The new scheme inherits the security of MPKC, which can withstand the quantum attack. Multivariate quadratic polynomial operations, which have lower computation complexity than bilinear pairing operations, are employed in signcrypting a message for a certain number of receivers in our scheme. Security analysis shows that our scheme is a secure MPKC-based scheme. We proved its security under the hardness of the Multivariate Quadratic (MQ) problem and its unforgeability under the Isomorphism of Polynomials (IP) assumption in the random oracle model. The analysis results show that our scheme also has the security properties of non-repudiation, perfect forward secrecy, perfect backward secrecy and public verifiability. Compared with the existing schemes in terms of computation complexity and ciphertext length, our scheme is more efficient, which makes it suitable for terminals with low computation capacity like smart cards. PMID:23967037

Secure data exchange between intelligent devices and computing centers

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2005-03-01

The advent of reliable spontaneous networking technologies (commonly known as wireless ad-hoc networks) has ostensibly raised stakes for the conception of computing intensive environments using intelligent devices as their interface with the external world. These smart devices are used as data gateways for the computing units. These devices are employed in highly volatile environments where the secure exchange of data between these devices and their computing centers is of paramount importance. Moreover, their mission critical applications require dependable measures against the attacks like denial of service (DoS), eavesdropping, masquerading, etc. In this paper, we propose a mechanism to assure reliable data exchange between an intelligent environment composed of smart devices and distributed computing units collectively called 'computational grid'. The notion of infosphere is used to define a digital space made up of a persistent and a volatile asset in an often indefinite geographical space. We study different infospheres and present general evolutions and issues in the security of such technology-rich and intelligent environments. It is beyond any doubt that these environments will likely face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. It would be better to build in the ability to uniformly deal with these systems. As a solution, we propose a concept of virtualization of security services. We try to solve the difficult problems of implementation and maintenance of trust on the one hand, and those of security management in heterogeneous infrastructure on the other hand.

OpenID connect as a security service in Cloud-based diagnostic imaging systems

NASA Astrophysics Data System (ADS)

Ma, Weina; Sartipi, Kamran; Sharghi, Hassan; Koff, David; Bak, Peter

2015-03-01

The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as "Kerberos of Cloud". We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.