17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

ERIC Educational Resources Information Center

Foltz, C. Bryan; Renwick, Janet S.

2011-01-01

The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

ERIC Educational Resources Information Center

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

.../index.html/ . Agenda: --Cloud Computing Implementations --Health IT --OpenID --Pending Cyber Security... will be available for the public and media. --OpenID --Cloud Computing Implementations --Security...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

Information Security in the Age of Cloud Computing

ERIC Educational Resources Information Center

Sims, J. Eric

2012-01-01

Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-11

... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-01

... NIST Computer Security Division. Note that agenda items may change without notice because of possible... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and... classified national security information (classified information) on computer networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified information to be shared...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2012 CFR

2012-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2013 CFR

2013-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

77 FR 13294 - Announcing Approval of Federal Information Processing Standard (FIPS) Publication 180-4, Secure...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-06

... hash algorithms in many computer network applications. On February 11, 2011, NIST published a notice in... Information Security Management Act (FISMA) of 2002 (Pub. L. 107-347), the Secretary of Commerce is authorized to approve Federal Information Processing Standards (FIPS). NIST activities to develop computer...

45 CFR 205.56 - Requirements governing the use of income and eligibility information.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) of the Social Security Act must provide that: (a) The State agency will use the information obtained... received from the Internal Revenue Service, and earnings information received from the Social Security... Federal computer matching program that is subject to the requirements in the Computer Matching and Privacy...

45 CFR 205.56 - Requirements governing the use of income and eligibility information.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) of the Social Security Act must provide that: (a) The State agency will use the information obtained... received from the Internal Revenue Service, and earnings information received from the Social Security... Federal computer matching program that is subject to the requirements in the Computer Matching and Privacy...

45 CFR 205.56 - Requirements governing the use of income and eligibility information.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) of the Social Security Act must provide that: (a) The State agency will use the information obtained... received from the Internal Revenue Service, and earnings information received from the Social Security... Federal computer matching program that is subject to the requirements in the Computer Matching and Privacy...

45 CFR 205.56 - Requirements governing the use of income and eligibility information.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) of the Social Security Act must provide that: (a) The State agency will use the information obtained... received from the Internal Revenue Service, and earnings information received from the Social Security... Federal computer matching program that is subject to the requirements in the Computer Matching and Privacy...

45 CFR 205.56 - Requirements governing the use of income and eligibility information.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) of the Social Security Act must provide that: (a) The State agency will use the information obtained... received from the Internal Revenue Service, and earnings information received from the Social Security... Federal computer matching program that is subject to the requirements in the Computer Matching and Privacy...

Information Systems at Enterprise. Design of Secure Network of Enterprise

NASA Astrophysics Data System (ADS)

Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

2018-05-01

No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

Understanding Mobile Apps

MedlinePlus

... share personal information let your kids spend real money — even if the app is free include ads link to social media What’s more, ... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making ... Security "Free" Security Scans Computer Security Disposing of Old Computers ...

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-13

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

Measuring the Effectiveness of Information Security Training: A Comparative Analysis of Computer-Based Training and Instructor-Based Training

ERIC Educational Resources Information Center

Kim, Philip

2010-01-01

Financial institutions are increasingly finding difficulty defending against information security risks and threats, as they are often the number one target for information thieves. An effective information security training and awareness program can be a critical component of protecting an organization's information assets. Many financial…

Reducing Incongruity of Perceptions Related to Information Risk: Dialogical Action Research in Organizations

ERIC Educational Resources Information Center

Sedlack, Derek J.

2012-01-01

A critical overreliance on the technical dimension of information security has recently shifted toward more robust, organizationally focused information security methods to countermand $54 billion lost from computer security incidents. Developing a more balanced approach is required since protecting information is not an all or nothing…

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of Standards and Technology, Computer Security Division, Information Technology Laboratory, National... standards are available from the National Institute of Standards and Technology, Computer Security Division... 140-2, Security Requirements for Cryptographic Modules, May 25, 2001, as amended by Change Notices 2...

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

78 FR 38949 - Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... information as part of the research needed to write a NIST Special Publication (SP) to help Computer Security.... The NIST SP will identify technical standards, methodologies, procedures, and processes that facilitate prompt and effective response. This RFI requests information regarding technical best practices...

A method of non-contact reading code based on computer vision

NASA Astrophysics Data System (ADS)

Zhang, Chunsen; Zong, Xiaoyu; Guo, Bingxuan

2018-03-01

With the purpose of guarantee the computer information exchange security between internal and external network (trusted network and un-trusted network), A non-contact Reading code method based on machine vision has been proposed. Which is different from the existing network physical isolation method. By using the computer monitors, camera and other equipment. Deal with the information which will be on exchanged, Include image coding ,Generate the standard image , Display and get the actual image , Calculate homography matrix, Image distort correction and decoding in calibration, To achieve the computer information security, Non-contact, One-way transmission between the internal and external network , The effectiveness of the proposed method is verified by experiments on real computer text data, The speed of data transfer can be achieved 24kb/s. The experiment shows that this algorithm has the characteristics of high security, fast velocity and less loss of information. Which can meet the daily needs of the confidentiality department to update the data effectively and reliably, Solved the difficulty of computer information exchange between Secret network and non-secret network, With distinctive originality, practicability, and practical research value.

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

Examining the Relationship of Business Operations and the Information Security Culture in the United States

ERIC Educational Resources Information Center

Wynn, Cynthia L.

2017-01-01

An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

Computer User's Guide to the Protection of Information Resources. NIST Special Publication 500-171.

ERIC Educational Resources Information Center

Helsing, Cheryl; And Others

Computers have changed the way information resources are handled. Large amounts of information are stored in one central place and can be accessed from remote locations. Users have a personal responsibility for the security of the system and the data stored in it. This document outlines the user's responsibilities and provides security and control…

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Solis, John Hector

In this paper, we present a modular framework for constructing a secure and efficient program obfuscation scheme. Our approach, inspired by the obfuscation with respect to oracle machines model of [4], retains an interactive online protocol with an oracle, but relaxes the original computational and storage restrictions. We argue this is reasonable given the computational resources of modern personal devices. Furthermore, we relax the information-theoretic security requirement for computational security to utilize established cryptographic primitives. With this additional flexibility we are free to explore different cryptographic buildingblocks. Our approach combines authenticated encryption with private information retrieval to construct a securemore » program obfuscation framework. We give a formal specification of our framework, based on desired functionality and security properties, and provide an example instantiation. In particular, we implement AES in Galois/Counter Mode for authenticated encryption and the Gentry-Ramzan [13]constant communication-rate private information retrieval scheme. We present our implementation results and show that non-trivial sized programs can be realized, but scalability is quickly limited by computational overhead. Finally, we include a discussion on security considerations when instantiating specific modules.« less

Information Security: Serious Weakness Put State Department and FAA Operations at Risk

DOT National Transportation Integrated Search

1998-05-19

Testimony focuses on the results of recent reviews of computer security at the Department of State and the Federal Aviation Administration (FAA). Makes specific recommendations for improving State and FAA's information security posture. Highlights be...

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

Research on information security in big data era

NASA Astrophysics Data System (ADS)

Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

2018-05-01

Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

Secure Dynamic access control scheme of PHR in cloud computing.

PubMed

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines

ERIC Educational Resources Information Center

Waguespack, Leslie J.

2014-01-01

With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0007] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

76 FR 21373 - Privacy Act of 1974; Report of a New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-15

... Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... established by State law; (3) support litigation involving the Agency; (4) combat fraud, waste, and abuse in...

An Analysis of Information Technology Managers' and Executives' Security Concerns on Willingness to Adopt Cloud Computing Solutions

ERIC Educational Resources Information Center

Tanque, Marcus M.

2012-01-01

The research conducted in this study inquires about Information Technology (IT) managers' and executives' attitudes, beliefs, and knowledge on Cloud Computing (CC) security. The study evaluated how these factors affect IT managers' and executives' willingness to adopt CC solutions in their organizations. Confidentiality,…

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

Attitudes towards information system security among physicians in Croatia.

PubMed

Markota, M; Kern, J; Svab, I

2001-07-01

To examine attitudes about information system security among Croatian physicians a cross-sectional study was performed on a representative sample of 800 Croatian physicians. An anonymous questionnaire comprising 21 questions was distributed and statistical analysis was performed using a chi-square test. A 76.2% response rate was obtained. The majority of respondents (85.8%) believe that information system security is a new area in their work. In general, physicians are not informed about European directives, conventions, recommendations, etc. Only a small number of physicians use personal computers at work (29%). Those physicians who have a personal computer use it mainly for administrative reasons. Most healthcare institutions (89%) do not have a security manual and the area of information system security is left to individual interest and initiative. Only 25% of physicians who have a personal computer use any type of password. A high percentage of physicians (22%) has never thought about the problem of personal data being used by organizations (e.g. police, banks) without legal background; a small, but still significant percentage of physicians (5.6%) has even agreed with such use. Results indicate that for the vast majority of physicians, information system security is a new area in their daily work, one which is left to individual interest and initiative. They are not familiar with the ethical, technical and legal backgrounds which have been defined for that area within the Council of Europe and the European Union. New aspects: This is the first study performed in Central and Eastern Europe dealing with information system security, performed on a representative nationwide sample of all the physicians.

Information Security Scheme Based on Computational Temporal Ghost Imaging.

PubMed

Jiang, Shan; Wang, Yurong; Long, Tao; Meng, Xiangfeng; Yang, Xiulun; Shu, Rong; Sun, Baoqing

2017-08-09

An information security scheme based on computational temporal ghost imaging is proposed. A sequence of independent 2D random binary patterns are used as encryption key to multiply with the 1D data stream. The cipher text is obtained by summing the weighted encryption key. The decryption process can be realized by correlation measurement between the encrypted information and the encryption key. Due to the instinct high-level randomness of the key, the security of this method is greatly guaranteed. The feasibility of this method and robustness against both occlusion and additional noise attacks are discussed with simulation, respectively.

Information Security and the Internet.

ERIC Educational Resources Information Center

Doddrell, Gregory R.

1996-01-01

As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

ERIC Educational Resources Information Center

Telecommunications Policy Research Conference, Inc., Washington, DC.

In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

75 FR 68396 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

78 FR 16564 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0073] Privacy Act of 1974, as Amended...

78 FR 12127 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... 1310 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0007] Privacy Act of 1974, as Amended...

75 FR 51154 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... 1310 AGENCY: Social Security Administration (SSA) ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0035] Privacy Act of 1974, as Amended...

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

What's in a Name?

ERIC Educational Resources Information Center

Petersen, Rodney

2004-01-01

The evolution of terms, such as computer security, network security, information security, and information assurance, appears to reflect a changing landscape, largely influenced by rapid developments in technology and the maturity of a relatively young profession and an emerging academic discipline. What lies behind the evolution of these terms?…

Report: Fiscal Year 2011 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #12-P-0062, November 9, 2011. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2011 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

10 CFR 73.22 - Protection of Safeguards Information: Specific requirements.

Code of Federal Regulations, 2012 CFR

2012-01-01

... protection. Information not classified as Restricted Data or National Security Information related to.... Information not classified as Restricted Data or National Security Information related to the transportation... container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the...

10 CFR 73.22 - Protection of Safeguards Information: Specific requirements.

Code of Federal Regulations, 2014 CFR

2014-01-01

... protection. Information not classified as Restricted Data or National Security Information related to.... Information not classified as Restricted Data or National Security Information related to the transportation... container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the...

10 CFR 73.22 - Protection of Safeguards Information: Specific requirements.

Code of Federal Regulations, 2011 CFR

2011-01-01

... protection. Information not classified as Restricted Data or National Security Information related to.... Information not classified as Restricted Data or National Security Information related to the transportation... container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the...

10 CFR 73.22 - Protection of Safeguards Information: Specific requirements.

Code of Federal Regulations, 2013 CFR

2013-01-01

... protection. Information not classified as Restricted Data or National Security Information related to.... Information not classified as Restricted Data or National Security Information related to the transportation... container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the...

10 CFR 73.22 - Protection of Safeguards Information: Specific requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... protection. Information not classified as Restricted Data or National Security Information related to.... Information not classified as Restricted Data or National Security Information related to the transportation... container when not in use. (3) A mobile device (such as a laptop computer) may also be used for the...

Computer simulation of functioning of elements of security systems

NASA Astrophysics Data System (ADS)

Godovykh, A. V.; Stepanov, B. P.; Sheveleva, A. A.

2017-01-01

The article is devoted to issues of development of the informational complex for simulation of functioning of the security system elements. The complex is described from the point of view of main objectives, a design concept and an interrelation of main elements. The proposed conception of the computer simulation provides an opportunity to simulate processes of security system work for training security staff during normal and emergency operation.

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

DOE's Computer Incident Advisory Capability (CIAC)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schultz, E.

1990-09-01

Computer security is essential in maintaining quality in the computing environment. Computer security incidents, however, are becoming more sophisticated. The DOE Computer Incident Advisory Capability (CIAC) team was formed primarily to assist DOE sites in responding to computer security incidents. Among CIAC's other responsibilities are gathering and distributing information to DOE sites, providing training workshops, coordinating with other agencies, response teams, and vendors, creating guidelines for incident handling, and developing software tools. CIAC has already provided considerable assistance to DOE sites faced with virus infections and worm and hacker attacks, has issued over 40 information bulletins, and has developed andmore » presented a workshop on incident handling. CIAC's experience in helping sites has produced several lessons learned, including the need to follow effective procedures to avoid virus infections in small systems and the need for sound password management and system administration in networked systems. CIAC's activity and scope will expand in the future. 4 refs.« less

Research on computer virus database management system

NASA Astrophysics Data System (ADS)

Qi, Guoquan

2011-12-01

The growing proliferation of computer viruses becomes the lethal threat and research focus of the security of network information. While new virus is emerging, the number of viruses is growing, virus classification increasing complex. Virus naming because of agencies' capture time differences can not be unified. Although each agency has its own virus database, the communication between each other lacks, or virus information is incomplete, or a small number of sample information. This paper introduces the current construction status of the virus database at home and abroad, analyzes how to standardize and complete description of virus characteristics, and then gives the information integrity, storage security and manageable computer virus database design scheme.

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

ERIC Educational Resources Information Center

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

Cyber Security: Big Data Think II Working Group Meeting

NASA Technical Reports Server (NTRS)

Hinke, Thomas; Shaw, Derek

2015-01-01

This presentation focuses on approaches that could be used by a data computation center to identify attacks and ensure malicious code and backdoors are identified if planted in system. The goal is to identify actionable security information from the mountain of data that flows into and out of an organization. The approaches are applicable to big data computational center and some must also use big data techniques to extract the actionable security information from the mountain of data that flows into and out of a data computational center. The briefing covers the detection of malicious delivery sites and techniques for reducing the mountain of data so that intrusion detection information can be useful, and not hidden in a plethora of false alerts. It also looks at the identification of possible unauthorized data exfiltration.

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Security analysis of cyber-physical system

NASA Astrophysics Data System (ADS)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

77 FR 49849 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-17

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer-matching... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0021] Privacy Act of 1974, as Amended...

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

78 FR 51264 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-20

... 1016 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0022] Privacy Act of 1974, as Amended...

77 FR 24756 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0084] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988...

77 FR 6620 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/the States); Match 6000 and 6003

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-08

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0102] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ the States); Match 6000 and 6003 AGENCY: Social Security Administration..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

75 FR 18251 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0066] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match 1305 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

76 FR 12398 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0034] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1304 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems.

PubMed

Lou, Der-Chyuan; Lee, Tian-Fu; Lin, Tsung-Hung

2015-05-01

Authenticated key agreements for telecare medicine information systems provide patients, doctors, nurses and health visitors with accessing medical information systems and getting remote services efficiently and conveniently through an open network. In order to have higher security, many authenticated key agreement schemes appended biometric keys to realize identification except for using passwords and smartcards. Due to too many transmissions and computational costs, these authenticated key agreement schemes are inefficient in communication and computation. This investigation develops two secure and efficient authenticated key agreement schemes for telecare medicine information systems by using biometric key and extended chaotic maps. One scheme is synchronization-based, while the other nonce-based. Compared to related approaches, the proposed schemes not only retain the same security properties with previous schemes, but also provide users with privacy protection and have fewer transmissions and lower computational cost.

A Demonstration of a Trusted Computer Interface Between a Multilevel Secure Command and Control System and Untrusted Tactical Data Systems.

DTIC Science & Technology

1987-03-01

information and work in a completely secure environment. Information used with today’s C3I systems must be protected. To better understand the role of...and security was of minor concern. The user either worked on his own behalf or as a programmer for someone else. The computer power was limited. With...Although the modules may be of the same classification level, the manager may want to limit each team’s access to the module on which they are working

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets

DTIC Science & Technology

2001-11-09

COMPUTER SECURITY Improvements Needed to Reduce Risk to Critical Federal Operations and Assets Statement of Robert F. Dacey Director, Information...Improvements Needed to Reduce Risk to Critical Federal Operations and Assets Contract Number Grant Number Program Element Number Author(s...The benefits have been enormous. Vast amounts of information are now literally at our fingertips, facilitating research on virtually every topic

New Information Dispersal Techniques for Trustworthy Computing

ERIC Educational Resources Information Center

Parakh, Abhishek

2011-01-01

Information dispersal algorithms (IDA) are used for distributed data storage because they simultaneously provide security, reliability and space efficiency, constituting a trustworthy computing framework for many critical applications, such as cloud computing, in the information society. In the most general sense, this is achieved by dividing data…

75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-01

... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...

46 CFR 501.5 - Functions of the organizational components of the Federal Maritime Commission.

Code of Federal Regulations, 2012 CFR

2012-10-01

... administering IT contracts. The Office is also responsible for managing the computer security program. The... relevant EEOC Directives and Bulletins. (2) The Information Security Officer is a senior agency official designated under § 503.52 of this chapter to direct and administer the Commission's information security...

46 CFR 501.5 - Functions of the organizational components of the Federal Maritime Commission.

Code of Federal Regulations, 2013 CFR

2013-10-01

... administering IT contracts. The Office is also responsible for managing the computer security program. The... relevant EEOC Directives and Bulletins. (2) The Information Security Officer is a senior agency official designated under § 503.52 of this chapter to direct and administer the Commission's information security...

A Hands-On Approach for Teaching Denial of Service Attacks: A Case Study

ERIC Educational Resources Information Center

Trabelsi, Zouheir; Ibrahim, Walid

2013-01-01

Nowadays, many academic institutions are including ethical hacking in their information security and Computer Science programs. Information security students need to experiment common ethical hacking techniques in order to be able to implement the appropriate security solutions. This will allow them to more efficiently protect the confidentiality,…

The Battle to Secure Our Public Access Computers

ERIC Educational Resources Information Center

Sendze, Monique

2006-01-01

Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Lock It Up! Computer Security.

ERIC Educational Resources Information Center

Wodarz, Nan

1997-01-01

The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-20

... Institute of Standards and Technology (NIST), United States Department of Commerce. ACTION: Notice, extension of comment period. SUMMARY: NIST is extending the deadline for submitting comments relating to Computer Security Incident Coordination. NIST experienced technical difficulties with receiving email...

Use of a secure Internet Web site for collaborative medical research.

PubMed

Marshall, W W; Haley, R W

2000-10-11

Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849.

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

77 FR 14525 - Statement of Organization, Functions, and Delegations of Authority

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-12

... maintains the CDC Computer Security Incident Response Team; (4) performs cyber security incident reporting... systems planning and support; internal security and emergency preparedness; and management analysis and... security; education, training, and workforce development in information and IT disciplines; development and...

Protecting clinical data on Web client computers: the PCASSO approach.

PubMed Central

Masys, D. R.; Baker, D. B.

1998-01-01

The ubiquity and ease of use of the Web have made it an increasingly popular medium for communication of health-related information. Web interfaces to commercially available clinical information systems are now available or under development by most major vendors. To the extent that such interfaces involve the use of unprotected operating systems, they are vulnerable to security limitations of Web client software environments. The Patient Centered Access to Secure Systems Online (PCASSO) project extends the protections for person-identifiable health data on Web client computers. PCASSO uses several approaches, including physical protection of authentication information, execution containment, graphical displays, and monitoring the client system for intrusions and co-existing programs that may compromise security. PMID:9929243

Computer security: a necessary element of integrated information systems.

PubMed Central

Butzen, F; Furler, F

1986-01-01

The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data. PMID:3742113

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... The agenda is expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from...

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Proposal for founding mistrustful quantum cryptography on coin tossing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian; Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZ,

2003-07-01

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process, or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multiparty computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signaling constraints into account. The best that can be hoped for, in general, aremore » quantum protocols which are computationally secure against quantum attack. Here a method is described for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin-tossing protocol. No security proof is attempted, but reasons are sketched why these protocols might resist quantum computational attack.« less

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

A System Architecture to Support a Verifiably Secure Multilevel Security System.

DTIC Science & Technology

1980-06-01

4] Newmann, P.G., R. Fabry, K. Levitt, L. Robin - provide a tradeoff between cost and system secur- son, J. Wensley , "On the Design of a Provably ity...ICS-80/05 NL 112. 11W1 --1.25 1111 6 Mli,’O~ll Rl OIIION W AII .q3 0 School of Information and Computer Science S =GEORGIA INSTITUTE OF TECHNOLOGY 808...Multilevel Security Systemt (Extended Abstract) George I. Davida Department of Electical Engineering and Computer Science University of Wisconsin

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

Reversible Data Hiding Based on DNA Computing

PubMed Central

Xie, Yingjie

2017-01-01

Biocomputing, especially DNA, computing has got great development. It is widely used in information security. In this paper, a novel algorithm of reversible data hiding based on DNA computing is proposed. Inspired by the algorithm of histogram modification, which is a classical algorithm for reversible data hiding, we combine it with DNA computing to realize this algorithm based on biological technology. Compared with previous results, our experimental results have significantly improved the ER (Embedding Rate). Furthermore, some PSNR (peak signal-to-noise ratios) of test images are also improved. Experimental results show that it is suitable for protecting the copyright of cover image in DNA-based information security. PMID:28280504

48 CFR 352.239-70 - Standard for security configurations.

Code of Federal Regulations, 2010 CFR

2010-10-01

... configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm) and ensure that its computers have and maintain the latest... technology (IT) that is used to process information on behalf of HHS. The following security configuration...

48 CFR 352.239-70 - Standard for security configurations.

Code of Federal Regulations, 2011 CFR

2011-10-01

... configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm) and ensure that its computers have and maintain the latest... technology (IT) that is used to process information on behalf of HHS. The following security configuration...

48 CFR 352.239-70 - Standard for security configurations.

Code of Federal Regulations, 2013 CFR

2013-10-01

... configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm) and ensure that its computers have and maintain the latest... technology (IT) that is used to process information on behalf of HHS. The following security configuration...

48 CFR 352.239-70 - Standard for security configurations.

Code of Federal Regulations, 2014 CFR

2014-10-01

... configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm) and ensure that its computers have and maintain the latest... technology (IT) that is used to process information on behalf of HHS. The following security configuration...

48 CFR 352.239-70 - Standard for security configurations.

Code of Federal Regulations, 2012 CFR

2012-10-01

... configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm) and ensure that its computers have and maintain the latest... technology (IT) that is used to process information on behalf of HHS. The following security configuration...

Statistical process control based chart for information systems security

NASA Astrophysics Data System (ADS)

Khan, Mansoor S.; Cui, Lirong

2015-07-01

Intrusion detection systems have a highly significant role in securing computer networks and information systems. To assure the reliability and quality of computer networks and information systems, it is highly desirable to develop techniques that detect intrusions into information systems. We put forward the concept of statistical process control (SPC) in computer networks and information systems intrusions. In this article we propose exponentially weighted moving average (EWMA) type quality monitoring scheme. Our proposed scheme has only one parameter which differentiates it from the past versions. We construct the control limits for the proposed scheme and investigate their effectiveness. We provide an industrial example for the sake of clarity for practitioner. We give comparison of the proposed scheme with EWMA schemes and p chart; finally we provide some recommendations for the future work.

When trust defies common security sense.

PubMed

Williams, Patricia A H

2008-09-01

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

"Glitch Logic" and Applications to Computing and Information Security

NASA Technical Reports Server (NTRS)

Stoica, Adrian; Katkoori, Srinivas

2009-01-01

This paper introduces a new method of information processing in digital systems, and discusses its potential benefits to computing and information security. The new method exploits glitches caused by delays in logic circuits for carrying and processing information. Glitch processing is hidden to conventional logic analyses and undetectable by traditional reverse engineering techniques. It enables the creation of new logic design methods that allow for an additional controllable "glitch logic" processing layer embedded into a conventional synchronous digital circuits as a hidden/covert information flow channel. The combination of synchronous logic with specific glitch logic design acting as an additional computing channel reduces the number of equivalent logic designs resulting from synthesis, thus implicitly reducing the possibility of modification and/or tampering with the design. The hidden information channel produced by the glitch logic can be used: 1) for covert computing/communication, 2) to prevent reverse engineering, tampering, and alteration of design, and 3) to act as a channel for information infiltration/exfiltration and propagation of viruses/spyware/Trojan horses.

Virtualization in education: Information Security lab in your hands

NASA Astrophysics Data System (ADS)

Karlov, A. A.

2016-09-01

The growing demand for qualified specialists in advanced information technologies poses serious challenges to the education and training of young personnel for science, industry and social problems. Virtualization as a way to isolate the user from the physical characteristics of computing resources (processors, servers, operating systems, networks, applications, etc.), has, in particular, an enormous influence in the field of education, increasing its efficiency, reducing the cost, making it more widely and readily available. The study of Information Security of computer systems is considered as an example of use of virtualization in education.

Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems.

PubMed

Lee, Tian-Fu

2014-12-01

Telecare medicine information systems provide a communicating platform for accessing remote medical resources through public networks, and help health care workers and medical personnel to rapidly making correct clinical decisions and treatments. An authentication scheme for data exchange in telecare medicine information systems enables legal users in hospitals and medical institutes to establish a secure channel and exchange electronic medical records or electronic health records securely and efficiently. This investigation develops an efficient and secure verified-based three-party authentication scheme by using extended chaotic maps for data exchange in telecare medicine information systems. The proposed scheme does not require server's public keys and avoids time-consuming modular exponential computations and scalar multiplications on elliptic curve used in previous related approaches. Additionally, the proposed scheme is proven secure in the random oracle model, and realizes the lower bounds of messages and rounds in communications. Compared to related verified-based approaches, the proposed scheme not only possesses higher security, but also has lower computational cost and fewer transmissions. Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.

Analysis of Computer Network Information Based on "Big Data"

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-11-01

With the development of the current era, computer network and large data gradually become part of the people's life, people use the computer to provide convenience for their own life, but at the same time there are many network information problems has to pay attention. This paper analyzes the information security of computer network based on "big data" analysis, and puts forward some solutions.

Report: Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2006-S-00008, September 25, 2006. Although the Agency has made substantial progress to improve its security program, the OIG identified weaknesses in the Agency’s incident reporting practices.

17 CFR 230.426 - Filing of certain prospectuses under § 230.167 in connection with certain offerings of asset...

Code of Federal Regulations, 2014 CFR

2014-04-01

... section, ABS informational and computational material made in reliance on § 230.167 that meet the...) ABS informational and computational material that relate to abandoned structures or that are furnished... intention to purchase the asset-backed securities. (2) Any ABS informational and computational material if a...

17 CFR 230.426 - Filing of certain prospectuses under § 230.167 in connection with certain offerings of asset...

Code of Federal Regulations, 2012 CFR

2012-04-01

... section, ABS informational and computational material made in reliance on § 230.167 that meet the...) ABS informational and computational material that relate to abandoned structures or that are furnished... intention to purchase the asset-backed securities. (2) Any ABS informational and computational material if a...

17 CFR 230.426 - Filing of certain prospectuses under § 230.167 in connection with certain offerings of asset...

Code of Federal Regulations, 2010 CFR

2010-04-01

... section, ABS informational and computational material made in reliance on § 230.167 that meet the...) ABS informational and computational material that relate to abandoned structures or that are furnished... intention to purchase the asset-backed securities. (2) Any ABS informational and computational material if a...

17 CFR 230.426 - Filing of certain prospectuses under § 230.167 in connection with certain offerings of asset...

Code of Federal Regulations, 2013 CFR

2013-04-01

... section, ABS informational and computational material made in reliance on § 230.167 that meet the...) ABS informational and computational material that relate to abandoned structures or that are furnished... intention to purchase the asset-backed securities. (2) Any ABS informational and computational material if a...

17 CFR 230.426 - Filing of certain prospectuses under § 230.167 in connection with certain offerings of asset...

Code of Federal Regulations, 2011 CFR

2011-04-01

... section, ABS informational and computational material made in reliance on § 230.167 that meet the...) ABS informational and computational material that relate to abandoned structures or that are furnished... intention to purchase the asset-backed securities. (2) Any ABS informational and computational material if a...

Business continuity strategies for cyber defence: battling time and information overload.

PubMed

Streufert, John

2010-11-01

Can the same numbers and letters which are the life blood of modern business and government computer systems be harnessed to protect computers from attack against known information security risks? For the past seven years, Foreign Service officers and technicians of the US Government have sought to maintain diplomatic operations in the face of rising cyber attacks and test the hypothesis that an ounce of prevention is worth a pound of cure. As eight out of ten attacks leverage known computer security vulnerabilities or configuration setting weaknesses, a pound of cure would seem to be easy to come by. Yet modern security tools present an unusually consequential threat to business continuity - too much rather than too little information on cyber problems is presented, harking back to a phenomenon cited by social scientists in the 1960s called 'information overload'. Experience indicates that the longer the most serious cyber problems go untreated, the wider the attack surface adversaries can find. One technique used at the Department of State, called 'risk scoring', resulted in an 89 per cent overall reduction in measured risk over 12 months for the Department of State's servers and personal computers. Later refinements of risk scoring enabled technicians to correct unique security threats with unprecedented speed. This paper explores how the use of metrics, special care in presenting information to technicians and executives alike, as well as tactical use of organisational incentives can result in stronger cyber defences protecting modern organisations.

Blind Quantum Signature with Blind Quantum Computation

NASA Astrophysics Data System (ADS)

Li, Wei; Shi, Ronghua; Guo, Ying

2017-04-01

Blind quantum computation allows a client without quantum abilities to interact with a quantum server to perform a unconditional secure computing protocol, while protecting client's privacy. Motivated by confidentiality of blind quantum computation, a blind quantum signature scheme is designed with laconic structure. Different from the traditional signature schemes, the signing and verifying operations are performed through measurement-based quantum computation. Inputs of blind quantum computation are securely controlled with multi-qubit entangled states. The unique signature of the transmitted message is generated by the signer without leaking information in imperfect channels. Whereas, the receiver can verify the validity of the signature using the quantum matching algorithm. The security is guaranteed by entanglement of quantum system for blind quantum computation. It provides a potential practical application for e-commerce in the cloud computing and first-generation quantum computation.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2013 CFR

2013-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2011 CFR

2011-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2014 CFR

2014-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2012 CFR

2012-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

Threshold Things That Think: Authorisation for Resharing

NASA Astrophysics Data System (ADS)

Peeters, Roel; Kohlweiss, Markulf; Preneel, Bart

As we are evolving towards ubiquitous computing, users carry an increasing number of mobile devices with sensitive information. The security of this information can be protected using threshold cryptography, in which secret computations are shared between multiple devices. Threshold cryptography can be made more robust by resharing protocols, which allow recovery from partial compromises. This paper introduces user-friendly and secure protocols for the authorisation of resharing protocols. We present both automatic and manual protocols, utilising a group manual authentication protocol to add a new device. We analyse the security of these protocols: our analysis considers permanent and temporary compromises, denial of service attacks and manual authentications errors of the user.

A study on user authentication methodology using numeric password and fingerprint biometric information.

PubMed

Ju, Seung-hwan; Seo, Hee-suk; Han, Sung-hyu; Ryou, Jae-cheol; Kwak, Jin

2013-01-01

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility.

A Study on User Authentication Methodology Using Numeric Password and Fingerprint Biometric Information

PubMed Central

Ju, Seung-hwan; Seo, Hee-suk; Han, Sung-hyu; Ryou, Jae-cheol

2013-01-01

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility. PMID:24151601

Management, Security, and Congressional Oversight. Federal Government Information Technology.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

This report considers the management, use, and congressional oversight of information technology in the Federal Government as rapid advances in technology--e.g., microcomputers, computer networking, computer modeling, videoconferencing, and electronic information exchange--are generating many new applications, opportunities, and issues which are…

75 FR 68849 - Privacy Act of 1974: System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-09

... processing of personal information is conducted within established FAA computer security regulations. A risk... SECURITY CLASSIFICATION: Sensitive, unclassified SYSTEM LOCATION: Federal Aviation Administration (FAA... Enforcement Centers of the Drug Abatement Division; Office of Security and Hazardous Materials; Flight...

75 FR 16123 - Dave & Buster’s, Inc.; Analysis of Proposed Consent Order to Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-31

... computer networks or to conduct security investigations, such as by employing an intrusion detection system and monitoring system logs; (b) failed to adequately restrict third-party access to its networks, such... reasonable and appropriate security for personal information on its computer networks. Among other things...

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Data mining technique for a secure electronic payment transaction using MJk-RSA in mobile computing

NASA Astrophysics Data System (ADS)

G. V., Ramesh Babu; Narayana, G.; Sulaiman, A.; Padmavathamma, M.

2012-04-01

Due to the evolution of the Electronic Learning (E-Learning), one can easily get desired information on computer or mobile system connected through Internet. Currently E-Learning materials are easily accessible on the desktop computer system, but in future, most of the information shall also be available on small digital devices like Mobile, PDA, etc. Most of the E-Learning materials are paid and customer has to pay entire amount through credit/debit card system. Therefore, it is very important to study about the security of the credit/debit card numbers. The present paper is an attempt in this direction and a security technique is presented to secure the credit/debit card numbers supplied over the Internet to access the E-Learning materials or any kind of purchase through Internet. A well known method i.e. Data Cube Technique is used to design the security model of the credit/debit card system. The major objective of this paper is to design a practical electronic payment protocol which is the safest and most secured mode of transaction. This technique may reduce fake transactions which are above 20% at the global level.

Cloud Computing - A Unified Approach for Surveillance Issues

NASA Astrophysics Data System (ADS)

Rachana, C. R.; Banu, Reshma, Dr.; Ahammed, G. F. Ali, Dr.; Parameshachari, B. D., Dr.

2017-08-01

Cloud computing describes highly scalable resources provided as an external service via the Internet on a basis of pay-per-use. From the economic point of view, the main attractiveness of cloud computing is that users only use what they need, and only pay for what they actually use. Resources are available for access from the cloud at any time, and from any location through networks. Cloud computing is gradually replacing the traditional Information Technology Infrastructure. Securing data is one of the leading concerns and biggest issue for cloud computing. Privacy of information is always a crucial pointespecially when an individual’s personalinformation or sensitive information is beingstored in the organization. It is indeed true that today; cloud authorization systems are notrobust enough. This paper presents a unified approach for analyzing the various security issues and techniques to overcome the challenges in the cloud environment.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis workstation and our teleradiology network system can increase diagnostic speed, diagnostic accuracy and security improvement of medical information.

Proceedings of the Seminar on the DOD Computer Security Initiative (4th) Held at the National Bureau of Standards, Gaithersburg, Maryland on August 10-12, 1981.

DTIC Science & Technology

1981-01-01

comparison of formal and informal design methodologies will show how we think they are converging. Lastly, I will describe our involvement with the DoD...computer security must begin with the design methodology , with the objective being provability. The idea ofa formal evaluation and on-the-shelf... Methodologies ] Here we can compare the formal design methodologies with those used by informal practitioners like Control Data. Obviously, both processes

Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

ERIC Educational Resources Information Center

Benson, Allen C.

This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

State-of-the-art research on electromagnetic information security

NASA Astrophysics Data System (ADS)

Hayashi, Yu-ichi

2016-07-01

As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

Research on Influence of Cloud Environment on Traditional Network Security

NASA Astrophysics Data System (ADS)

Ming, Xiaobo; Guo, Jinhua

2018-02-01

Cloud computing is a symbol of the progress of modern information network, cloud computing provides a lot of convenience to the Internet users, but it also brings a lot of risk to the Internet users. Second, one of the main reasons for Internet users to choose cloud computing is that the network security performance is great, it also is the cornerstone of cloud computing applications. This paper briefly explores the impact on cloud environment on traditional cybersecurity, and puts forward corresponding solutions.

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

A model-driven approach to information security compliance

NASA Astrophysics Data System (ADS)

Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

2017-06-01

The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

Security in perspective; luxury or must?

PubMed

Bakker, A

1998-03-01

In this paper, security in health information systems is put into perspective. The further penetration of information technology into health care is discussed and it is concluded that information systems have already become a vital component, not only for the logistics of the health care institution but also for the rendering of care and cure. Health care depends heavily on adequate data, so availability and integrity are equally important. In view of the sensitive nature of many patient data, the importance of confidentiality was recognised long before computers were invented. For widespread use of IT in health care it is of vital importance that computers can be trusted in respect of confidentiality. This paper emphasises the need to pay attention to security and suggests a responsible approach with implementation of both technical and organisational measures.

The Cybercitizen Dimension: A Quantitative Study Using a Threat Avoidance Perspective

ERIC Educational Resources Information Center

Manzano, Debbie L.

2012-01-01

The importance of information security is understated and theory-based empirical research that explains computer users voluntary IT threat avoidance behavior is lacking. Most existing information security research on individual behaviors has been focused in organizational settings where the threat avoidance behavior is mandatory and dictated by…

Building a Successful Security Infrastructure: What You Want vs. What You Need vs. What You Can Afford

NASA Technical Reports Server (NTRS)

Crabb, Michele D.; Woodrow, Thomas S. (Technical Monitor)

1995-01-01

With the fast growing popularity of the Internet, many organizations are racing to get onto the on-ramp to the Information Superhighway. However, with frequent headlines such as 'Hackers' break in at General Electric raises questions about the Net's Security', 'Internet Security Imperiled - Hackers steal data that could threaten computers world-wide' and 'Stanford Computer system infiltrated; Security fears grow', organizations find themselves rethinking their approach to the on-ramp. Is the Internet safe? What do I need to do to protect my organization? Will hackers try to break into my systems? These are questions many organizations are asking themselves today. In order to safely travel along the Information Superhighway, organizations need a strong security framework. Developing such a framework for a computer site, whether it be just a few dozen hosts or several thousand hosts is not an easy task. The security infrastructure for a site is often developed piece-by-piece in response to security incidents which have affected that site over time. Or worse yet, no coordinated effort has been dedicated toward security. The end result is that many sites are still poorly prepared to handle the security dangers of the Internet. This paper presents guidelines for building a successful security infrastructure. The problem is addressed in a cookbook style method. First is a discussion on how to identify your assets and evaluate the threats to those assets; next are suggestions and tips for identifying the weak areas in your security armor. Armed with this information we can begin to think about what you really need for your site and what you can afford. In this stage of the process we examine the different categories of security tools and products that are available and then present some tips for deciding what is best for your site.

Optical identity authentication technique based on compressive ghost imaging with QR code

NASA Astrophysics Data System (ADS)

Wenjie, Zhan; Leihong, Zhang; Xi, Zeng; Yi, Kang

2018-04-01

With the rapid development of computer technology, information security has attracted more and more attention. It is not only related to the information and property security of individuals and enterprises, but also to the security and social stability of a country. Identity authentication is the first line of defense in information security. In authentication systems, response time and security are the most important factors. An optical authentication technology based on compressive ghost imaging with QR codes is proposed in this paper. The scheme can be authenticated with a small number of samples. Therefore, the response time of the algorithm is short. At the same time, the algorithm can resist certain noise attacks, so it offers good security.

77 FR 65438 - In the Matter of China Voice Holding Corp., China Yongxin Pharmaceuticals, Inc., Creative...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-26

... Commission that there is a lack of current and accurate information concerning the securities of CSI Computer... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of China Voice Holding Corp... Telecommunications.com , Inc. (n/k/a Fleet Management Solutions, Inc.), CSI Computer Specialists, Inc., and CST...

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

A New Approach to Understanding Information Assurance

NASA Astrophysics Data System (ADS)

Blyth, Andrew; Williams, Colin; Bryant, Ian; Mattinson, Harvey

The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include Non-Repudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modern use of computing has generated. Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Symmetrically private information retrieval based on blind quantum computing

NASA Astrophysics Data System (ADS)

Sun, Zhiwei; Yu, Jianping; Wang, Ping; Xu, Lingling

2015-05-01

Universal blind quantum computation (UBQC) is a new secure quantum computing protocol which allows a user Alice who does not have any sophisticated quantum technology to delegate her computing to a server Bob without leaking any privacy. Using the features of UBQC, we propose a protocol to achieve symmetrically private information retrieval, which allows a quantum limited Alice to query an item from Bob with a fully fledged quantum computer; meanwhile, the privacy of both parties is preserved. The security of our protocol is based on the assumption that malicious Alice has no quantum computer, which avoids the impossibility proof of Lo. For the honest Alice, she is almost classical and only requires minimal quantum resources to carry out the proposed protocol. Therefore, she does not need any expensive laboratory which can maintain the coherence of complicated quantum experimental setups.

Security & Privacy Policy - Naval Oceanography Portal

Science.gov Websites

Notice: This is a U.S. Government Web Site 1. This is a World Wide Web site for official information information on this Web site are strictly prohibited and may be punishable under the Computer Fraud and Abuse Information Act (FOIA) | External Link Disclaimer This is an official U.S. Navy web site. Security &

How Secure Is Education in Information Technology? A Method for Evaluating Security Education in IT

ERIC Educational Resources Information Center

Grover, Mark; Reinicke, Bryan; Cummings, Jeff

2016-01-01

As the popularity of Information Technology programs has expanded at many universities, there are a number of questions to be answered from a curriculum standpoint. As many of these programs are either interdisciplinary, or at least exist outside of the usual Computer Science and Information Systems programs, questions of what is appropriate for…

Security. Review Software for Advanced CHOICE. CHOICE (Challenging Options in Career Education).

ERIC Educational Resources Information Center

Pitts, Ilse M.; And Others

CHOICE Security is an Apple computer game activity designed to help secondary migrant students memorize their social security numbers and reinforce job and role information presented in "Career Notes, First Applications." The learner may choose from four time options and whether to have the social security number visible on the screen or…

Instrumentation for Scientific Computing in Neural Networks, Information Science, Artificial Intelligence, and Applied Mathematics.

DTIC Science & Technology

1987-10-01

include Security Classification) Instrumentation for scientific computing in neural networks, information science, artificial intelligence, and...instrumentation grant to purchase equipment for support of research in neural networks, information science, artificail intellignece , and applied mathematics...in Neural Networks, Information Science, Artificial Intelligence, and Applied Mathematics Contract AFOSR 86-0282 Principal Investigator: Stephen

Software For Computer-Security Audits

NASA Technical Reports Server (NTRS)

Arndt, Kate; Lonsford, Emily

1994-01-01

Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

PubMed

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

A mapping of information security in health Information Systems in Latin America and Brazil.

PubMed

Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo

2013-01-01

In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.

Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

ERIC Educational Resources Information Center

Szuba, Tom

This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

76 FR 44332 - Privacy Act of 1974; Notice of Updated Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-25

... are safeguarded in accordance with the requirements of the Privacy Act, the Computer Security Act, and... Security Numbers, birth dates and credit card numbers or other banking information, and (2) contract... bidders and buyers, including, but not limited to, names, phone numbers, addresses, Social Security...

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2014 CFR

2014-04-01

... the National Institute of Standards and Technology, Computer Security Division, Information Technology... Publication (FIPS PUB) 140-2, Change Notices (12-03-2002), Security Requirements for Cryptographic Modules... §§ 1311.30(b), 1311.55(b), 1311.115(b), 1311.120(b), 1311.205(b). (i) Annex A: Approved Security Functions...

A Study on Corporate Security Awareness and Compliance Behavior Intent

ERIC Educational Resources Information Center

Clark, Christine Y.

2013-01-01

Understanding the drivers to encourage employees' security compliance behavior is increasingly important in today's highly networked environment to protect computer and information assets of the company. The traditional approach for corporations to implement technology-based controls, to prevent security breaches is no longer sufficient.…

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

Can the Analytical Hierarchy Process Model Be Effectively Applied in the Prioritization of Information Assurance Defense In-Depth Measures? --A Quantitative Study

ERIC Educational Resources Information Center

Alexander, Rodney T.

2017-01-01

Organizational computing devices are increasingly becoming targets of cyber-attacks, and organizations have become dependent on the safety and security of their computer networks and their organizational computing devices. Business and government often use defense in-depth information assurance measures such as firewalls, intrusion detection…

Unequal Probability Marking Approach to Enhance Security of Traceback Scheme in Tree-Based WSNs.

PubMed

Huang, Changqin; Ma, Ming; Liu, Xiao; Liu, Anfeng; Zuo, Zhengbang

2017-06-17

Fog (from core to edge) computing is a newly emerging computing platform, which utilizes a large number of network devices at the edge of a network to provide ubiquitous computing, thus having great development potential. However, the issue of security poses an important challenge for fog computing. In particular, the Internet of Things (IoT) that constitutes the fog computing platform is crucial for preserving the security of a huge number of wireless sensors, which are vulnerable to attack. In this paper, a new unequal probability marking approach is proposed to enhance the security performance of logging and migration traceback (LM) schemes in tree-based wireless sensor networks (WSNs). The main contribution of this paper is to overcome the deficiency of the LM scheme that has a higher network lifetime and large storage space. In the unequal probability marking logging and migration (UPLM) scheme of this paper, different marking probabilities are adopted for different nodes according to their distances to the sink. A large marking probability is assigned to nodes in remote areas (areas at a long distance from the sink), while a small marking probability is applied to nodes in nearby area (areas at a short distance from the sink). This reduces the consumption of storage and energy in addition to enhancing the security performance, lifetime, and storage capacity. Marking information will be migrated to nodes at a longer distance from the sink for increasing the amount of stored marking information, thus enhancing the security performance in the process of migration. The experimental simulation shows that for general tree-based WSNs, the UPLM scheme proposed in this paper can store 1.12-1.28 times the amount of stored marking information that the equal probability marking approach achieves, and has 1.15-1.26 times the storage utilization efficiency compared with other schemes.

Unequal Probability Marking Approach to Enhance Security of Traceback Scheme in Tree-Based WSNs

PubMed Central

Huang, Changqin; Ma, Ming; Liu, Xiao; Liu, Anfeng; Zuo, Zhengbang

2017-01-01

Fog (from core to edge) computing is a newly emerging computing platform, which utilizes a large number of network devices at the edge of a network to provide ubiquitous computing, thus having great development potential. However, the issue of security poses an important challenge for fog computing. In particular, the Internet of Things (IoT) that constitutes the fog computing platform is crucial for preserving the security of a huge number of wireless sensors, which are vulnerable to attack. In this paper, a new unequal probability marking approach is proposed to enhance the security performance of logging and migration traceback (LM) schemes in tree-based wireless sensor networks (WSNs). The main contribution of this paper is to overcome the deficiency of the LM scheme that has a higher network lifetime and large storage space. In the unequal probability marking logging and migration (UPLM) scheme of this paper, different marking probabilities are adopted for different nodes according to their distances to the sink. A large marking probability is assigned to nodes in remote areas (areas at a long distance from the sink), while a small marking probability is applied to nodes in nearby area (areas at a short distance from the sink). This reduces the consumption of storage and energy in addition to enhancing the security performance, lifetime, and storage capacity. Marking information will be migrated to nodes at a longer distance from the sink for increasing the amount of stored marking information, thus enhancing the security performance in the process of migration. The experimental simulation shows that for general tree-based WSNs, the UPLM scheme proposed in this paper can store 1.12–1.28 times the amount of stored marking information that the equal probability marking approach achieves, and has 1.15–1.26 times the storage utilization efficiency compared with other schemes. PMID:28629135

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

The Role Of Moral Awareness In Computer Security

NASA Astrophysics Data System (ADS)

Stawinski, Arthur

1984-08-01

Maintaining security of databases and other computer systems requires constraining the behavior of those persons who are able to access these systems so that they do not obtain, alter, or abuse the information contained in these systems. Three types of constraints are available: Physical contraints are obstructions designed to prevent (or at least make difficult) access to data by unauthorized persons; external constraints restrict behavior through threat of detection and punishment; internal constraints are self-imposed limitations on behavior which are derived from a person's moral standards. This paper argues that an effective computer security program will require attention to internal constraints as well as physical and external ones. Recent developments in moral philosophy and the psychology of moral development have given us new understanding of how individuals grow in moral awareness and how this growth can be encouraged. These insights are the foundation for some practical proposals for encouraging morally responsible behavior by computer professionals and others with access to confidential data. The aim of this paper is to encourage computer security professionals to discuss, refine and incorporate systems of internal constraints in developing methods of maintaining security.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

PubMed

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

Tools for Administration of a UNIX-Based Network

NASA Technical Reports Server (NTRS)

LeClaire, Stephen; Farrar, Edward

2004-01-01

Several computer programs have been developed to enable efficient administration of a large, heterogeneous, UNIX-based computing and communication network that includes a variety of computers connected to a variety of subnetworks. One program provides secure software tools for administrators to create, modify, lock, and delete accounts of specific users. This program also provides tools for users to change their UNIX passwords and log-in shells. These tools check for errors. Another program comprises a client and a server component that, together, provide a secure mechanism to create, modify, and query quota levels on a network file system (NFS) mounted by use of the VERITAS File SystemJ software. The client software resides on an internal secure computer with a secure Web interface; one can gain access to the client software from any authorized computer capable of running web-browser software. The server software resides on a UNIX computer configured with the VERITAS software system. Directories where VERITAS quotas are applied are NFS-mounted. Another program is a Web-based, client/server Internet Protocol (IP) address tool that facilitates maintenance lookup of information about IP addresses for a network of computers.

Sensitive Security Information (SSI) and Transportation Security: Background and Controversies

DTIC Science & Technology

2004-02-05

with airport security procedures, employee accountability, passenger screening, and airport secrecy agreements. In January 2003, the Dallas/Fort... Airport Security Flaws Bring Criticism,” Los Angeles Times, July 2, 2002, p. A8. 16 Charles Piller and Ricardo Alonso-Zaldivar, “A Suspect Computer...Secrecy in Airport Security Contract Criticized,” Des Moines Register, Sept. 27, 2003, p. 1A; James Andrews, “Here in Tristate, Security’s Tighter

SHI(EL)DS: A Novel Hardware-Based Security Backplane to Enhance Security with Minimal Impact to System Operation

DTIC Science & Technology

2008-03-01

executables. The current roadblock to detecting Type I Malware consistantly is the practice of legitimate software , such as antivirus programs, using this... Software Security Systems . . 31 3.2.2 Advantages of Hardware . . . . . . . . . . . . . 32 3.2.3 Trustworthiness of Information . . . . . . . . . 33...Towards a Hardware Security Backplane . . . . . . . . . 42 IV. Review of State of the Art Computer Security Solutions . . . . . 46 4.1 Software

Exploring Hardware-Based Primitives to Enhance Parallel Security Monitoring in a Novel Computing Architecture

DTIC Science & Technology

2007-03-01

software level retrieve state information that can inherently contain more contextual information . As a result, such mechanisms can be applied in more...ease by which state information can be gathered for monitoring purposes. For example, we consider soft security to allow for easier state retrieval ...files are to be checked and what parameters are to be verified. The independent auditor periodically retrieves information pertaining to the files in

A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems.

PubMed

Xu, Xin; Zhu, Ping; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua; He, Lian

2014-01-01

In the field of the Telecare Medicine Information System, recent researches have focused on consummating more convenient and secure healthcare delivery services for patients. In order to protect the sensitive information, various attempts such as access control have been proposed to safeguard patients' privacy in this system. However, these schemes suffered from some certain security defects and had costly consumption, which were not suitable for the telecare medicine information system. In this paper, based on the elliptic curve cryptography, we propose a secure and efficient two-factor mutual authentication and key agreement scheme to reduce the computational cost. Such a scheme enables to provide the patient anonymity by employing the dynamic identity. Compared with other related protocols, the security analysis and performance evaluation show that our scheme overcomes some well-known attacks and has a better performance in the telecare medicine information system.

Teaching Multimedia Data Protection through an International Online Competition

ERIC Educational Resources Information Center

Battisti, F.; Boato, G.; Carli, M.; Neri, A.

2011-01-01

Low-cost personal computers, wireless access technologies, the Internet, and computer-equipped classrooms allow the design of novel and complementary methodologies for teaching digital information security in electrical engineering curricula. The challenges of the current digital information era require experts who are effectively able to…

75 FR 77588 - Foreign Futures and Options Contracts on a Non-Narrow-Based Security Index; Commission...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-13

...; information and data relating to the index, including the design, computation and maintenance thereof. In... extension is necessary to address complex or novel issues. The information that a foreign board of trade... 45 days if the foreign security index futures contract raises novel or complex issues that require...

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

Random phase encoding for optical security

NASA Astrophysics Data System (ADS)

Wang, RuiKang K.; Watson, Ian A.; Chatwin, Christopher R.

1996-09-01

A new optical encoding method for security applications is proposed. The encoded image (encrypted into the security products) is merely a random phase image statistically and randomly generated by a random number generator using a computer, which contains no information from the reference pattern (stored for verification) or the frequency plane filter (a phase-only function for decoding). The phase function in the frequency plane is obtained using a modified phase retrieval algorithm. The proposed method uses two phase-only functions (images) at both the input and frequency planes of the optical processor leading to maximum optical efficiency. Computer simulation shows that the proposed method is robust for optical security applications.

75 FR 28253 - Privacy Act of 1974; Notice of new System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-20

... certified by the National Computer Security Association. RETENTION AND DISPOSAL: System records are retained... Agency suspects or has confirmed that the security or confidentiality of information in the system of... security or integrity of this system or other systems or programs (whether maintained by GSA or another...

38 CFR 1.466 - Security for records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 1 2013-07-01 2013-07-01 false Security for records. 1....466 Security for records. (a) Written records which are subject to §§ 1.460 through 1.499 of this part... use. Access to information stored in computers will be limited to authorized VA employees who have a...

38 CFR 1.466 - Security for records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 1 2010-07-01 2010-07-01 false Security for records. 1....466 Security for records. (a) Written records which are subject to §§ 1.460 through 1.499 of this part... use. Access to information stored in computers will be limited to authorized VA employees who have a...

38 CFR 1.466 - Security for records.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 1 2014-07-01 2014-07-01 false Security for records. 1....466 Security for records. (a) Written records which are subject to §§ 1.460 through 1.499 of this part... use. Access to information stored in computers will be limited to authorized VA employees who have a...

38 CFR 1.466 - Security for records.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 1 2012-07-01 2012-07-01 false Security for records. 1....466 Security for records. (a) Written records which are subject to §§ 1.460 through 1.499 of this part... use. Access to information stored in computers will be limited to authorized VA employees who have a...

38 CFR 1.466 - Security for records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 1 2011-07-01 2011-07-01 false Security for records. 1....466 Security for records. (a) Written records which are subject to §§ 1.460 through 1.499 of this part... use. Access to information stored in computers will be limited to authorized VA employees who have a...

45 CFR 264.10 - Must States do computer matching of data records under IEVS to verify recipient information?

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 2 2013-10-01 2012-10-01 true Must States do computer matching of data records... for Other Program Penalties? § 264.10 Must States do computer matching of data records under IEVS to... Internal Revenue Service (IRS), the State Wage Information Collections Agency (SWICA), the Social Security...

45 CFR 264.10 - Must States do computer matching of data records under IEVS to verify recipient information?

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 2 2014-10-01 2012-10-01 true Must States do computer matching of data records... for Other Program Penalties? § 264.10 Must States do computer matching of data records under IEVS to... Internal Revenue Service (IRS), the State Wage Information Collections Agency (SWICA), the Social Security...

45 CFR 264.10 - Must States do computer matching of data records under IEVS to verify recipient information?

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 2 2010-10-01 2010-10-01 false Must States do computer matching of data records... for Other Program Penalties? § 264.10 Must States do computer matching of data records under IEVS to... Internal Revenue Service (IRS), the State Wage Information Collections Agency (SWICA), the Social Security...

45 CFR 264.10 - Must States do computer matching of data records under IEVS to verify recipient information?

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 2 2011-10-01 2011-10-01 false Must States do computer matching of data records... for Other Program Penalties? § 264.10 Must States do computer matching of data records under IEVS to... Internal Revenue Service (IRS), the State Wage Information Collections Agency (SWICA), the Social Security...

45 CFR 264.10 - Must States do computer matching of data records under IEVS to verify recipient information?

Code of Federal Regulations, 2012 CFR

2012-10-01

... 45 Public Welfare 2 2012-10-01 2012-10-01 false Must States do computer matching of data records... for Other Program Penalties? § 264.10 Must States do computer matching of data records under IEVS to... Internal Revenue Service (IRS), the State Wage Information Collections Agency (SWICA), the Social Security...

The Terry-Wiseman Security Policy Model and Examples of Its Use

DTIC Science & Technology

1990-03-01

Wiseman Security Policy Model and Examples of Its Use Author: C L Harrold Date: March 1990 Abstract This paper presents a model of security for computer ...Evolution of the Model 7. Summary and References Annex: An Overviev , of the Z N-,,tion Ace5sston For N?.1S (tRA&1DTIC TM-, [ U mr, ),inced El ,v l I...a computer . The files, objects or register locations in which the information may be stored are modelled by the black boxes. The robots model the

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing.

PubMed

Kumar, Vinod; Jangirala, Srinivas; Ahmad, Musheer

2018-06-28

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.'s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.

78 FR 23637 - Identity Theft Red Flags Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-19

... Address Control Issues with Implementing Cloud Computing (May 2010), available at http://www.gao.gov/new.items/d10513.pdf (discussing information security implications of cloud computing); Department of...

77 FR 13449 - Identity Theft Red Flags Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-06

... Address Control Issues with Implementing Cloud Computing (May 2010) (available at http://www.gao.gov/new.items/d10513.pdf ) (discussing information security implications of cloud computing); Department of...

An effective and secure key-management scheme for hierarchical access control in E-medicine system.

PubMed

Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

2013-04-01

Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2011 CFR

2011-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2012 CFR

2012-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2014 CFR

2014-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2013 CFR

2013-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2010 CFR

2010-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment

PubMed Central

Dorairaj, Sudha Devi; Kaliannan, Thilagavathy

2015-01-01

Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions. PMID:26258165

An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment.

PubMed

Dorairaj, Sudha Devi; Kaliannan, Thilagavathy

2015-01-01

Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions.

Computer Science and Technology Publications. NBS Publications List 84.

ERIC Educational Resources Information Center

National Bureau of Standards (DOC), Washington, DC. Inst. for Computer Sciences and Technology.

This bibliography lists publications of the Institute for Computer Sciences and Technology of the National Bureau of Standards. Publications are listed by subject in the areas of computer security, computer networking, and automation technology. Sections list publications of: (1) current Federal Information Processing Standards; (2) computer…

10 CFR 727.2 - What are the definitions of the terms used in this part?

Code of Federal Regulations, 2012 CFR

2012-01-01

... information. Computer means desktop computers, portable computers, computer networks (including the DOE network and local area networks at or controlled by DOE organizations), network devices, automated.... DOE means the Department of Energy, including the National Nuclear Security Administration. DOE...

10 CFR 727.2 - What are the definitions of the terms used in this part?

Code of Federal Regulations, 2014 CFR

2014-01-01

... information. Computer means desktop computers, portable computers, computer networks (including the DOE network and local area networks at or controlled by DOE organizations), network devices, automated.... DOE means the Department of Energy, including the National Nuclear Security Administration. DOE...

10 CFR 727.2 - What are the definitions of the terms used in this part?

Code of Federal Regulations, 2013 CFR

2013-01-01

... information. Computer means desktop computers, portable computers, computer networks (including the DOE network and local area networks at or controlled by DOE organizations), network devices, automated.... DOE means the Department of Energy, including the National Nuclear Security Administration. DOE...

10 CFR 727.2 - What are the definitions of the terms used in this part?

Code of Federal Regulations, 2011 CFR

2011-01-01

... information. Computer means desktop computers, portable computers, computer networks (including the DOE network and local area networks at or controlled by DOE organizations), network devices, automated.... DOE means the Department of Energy, including the National Nuclear Security Administration. DOE...

10 CFR 727.2 - What are the definitions of the terms used in this part?

Code of Federal Regulations, 2010 CFR

2010-01-01

... information. Computer means desktop computers, portable computers, computer networks (including the DOE network and local area networks at or controlled by DOE organizations), network devices, automated.... DOE means the Department of Energy, including the National Nuclear Security Administration. DOE...

The ALL-OUT Library; A Design for Computer-Powered, Multidimensional Services.

ERIC Educational Resources Information Center

Sleeth, Jim; LaRue, James

1983-01-01

Preliminary description of design of electronic library and home information delivery system highlights potentials of personal computer interface program (applying for service, assuring that users are valid, checking for measures, searching, locating titles) and incorporation of concepts used in other information systems (security checks,…

Information Systems: The Status of Computer Security at the Department of Veterans Affairs

DTIC Science & Technology

1999-10-01

security weaknesses identified. The results of our underlying reviews were shared with VAs Office of Inspector General (OIG) for its use in auditing VA’s consolidated financial statements for fiscal year 1998.

Report: FISMA - Fiscal Year 2004 Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2004-S-00007, September 30, 2004. This report synopsizes the results of information technology security work the U.S. Environmental Protection Agency’s Office of Inspector General (OIG) performed during Fiscal Year (FY) 2004.

Report: FY 2007 FISMA Report: Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2007-S-00003, September 25, 2007. This is the Office of Inspector General’s Fiscal Year 2007 Federal Information Security Management Act Reporting Template, as prescribed by the Office of Management and Budget (OMB).

The research of network database security technology based on web service

NASA Astrophysics Data System (ADS)

Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

2013-03-01

Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Hsien-Hsin S

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniquesmore » and system software for achieving a robust, secure, and reliable computing system toward our goal.« less

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption

PubMed Central

2015-01-01

Background The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. Methods We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. Results The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Conclusions Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics. PMID:26733391

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption.

PubMed

Zhang, Yuchen; Dai, Wenrui; Jiang, Xiaoqian; Xiong, Hongkai; Wang, Shuang

2015-01-01

The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics.

State of the Art of Network Security Perspectives in Cloud Computing

NASA Astrophysics Data System (ADS)

Oh, Tae Hwan; Lim, Shinyoung; Choi, Young B.; Park, Kwang-Roh; Lee, Heejo; Choi, Hyunsang

Cloud computing is now regarded as one of social phenomenon that satisfy customers' needs. It is possible that the customers' needs and the primary principle of economy - gain maximum benefits from minimum investment - reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user's environment based on the customer's needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments.

Secure data sharing in public cloud

NASA Astrophysics Data System (ADS)

Venkataramana, Kanaparti; Naveen Kumar, R.; Tatekalva, Sandhya; Padmavathamma, M.

2012-04-01

Secure multi-party protocols have been proposed for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, and disseminate data rapidly and accurately, without exposing sensitive information to unauthorized or untrusted parties. Solutions based on secure multiparty computation guarantee privacy and correctness, at an extra communication (too costly in communication to be practical) and computation cost. The high overhead motivates us to extend this SMC to cloud environment which provides large computation and communication capacity which makes SMC to be used between multiple clouds (i.e., it may between private or public or hybrid clouds).Cloud may encompass many high capacity servers which acts as a hosts which participate in computation (IaaS and PaaS) for final result, which is controlled by Cloud Trusted Authority (CTA) for secret sharing within the cloud. The communication between two clouds is controlled by High Level Trusted Authority (HLTA) which is one of the hosts in a cloud which provides MgaaS (Management as a Service). Due to high risk for security in clouds, HLTA generates and distributes public keys and private keys by using Carmichael-R-Prime- RSA algorithm for exchange of private data in SMC between itself and clouds. In cloud, CTA creates Group key for Secure communication between the hosts in cloud based on keys sent by HLTA for exchange of Intermediate values and shares for computation of final result. Since this scheme is extended to be used in clouds( due to high availability and scalability to increase computation power) it is possible to implement SMC practically for privacy preserving in data mining at low cost for the clients.

A computer science approach to managing security in health care.

PubMed

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

Computer Security: Governmentwide Planning Process Had Limited Impact. Report to the Chairman, Committee on Science, Space, and Technology, House of Representatives.

ERIC Educational Resources Information Center

General Accounting Office, Washington, DC. Information Management and Technology Div.

As required by the Computer Security Act of 1987, federal agencies have to identify systems that contain sensitive information and develop plans to safeguard them. The planning process was assessed in 10 civilian agencies as well as the extent to which they had implemented planning controls described in 22 selected plans. The National Institute of…

Using Information Technologies in Professional Training of Future Security Specialists in the USA, Great Britain, Poland and Israel

ERIC Educational Resources Information Center

Kyslenko, Dmytro

2017-01-01

The paper discusses the use of information technologies in professional training of future security specialists in the United States, Great Britain, Poland and Israel. The probable use of computer-based techniques being available within the integrated Web-sites have been systematized. It has been suggested that the presented scheme may be of great…

Qualitative Case Study Exploring Operational Barriers Impeding Small and Private, Nonprofit Higher Education Institutions from Implementing Information Security Controls

ERIC Educational Resources Information Center

Liesen, Joseph J.

2017-01-01

The higher education industry uses the very latest technologies to effectively prepare students for their careers, but these technologies often contain vulnerabilities that can be exploited via their connection to the Internet. The complex task of securing information and computing systems is made more difficult at institutions of higher education…

Ethics in the Information Age: After Rules and Locks, What Do We Do?

ERIC Educational Resources Information Center

Webster, Sally

1989-01-01

The 1989 computer "worm" resulted in some needed attention to computer security. Academic computing has the goal of integrating computing into the fabric of teaching, learning, and research, and must be relatively open. Ways to raise awareness of ethical and social issues are described. (MLW)

78 FR 54453 - Notice of Public Meeting-Intersection of Cloud Computing and Mobility Forum and Workshop

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-04

...--Intersection of Cloud Computing and Mobility Forum and Workshop AGENCY: National Institute of Standards and.../intersection-of-cloud-and-mobility.cfm . SUPPLEMENTARY INFORMATION: NIST hosted six prior Cloud Computing Forum... interoperability, portability, and security, discuss the Federal Government's experience with cloud computing...

12 CFR 1271.22 - Computer data.

Code of Federal Regulations, 2014 CFR

2014-01-01

... computer system. Any such arrangement shall ensure the security of the computerized data stored in a Bank's... 12 Banks and Banking 10 2014-01-01 2014-01-01 false Computer data. 1271.22 Section 1271.22 Banks... BANK OPERATIONS AND AUTHORITIES Bank Requests for Information § 1271.22 Computer data. Nothing in this...

48 CFR 239.7100 - Scope of subpart.

Code of Federal Regulations, 2010 CFR

2010-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7100 Scope of subpart. This subpart includes information assurance and...

48 CFR 239.7100 - Scope of subpart.

Code of Federal Regulations, 2014 CFR

2014-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7100 Scope of subpart. This subpart includes information assurance and...

48 CFR 239.7100 - Scope of subpart.

Code of Federal Regulations, 2011 CFR

2011-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7100 Scope of subpart. This subpart includes information assurance and...

48 CFR 239.7100 - Scope of subpart.

Code of Federal Regulations, 2012 CFR

2012-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7100 Scope of subpart. This subpart includes information assurance and...

48 CFR 239.7100 - Scope of subpart.

Code of Federal Regulations, 2013 CFR

2013-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7100 Scope of subpart. This subpart includes information assurance and...

The security of patient identifiable information in doctors' homes.

PubMed

McLean, Iain; Anderson, C Mary

2004-08-01

Ethically and legally doctors bear a responsibility to ensure the security of patient identifiable information in their possession. Many doctors, especially those in forensic medicine, hold paper or computerised medical records at home. This survey was conducted to assess the level of security for these records and awareness of the issues. Fifty-six forensic physicians (30 male, 26 female) answered a questionnaire. Eighty-nine percent used a computer to write patient notes and reports, but only 26 of these were on the Data Protection Register, and only 24 password-protected their files. Few doctors took steps to protect data on old computers they had stopped using. Of those responding, 88% held paper records at home but only of these had lockable filing cabinets. Burglar alarms were fitted in 77% of homes, yet 36% of homes had been burgled. No participants had written instructions for disposal of records and reports after their death. Older participants were more likely to have been burgled, yet less likely to have antiviral software than their younger counterparts. Participants expressed the need for information, education and training in data security.

Information Assurance and Forensic Readiness

NASA Astrophysics Data System (ADS)

Pangalos, Georgios; Katos, Vasilios

Egalitarianism and justice are amongst the core attributes of a democratic regime and should be also secured in an e-democratic setting. As such, the rise of computer related offenses pose a threat to the fundamental aspects of e-democracy and e-governance. Digital forensics are a key component for protecting and enabling the underlying (e-)democratic values and therefore forensic readiness should be considered in an e-democratic setting. This position paper commences from the observation that the density of compliance and potential litigation activities is monotonically increasing in modern organizations, as rules, legislative regulations and policies are being constantly added to the corporate environment. Forensic practices seem to be departing from the niche of law enforcement and are becoming a business function and infrastructural component, posing new challenges to the security professionals. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, we advocate that computer forensics need to be applied to all investigatory, monitoring and auditing activities. This would result into an inflation of the responsibilities of the Information Security Officer. After exploring some commonalities and differences between IS audit and computer forensics, we present a list of strategic challenges the organization and, in effect, the IS security and audit practitioner will face.

Extended outlook: description, utilization, and daily applications of cloud technology in radiology.

PubMed

Gerard, Perry; Kapadia, Neil; Chang, Patricia T; Acharya, Jay; Seiler, Michael; Lefkovitz, Zvi

2013-12-01

The purpose of this article is to discuss the concept of cloud technology, its role in medical applications and radiology, the role of the radiologist in using and accessing these vast resources of information, and privacy concerns and HIPAA compliance strategies. Cloud computing is the delivery of shared resources, software, and information to computers and other devices as a metered service. This technology has a promising role in the sharing of patient medical information and appears to be particularly suited for application in radiology, given the field's inherent need for storage and access to large amounts of data. The radiology cloud has significant strengths, such as providing centralized storage and access, reducing unnecessary repeat radiologic studies, and potentially allowing radiologic second opinions more easily. There are significant cost advantages to cloud computing because of a decreased need for infrastructure and equipment by the institution. Private clouds may be used to ensure secure storage of data and compliance with HIPAA. In choosing a cloud service, there are important aspects, such as disaster recovery plans, uptime, and security audits, that must be considered. Given that the field of radiology has become almost exclusively digital in recent years, the future of secure storage and easy access to imaging studies lies within cloud computing technology.

Coordinating UAV information for executing national security-oriented collaboration

NASA Astrophysics Data System (ADS)

Isenor, Anthony W.; Allard, Yannick; Lapinski, Anna-Liesa S.; Demers, Hugues; Radulescu, Dan

2014-10-01

Unmanned Aerial Vehicles (UAVs) are being used by numerous nations for defence-related missions. In some cases, the UAV is considered a cost-effective means to acquire data such as imagery over a location or object. Considering Canada's geographic expanse, UAVs are also being suggested as a potential platform for use in surveillance of remote areas, such as northern Canada. However, such activities are typically associated with security as opposed to defence. The use of a defence platform for security activities introduces the issue of information exchange between the defence and security communities and their software applications. This paper explores the flow of information from the system used by the UAVs employed by the Royal Canadian Navy. Multiple computers are setup, each with the information system used by the UAVs, including appropriate communication between the systems. Simulated data that may be expected from a typical maritime UAV mission is then fed into the information system. The information structures common to the Canadian security community are then used to store and transfer the simulated data. The resulting data flow from the defence-oriented UAV system to the security-oriented information structure is then displayed using an open source geospatial application. Use of the information structures and applications relevant to the security community avoids the distribution restrictions often associated with defence-specific applications.

20 CFR 402.160 - Fees to be charged-general provisions.

Code of Federal Regulations, 2010 CFR

2010-04-01

....160 Section 402.160 Employees' Benefits SOCIAL SECURITY ADMINISTRATION AVAILABILITY OF INFORMATION AND..., and those two hours are spent on a computer search, then the two free hours are the first two hours of the time needed to access the information in the computer. (c) If we are not charging you for the...

20 CFR 402.160 - Fees to be charged-general provisions.

Code of Federal Regulations, 2013 CFR

2013-04-01

....160 Section 402.160 Employees' Benefits SOCIAL SECURITY ADMINISTRATION AVAILABILITY OF INFORMATION AND..., and those two hours are spent on a computer search, then the two free hours are the first two hours of the time needed to access the information in the computer. (c) If we are not charging you for the...

20 CFR 402.160 - Fees to be charged-general provisions.

Code of Federal Regulations, 2014 CFR

2014-04-01

....160 Section 402.160 Employees' Benefits SOCIAL SECURITY ADMINISTRATION AVAILABILITY OF INFORMATION AND..., and those two hours are spent on a computer search, then the two free hours are the first two hours of the time needed to access the information in the computer. (c) If we are not charging you for the...

20 CFR 402.160 - Fees to be charged-general provisions.

Code of Federal Regulations, 2011 CFR

2011-04-01

....160 Section 402.160 Employees' Benefits SOCIAL SECURITY ADMINISTRATION AVAILABILITY OF INFORMATION AND..., and those two hours are spent on a computer search, then the two free hours are the first two hours of the time needed to access the information in the computer. (c) If we are not charging you for the...

Older Adults' Knowledge of Internet Hazards

ERIC Educational Resources Information Center

Grimes, Galen A.; Hough, Michelle G.; Mazur, Elizabeth; Signorella, Margaret L.

2010-01-01

Older adults are less likely to be using computers and less knowledgeable about Internet security than are younger users. The two groups do not differ on trust of Internet information. The younger group shows no age or gender differences. Within the older group, computer users are more trusting of Internet information, and along with those with…

20 CFR 402.160 - Fees to be charged-general provisions.

Code of Federal Regulations, 2012 CFR

2012-04-01

....160 Section 402.160 Employees' Benefits SOCIAL SECURITY ADMINISTRATION AVAILABILITY OF INFORMATION AND..., and those two hours are spent on a computer search, then the two free hours are the first two hours of the time needed to access the information in the computer. (c) If we are not charging you for the...

What then do we do about computer security?

DOE Office of Scientific and Technical Information (OSTI.GOV)

Suppona, Roger A.; Mayo, Jackson R.; Davis, Christopher Edward

This report presents the answers that an informal and unfunded group at SNL provided for questions concerning computer security posed by Jim Gosler, Sandia Fellow (00002). The primary purpose of this report is to record our current answers; hopefully those answers will turn out to be answers indeed. The group was formed in November 2010. In November 2010 Jim Gosler, Sandia Fellow, asked several of us several pointed questions about computer security metrics. Never mind that some of the best minds in the field have been trying to crack this nut without success for decades. Jim asked Campbell to leadmore » an informal and unfunded group to answer the questions. With time Jim invited several more Sandians to join in. We met a number of times both with Jim and without him. At Jim's direction we contacted a number of people outside Sandia who Jim thought could help. For example, we interacted with IBM's T.J. Watson Research Center and held a one-day, videoconference workshop with them on the questions.« less

A secure distributed logistic regression protocol for the detection of rare adverse drug events

PubMed Central

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-01-01

Background There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. Objective To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. Methods We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. Results The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. Conclusion The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models. PMID:22871397

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

PubMed

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.

31 CFR 31.217 - Confidentiality of information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... facilities and storage containers where nonpublic information is stored. (2) Security measures to detect and prevent unauthorized access to computer equipment and data storage devices that store or transmit...

31 CFR 31.217 - Confidentiality of information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... facilities and storage containers where nonpublic information is stored. (2) Security measures to detect and prevent unauthorized access to computer equipment and data storage devices that store or transmit...

31 CFR 31.217 - Confidentiality of information.

Code of Federal Regulations, 2014 CFR

2014-07-01

... facilities and storage containers where nonpublic information is stored. (2) Security measures to detect and prevent unauthorized access to computer equipment and data storage devices that store or transmit...

31 CFR 31.217 - Confidentiality of information.

Code of Federal Regulations, 2012 CFR

2012-07-01

... facilities and storage containers where nonpublic information is stored. (2) Security measures to detect and prevent unauthorized access to computer equipment and data storage devices that store or transmit...

31 CFR 31.217 - Confidentiality of information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... facilities and storage containers where nonpublic information is stored. (2) Security measures to detect and prevent unauthorized access to computer equipment and data storage devices that store or transmit...

Comparison of computing capability and information system abilities of state hospitals owned by Ministry of Labor and Social Security and Ministry of Health.

PubMed

Tengilimoğlu, Dilaver; Celik, Yusuf; Ulgü, Mahir

2006-08-01

The main purpose of this study is to give an idea to the readers about how big and important the computing and information problems that hospital managers as well as policy makers will face with after collecting the Ministry of Labor and Social Security (MoLSS) and Ministry of Health (MoH) hospitals under single structure in Turkey by comparing the current level of computing capability of hospitals owned by two ministries. The data used in this study were obtained from 729 hospitals that belong to both ministries by using a data collection tool. The results indicate that there have been considerable differences among the hospitals owned by the two ministries in terms of human resources and information systems. The hospital managers and decision makers making their decisions based on the data produced by current hospital information system (HIS) would more likely face very important difficulties after merging MoH and MoLSS hospitals in Turkey. It is also possible to claim that the level and adequacy of computing abilities and devices do not allow the managers of public hospitals to use computer technology effectively in their information management practices. Lack of technical information, undeveloped information culture, inappropriate management styles, and being inexperienced are the main reasons of why HIS does not run properly and effectively in Turkish hospitals.

Report: Fiscal Year 2012 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #13-P-0032, October 26, 2012. We believe the evidence obtained provides a reasonable basis for our findings and conclusions, and in all material respects, meets the FISMA reporting requirements prescribed by OMB.

76 FR 59112 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-23

... (DoD) strategy for cyberspace, --Presentation on Doctrine of Cybersecurity relating to computer... paper, ``Enabling Distributed Security in Cyberspace'', --Discussion with Cybersecurity Coordinator and... Awareness Month, --Discussion on cybersecurity with Senior Defense and Intelligence Advisor, --Discussion...

Information Resources Management Long Range Plan, FY 1995-1999

NASA Technical Reports Server (NTRS)

1994-01-01

Table of Contents: Introduction; Agency 5-Year IRM Investment Projections; Major IRM Program Accomplishments for FY 1993; Information Collection Budget; Summary of Computer Security Plans; Appendix: Acronym List.

Protecting clinical data in PACS, teleradiology systems, and research environments

NASA Astrophysics Data System (ADS)

Meissner, Marion C.; Collmann, Jeff R.; Tohme, Walid G.; Mun, Seong K.

1997-05-01

As clinical data is more widely stored in electronic patient record management systems and transmitted over the Internet and telephone lines, it becomes more accessible and therefore more useful, but also more vulnerable. Computer systems such as PACS, telemedicine applications, and medical research networks must protect against accidental or deliberate modification, disclosure, and violation of patient confidentiality in order to be viable. Conventional wisdom in the medical field and among lawmakers legislating the use of electronic medical records suggests that, although it may improve access to information, an electronic medical record cannot be as secure as a traditional paper record. This is not the case. Information security is a well-developed field in the computer and communications industry. If medical information systems, such as PACS, telemedicine applications, and research networks, properly apply information security techniques, they can ensure the accuracy and confidentiality of their patient information and even improve the security of their data over a traditional paper record. This paper will elaborate on some of these techniques and discuss how they can be applied to medical information systems. The following systems will be used as examples for the analysis: a research laboratory at Georgetown University Medical Center, the Deployable Radiology system installed to support the US Army's peace- keeping operation in Bosnia, a kidney dialysis telemedicine system in Washington, D.C., and various experiences with implementing and integrating PACS.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

75 FR 53004 - Privacy Act of 1974, as Amended; Notice of Computer-Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-30

... report of this computer-matching program with the Committee on Homeland Security and Governmental Affairs... INFORMATION: A. General The Computer-Matching and Privacy Protection Act of 1988, (Pub. L. 100-503), amended... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer-Matching Program...

78 FR 37875 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Fiscal Service...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-24

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... computer matching involving the Federal government could be performed and adding certain protections for...

75 FR 54213 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-03

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer.... SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub... computer matching involving the Federal government could be performed and adding certain protections for...

Computer Security for Commercial Nuclear Power Plants - Literature Review for Korea Hydro Nuclear Power Central Research Institute

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duran, Felicia Angelica; Waymire, Russell L.

2013-10-01

Sandia National Laboratories (SNL) is providing training and consultation activities on security planning and design for the Korea Hydro and Nuclear Power Central Research Institute (KHNPCRI). As part of this effort, SNL performed a literature review on computer security requirements, guidance and best practices that are applicable to an advanced nuclear power plant. This report documents the review of reports generated by SNL and other organizations [U.S. Nuclear Regulatory Commission, Nuclear Energy Institute, and International Atomic Energy Agency] related to protection of information technology resources, primarily digital controls and computer resources and their data networks. Copies of the key documentsmore » have also been provided to KHNP-CRI.« less

A FORCEnet Framework for Analysis of Existing Naval C4I Architectures

DTIC Science & Technology

2003-06-01

best qualities of humans and computers. f. Information Weapons Information weapons integrate the use of military deception, psychological ...operations, to include electronic warfare, psychological operations, computer network attack, computer network defense, operations security, and military...F/A-18 ( ATARS /SHARP), S-3B (SSU), SH-60 LAMPS (HAWKLINK) and P-3C (AIP, Special Projects). CDL-N consists of two antennas (one meter diameter

Health information security: a case study of three selected medical centers in iran.

PubMed

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-03-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

Health Information Security: A Case Study of Three Selected Medical Centers in Iran

PubMed Central

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-01-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2011 CFR

2011-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2011-10-01 2011-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2014 CFR

2014-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2014-10-01 2014-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2012 CFR

2012-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2012-10-01 2012-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2013 CFR

2013-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2013-10-01 2013-10-01 false Information assurance...

48 CFR 239.7102-3 - Information assurance contractor training and certification.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-3 Information..., certification maintenance, and continuing education or sustainment training required for the information... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Information assurance...

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

Secure Genomic Computation through Site-Wise Encryption

PubMed Central

Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

2015-01-01

Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients’ genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds. PMID:26306278

Secure Genomic Computation through Site-Wise Encryption.

PubMed

Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

2015-01-01

Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients' genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds.

Protecting Privacy and Confidentiality in a Multiple Use, Multiple User Mental Health Information System.

ERIC Educational Resources Information Center

Bank, Rheta; Laska, Eugene M.

1978-01-01

These aspects of maintaining the security of computer-processed information concerning mental health patients are discussed: legal protection, technological safeguards, and managerial responsibility. (CTM)

Study on Information Security and e-Trust in Spanish households

NASA Astrophysics Data System (ADS)

Aguado, José

The study on Information Security and e-Trust in Spanish households has been conducted by INTECO (The National Institute of Communication Technologies) through the Information Security Observatory. It is a study on the incidence and trust of users in the Internet by means of measuring the frequency of the episodes of individual risk in a wide sample of users that are monitored online on a monthly basis, combining quantitative data of incidences (monthly scans of home computers) and qualitative perception data (quarterly surveys). The study is supplied with data from more than 3,000 households with Internet connection, spread across the whole country.

48 CFR 1804.470-4 - Contract clause.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Contract clause. (a) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information...) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or (2... security program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect...

48 CFR 1804.470-4 - Contract clause.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Contract clause. (a) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information...) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or (2... security program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect...

48 CFR 1804.470-4 - Contract clause.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Contract clause. (a) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information...) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or (2... security program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect...

48 CFR 1804.470-4 - Contract clause.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Contract clause. (a) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information...) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or (2... security program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect...

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Hybrid cloud: bridging of private and public cloud computing

NASA Astrophysics Data System (ADS)

Aryotejo, Guruh; Kristiyanto, Daniel Y.; Mufadhol

2018-05-01

Cloud Computing is quickly emerging as a promising paradigm in the recent years especially for the business sector. In addition, through cloud service providers, cloud computing is widely used by Information Technology (IT) based startup company to grow their business. However, the level of most businesses awareness on data security issues is low, since some Cloud Service Provider (CSP) could decrypt their data. Hybrid Cloud Deployment Model (HCDM) has characteristic as open source, which is one of secure cloud computing model, thus HCDM may solve data security issues. The objective of this study is to design, deploy and evaluate a HCDM as Infrastructure as a Service (IaaS). In the implementation process, Metal as a Service (MAAS) engine was used as a base to build an actual server and node. Followed by installing the vsftpd application, which serves as FTP server. In comparison with HCDM, public cloud was adopted through public cloud interface. As a result, the design and deployment of HCDM was conducted successfully, instead of having good security, HCDM able to transfer data faster than public cloud significantly. To the best of our knowledge, Hybrid Cloud Deployment model is one of secure cloud computing model due to its characteristic as open source. Furthermore, this study will serve as a base for future studies about Hybrid Cloud Deployment model which may relevant for solving big security issues of IT-based startup companies especially in Indonesia.

An Information Policy for the Information Age.

ERIC Educational Resources Information Center

Blake, Virgil; Surprenant, Thomas

1988-01-01

Discusses recent federal information policies that pose a threat to access to information. A short-lived policy for protection of sensitive but unclassified information is criticized, and the Computer Security Act of 1987, currently under consideration in Congress, is described. Involvement by the library and information community in developing…

75 FR 9548 - Reduction of Use of Social Security Numbers (SSN) in the Department of Defense (DoD)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-03

... authorization to receive specific categories of information. Computer network. The constituent element of an... elements reside on a computer. Form. A fixed arrangement of captioned spaces designed for entering and... activities of the Government or because of the information value of the data in them. Survey. An instrument...

Secure searching of biomarkers through hybrid homomorphic encryption scheme.

PubMed

Kim, Miran; Song, Yongsoo; Cheon, Jung Hee

2017-07-26

As genome sequencing technology develops rapidly, there has lately been an increasing need to keep genomic data secure even when stored in the cloud and still used for research. We are interested in designing a protocol for the secure outsourcing matching problem on encrypted data. We propose an efficient method to securely search a matching position with the query data and extract some information at the position. After decryption, only a small amount of comparisons with the query information should be performed in plaintext state. We apply this method to find a set of biomarkers in encrypted genomes. The important feature of our method is to encode a genomic database as a single element of polynomial ring. Since our method requires a single homomorphic multiplication of hybrid scheme for query computation, it has the advantage over the previous methods in parameter size, computation complexity, and communication cost. In particular, the extraction procedure not only prevents leakage of database information that has not been queried by user but also reduces the communication cost by half. We evaluate the performance of our method and verify that the computation on large-scale personal data can be securely and practically outsourced to a cloud environment during data analysis. It takes about 3.9 s to search-and-extract the reference and alternate sequences at the queried position in a database of size 4M. Our solution for finding a set of biomarkers in DNA sequences shows the progress of cryptographic techniques in terms of their capability can support real-world genome data analysis in a cloud environment.

An Axiology of Information Security for Futuristic Neuroprostheses: Upholding Human Values in the Context of Technological Posthumanization

PubMed Central

Gladden, Matthew E.

2017-01-01

Previous works exploring the challenges of ensuring information security for neuroprosthetic devices and their users have typically built on the traditional InfoSec concept of the “CIA Triad” of confidentiality, integrity, and availability. However, we argue that the CIA Triad provides an increasingly inadequate foundation for envisioning information security for neuroprostheses, insofar as it presumes that (1) any computational systems to be secured are merely instruments for expressing their human users' agency, and (2) computing devices are conceptually and practically separable from their users. Drawing on contemporary philosophy of technology and philosophical and critical posthumanist analysis, we contend that futuristic neuroprostheses could conceivably violate these basic InfoSec presumptions, insofar as (1) they may alter or supplant their users' biological agency rather than simply supporting it, and (2) they may structurally and functionally fuse with their users to create qualitatively novel “posthumanized” human-machine systems that cannot be secured as though they were conventional computing devices. Simultaneously, it is noted that many of the goals that have been proposed for future neuroprostheses by InfoSec researchers (e.g., relating to aesthetics, human dignity, authenticity, free will, and cultural sensitivity) fall outside the scope of InfoSec as it has historically been understood and touch on a wide range of ethical, aesthetic, physical, metaphysical, psychological, economic, and social values. We suggest that the field of axiology can provide useful frameworks for more effectively identifying, analyzing, and prioritizing such diverse types of values and goods that can (and should) be pursued through InfoSec practices for futuristic neuroprostheses. PMID:29163010

An Axiology of Information Security for Futuristic Neuroprostheses: Upholding Human Values in the Context of Technological Posthumanization.

PubMed

Gladden, Matthew E

2017-01-01

Previous works exploring the challenges of ensuring information security for neuroprosthetic devices and their users have typically built on the traditional InfoSec concept of the "CIA Triad" of confidentiality, integrity, and availability. However, we argue that the CIA Triad provides an increasingly inadequate foundation for envisioning information security for neuroprostheses, insofar as it presumes that (1) any computational systems to be secured are merely instruments for expressing their human users' agency, and (2) computing devices are conceptually and practically separable from their users. Drawing on contemporary philosophy of technology and philosophical and critical posthumanist analysis, we contend that futuristic neuroprostheses could conceivably violate these basic InfoSec presumptions, insofar as (1) they may alter or supplant their users' biological agency rather than simply supporting it, and (2) they may structurally and functionally fuse with their users to create qualitatively novel "posthumanized" human-machine systems that cannot be secured as though they were conventional computing devices. Simultaneously, it is noted that many of the goals that have been proposed for future neuroprostheses by InfoSec researchers (e.g., relating to aesthetics, human dignity, authenticity, free will, and cultural sensitivity) fall outside the scope of InfoSec as it has historically been understood and touch on a wide range of ethical, aesthetic, physical, metaphysical, psychological, economic, and social values. We suggest that the field of axiology can provide useful frameworks for more effectively identifying, analyzing, and prioritizing such diverse types of values and goods that can (and should) be pursued through InfoSec practices for futuristic neuroprostheses.

High security chaotic multiple access scheme for visible light communication systems with advanced encryption standard interleaving

NASA Astrophysics Data System (ADS)

Qiu, Junchao; Zhang, Lin; Li, Diyang; Liu, Xingcheng

2016-06-01

Chaotic sequences can be applied to realize multiple user access and improve the system security for a visible light communication (VLC) system. However, since the map patterns of chaotic sequences are usually well known, eavesdroppers can possibly derive the key parameters of chaotic sequences and subsequently retrieve the information. We design an advanced encryption standard (AES) interleaving aided multiple user access scheme to enhance the security of a chaotic code division multiple access-based visible light communication (C-CDMA-VLC) system. We propose to spread the information with chaotic sequences, and then the spread information is interleaved by an AES algorithm and transmitted over VLC channels. Since the computation complexity of performing inverse operations to deinterleave the information is high, the eavesdroppers in a high speed VLC system cannot retrieve the information in real time; thus, the system security will be enhanced. Moreover, we build a mathematical model for the AES-aided VLC system and derive the theoretical information leakage to analyze the system security. The simulations are performed over VLC channels, and the results demonstrate the effectiveness and high security of our presented AES interleaving aided chaotic CDMA-VLC system.

Proceedings from the conference on high speed computing: High speed computing and national security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hirons, K.P.; Vigil, M.; Carlson, R.

1997-07-01

This meeting covered the following topics: technologies/national needs/policies: past, present and future; information warfare; crisis management/massive data systems; risk assessment/vulnerabilities; Internet law/privacy and rights of society; challenges to effective ASCI programmatic use of 100 TFLOPs systems; and new computing technologies.

Joint Information Environment: DOD Needs to Strengthen Governance and Management

DTIC Science & Technology

2016-07-01

provide fast and secure connections to any application or service from any authorized network at any time Software application rationalization and...deployment at all sites. DOD further defines an automated information system as a system of computer hardware, computer software , data or telecommunications ...Why GAO Did This Study For fiscal year 2017, DOD plans to spend more than $38 billion on information technology to support thousands of networks and

48 CFR 1804.470-4 - Contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... clause. (a) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information...— (1) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or... Security Manager before granting any waivers to paragraph (b) of the clause; and (2) The Center Chief of...

12 CFR 978.8 - Computer data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security of the computerized data stored in a Bank's computer and restrict access to such data in order to... 12 Banks and Banking 7 2010-01-01 2010-01-01 false Computer data. 978.8 Section 978.8 Banks and... REQUESTS FOR INFORMATION § 978.8 Computer data. Nothing in this part shall preclude a Bank from arranging...

12 CFR 978.8 - Computer data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security of the computerized data stored in a Bank's computer and restrict access to such data in order to... 12 Banks and Banking 7 2011-01-01 2011-01-01 false Computer data. 978.8 Section 978.8 Banks and... REQUESTS FOR INFORMATION § 978.8 Computer data. Nothing in this part shall preclude a Bank from arranging...

12 CFR 978.8 - Computer data.

Code of Federal Regulations, 2013 CFR

2013-01-01

... security of the computerized data stored in a Bank's computer and restrict access to such data in order to... 12 Banks and Banking 8 2013-01-01 2013-01-01 false Computer data. 978.8 Section 978.8 Banks and... REQUESTS FOR INFORMATION § 978.8 Computer data. Nothing in this part shall preclude a Bank from arranging...

12 CFR 978.8 - Computer data.

Code of Federal Regulations, 2012 CFR

2012-01-01

... security of the computerized data stored in a Bank's computer and restrict access to such data in order to... 12 Banks and Banking 8 2012-01-01 2012-01-01 false Computer data. 978.8 Section 978.8 Banks and... REQUESTS FOR INFORMATION § 978.8 Computer data. Nothing in this part shall preclude a Bank from arranging...

78 FR 70971 - Privacy Act of 1974, as Amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-27

... will file a report of this computer-matching program with the Committee on Homeland Security and... . SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988, (Pub. L. 100-503... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer Matching Program...

Edge-Based Efficient Search over Encrypted Data Mobile Cloud Storage

PubMed Central

Liu, Fang; Cai, Zhiping; Xiao, Nong; Zhao, Ziming

2018-01-01

Smart sensor-equipped mobile devices sense, collect, and process data generated by the edge network to achieve intelligent control, but such mobile devices usually have limited storage and computing resources. Mobile cloud storage provides a promising solution owing to its rich storage resources, great accessibility, and low cost. But it also brings a risk of information leakage. The encryption of sensitive data is the basic step to resist the risk. However, deploying a high complexity encryption and decryption algorithm on mobile devices will greatly increase the burden of terminal operation and the difficulty to implement the necessary privacy protection algorithm. In this paper, we propose ENSURE (EfficieNt and SecURE), an efficient and secure encrypted search architecture over mobile cloud storage. ENSURE is inspired by edge computing. It allows mobile devices to offload the computation intensive task onto the edge server to achieve a high efficiency. Besides, to protect data security, it reduces the information acquisition of untrusted cloud by hiding the relevance between query keyword and search results from the cloud. Experiments on a real data set show that ENSURE reduces the computation time by 15% to 49% and saves the energy consumption by 38% to 69% per query. PMID:29652810

Edge-Based Efficient Search over Encrypted Data Mobile Cloud Storage.

PubMed

Guo, Yeting; Liu, Fang; Cai, Zhiping; Xiao, Nong; Zhao, Ziming

2018-04-13

Smart sensor-equipped mobile devices sense, collect, and process data generated by the edge network to achieve intelligent control, but such mobile devices usually have limited storage and computing resources. Mobile cloud storage provides a promising solution owing to its rich storage resources, great accessibility, and low cost. But it also brings a risk of information leakage. The encryption of sensitive data is the basic step to resist the risk. However, deploying a high complexity encryption and decryption algorithm on mobile devices will greatly increase the burden of terminal operation and the difficulty to implement the necessary privacy protection algorithm. In this paper, we propose ENSURE (EfficieNt and SecURE), an efficient and secure encrypted search architecture over mobile cloud storage. ENSURE is inspired by edge computing. It allows mobile devices to offload the computation intensive task onto the edge server to achieve a high efficiency. Besides, to protect data security, it reduces the information acquisition of untrusted cloud by hiding the relevance between query keyword and search results from the cloud. Experiments on a real data set show that ENSURE reduces the computation time by 15% to 49% and saves the energy consumption by 38% to 69% per query.

Secure Computer System: Unified Exposition and Multics Interpretation

DTIC Science & Technology

1976-03-01

prearranged code to semaphore critical information to an undercleared subject/process. Neither of these topics is directly addressed by the mathematical...FURTHER CONSIDERATIONS. RULES OF OPERATION FOR A SECURE MULTICS Kernel primitives for a secure Multics will be derived from a higher level user...the Multics architecture as little as possible; this will account to a large extent for radical differences in form between actual kernel primitives

Foundations for Security Aware Software Development Education

DTIC Science & Technology

2005-11-22

depending on the budget, that support robustness. We discuss the educational customer base, projected lifetime, and complexity of paradigm shift that should...in Honour of Sir Tony Hoar, [6] Cheetham, C. and Ferraiolo, K., "The Systems Security Millenial Perspectives in Computer Science, Engineering...Capability Maturity Model", 21st 2002, 229-246. National Information Systems Security Conference, [15] Schwartz, J., "Object Oriented Extensions to October 5

77 FR 12320 - Information Collection Request: GFIRST Conference Stakeholder Evaluation

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-29

... Communications (CS&C), National Cyber Security Division (NCSD), United States Computer Emergency Readiness Team... personal information provided. SUPPLEMENTARY INFORMATION: The purpose of DHS's premier cyber conference is to continually seek to enhance collaborative efforts between cyber constituencies, partners and...

Secure multiparty computation of a comparison problem.

PubMed

Liu, Xin; Li, Shundong; Liu, Jian; Chen, Xiubo; Xu, Gang

2016-01-01

Private comparison is fundamental to secure multiparty computation. In this study, we propose novel protocols to privately determine [Formula: see text], or [Formula: see text] in one execution. First, a 0-1-vector encoding method is introduced to encode a number into a vector, and the Goldwasser-Micali encryption scheme is used to compare integers privately. Then, we propose a protocol by using a geometric method to compare rational numbers privately, and the protocol is information-theoretical secure. Using the simulation paradigm, we prove the privacy-preserving property of our protocols in the semi-honest model. The complexity analysis shows that our protocols are more efficient than previous solutions.

Video Encryption and Decryption on Quantum Computers

NASA Astrophysics Data System (ADS)

Yan, Fei; Iliyasu, Abdullah M.; Venegas-Andraca, Salvador E.; Yang, Huamin

2015-08-01

A method for video encryption and decryption on quantum computers is proposed based on color information transformations on each frame encoding the content of the encoding the content of the video. The proposed method provides a flexible operation to encrypt quantum video by means of the quantum measurement in order to enhance the security of the video. To validate the proposed approach, a tetris tile-matching puzzle game video is utilized in the experimental simulations. The results obtained suggest that the proposed method enhances the security and speed of quantum video encryption and decryption, both properties required for secure transmission and sharing of video content in quantum communication.

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

Teaching Network Security in a Virtual Learning Environment

ERIC Educational Resources Information Center

Bergstrom, Laura; Grahn, Kaj J.; Karlstrom, Krister; Pulkkis, Goran; Astrom, Peik

2004-01-01

This article presents a virtual course with the topic network security. The course has been produced by Arcada Polytechnic as a part of the production team Computer Networks, Telecommunication and Telecommunication Systems in the Finnish Virtual Polytechnic. The article begins with an introduction to the evolution of the information security…

GINSU: Guaranteed Internet Stack Utilization

DTIC Science & Technology

2005-11-01

Computer Architecture Data Links, Internet , Protocol Stacks 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT UNCLASSIFIED 18. SECURITY...AFRL-IF-RS-TR-2005-383 Final Technical Report November 2005 GINSU: GUARANTEED INTERNET STACK UTILIZATION Trusted... Information Systems, Inc. Sponsored by Defense Advanced Research Projects Agency DARPA Order No. ARPS APPROVED FOR PUBLIC

Parallel Processable Cryptographic Methods with Unbounded Practical Security.

ERIC Educational Resources Information Center

Rothstein, Jerome

Addressing the problem of protecting confidential information and data stored in computer databases from access by unauthorized parties, this paper details coding schemes which present such astronomical work factors to potential code breakers that security breaches are hopeless in any practical sense. Two procedures which can be used to encode for…

Learning with Security

ERIC Educational Resources Information Center

Jokela, Paivi; Karlsudd, Peter

2007-01-01

The current higher education, both distance education and traditional campus courses, relies more and more on modern information and communication technologies (ICT). The use of computer systems and networks results in a wide range of security issues that must be dealt with in order to create a safe learning environment. In this work, we study the…

Teaching Context in Information Security

ERIC Educational Resources Information Center

Bishop, Matt

2006-01-01

This article investigates teaching the application of technical ideas by non-technical means, especially by using puzzles to engage students. After discussing the need to teach students to evaluate contexts in which decisions about computer security must be made, we suggest questions and scenarios drawn from political science, history, as well as…

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

75 FR 35451 - Access by EPA Contractors To Information Claimed as Confidential Business Information (CBI...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... further extensions without further notice. Under Contract Number EP10H000097, Computer Science Corporation... EPA procedures, including comprehensive system security plans (SSPs) that are consistent with those...

Continuous-variable quantum homomorphic signature

NASA Astrophysics Data System (ADS)

Li, Ke; Shang, Tao; Liu, Jian-wei

2017-10-01

Quantum cryptography is believed to be unconditionally secure because its security is ensured by physical laws rather than computational complexity. According to spectrum characteristic, quantum information can be classified into two categories, namely discrete variables and continuous variables. Continuous-variable quantum protocols have gained much attention for their ability to transmit more information with lower cost. To verify the identities of different data sources in a quantum network, we propose a continuous-variable quantum homomorphic signature scheme. It is based on continuous-variable entanglement swapping and provides additive and subtractive homomorphism. Security analysis shows the proposed scheme is secure against replay, forgery and repudiation. Even under nonideal conditions, it supports effective verification within a certain verification threshold.

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

Computer loss experience and predictions

NASA Astrophysics Data System (ADS)

Parker, Donn B.

1996-03-01

The types of losses organizations must anticipate have become more difficult to predict because of the eclectic nature of computers and the data communications and the decrease in news media reporting of computer-related losses as they become commonplace. Total business crime is conjectured to be decreasing in frequency and increasing in loss per case as a result of increasing computer use. Computer crimes are probably increasing, however, as their share of the decreasing business crime rate grows. Ultimately all business crime will involve computers in some way, and we could see a decline of both together. The important information security measures in high-loss business crime generally concern controls over authorized people engaged in unauthorized activities. Such controls include authentication of users, analysis of detailed audit records, unannounced audits, segregation of development and production systems and duties, shielding the viewing of screens, and security awareness and motivation controls in high-value transaction areas. Computer crimes that involve highly publicized intriguing computer misuse methods, such as privacy violations, radio frequency emanations eavesdropping, and computer viruses, have been reported in waves that periodically have saturated the news media during the past 20 years. We must be able to anticipate such highly publicized crimes and reduce the impact and embarrassment they cause. On the basis of our most recent experience, I propose nine new types of computer crime to be aware of: computer larceny (theft and burglary of small computers), automated hacking (use of computer programs to intrude), electronic data interchange fraud (business transaction fraud), Trojan bomb extortion and sabotage (code security inserted into others' systems that can be triggered to cause damage), LANarchy (unknown equipment in use), desktop forgery (computerized forgery and counterfeiting of documents), information anarchy (indiscriminate use of crypto without control), Internet abuse (antisocial use of data communications), and international industrial espionage (governments stealing business secrets). A wide variety of safeguards are necessary to deal with these new crimes. The most powerful controls include (1) carefully controlled use of cryptography and digital signatures with good key management and overriding business and government decryption capability and (2) use of tokens such as smart cards to increase the strength of secret passwords for authentication of computer users. Jewelry-type security for small computers--including registration of serial numbers and security inventorying of equipment, software, and connectivity--will be necessary. Other safeguards include automatic monitoring of computer use and detection of unusual activities, segmentation and filtering of networks, special paper and ink for documents, and reduction of paper documents. Finally, international cooperation of governments to create trusted environments for business is essential.

An enhanced mobile-healthcare emergency system based on extended chaotic maps.

PubMed

Lee, Cheng-Chi; Hsu, Che-Wei; Lai, Yan-Ming; Vasilakos, Athanasios

2013-10-01

Mobile Healthcare (m-Healthcare) systems, namely smartphone applications of pervasive computing that utilize wireless body sensor networks (BSNs), have recently been proposed to provide smartphone users with health monitoring services and received great attentions. An m-Healthcare system with flaws, however, may leak out the smartphone user's personal information and cause security, privacy preservation, or user anonymity problems. In 2012, Lu et al. proposed a secure and privacy-preserving opportunistic computing (SPOC) framework for mobile-Healthcare emergency. The brilliant SPOC framework can opportunistically gather resources on the smartphone such as computing power and energy to process the computing-intensive personal health information (PHI) in case of an m-Healthcare emergency with minimal privacy disclosure. To balance between the hazard of PHI privacy disclosure and the necessity of PHI processing and transmission in m-Healthcare emergency, in their SPOC framework, Lu et al. introduced an efficient user-centric privacy access control system which they built on the basis of an attribute-based access control mechanism and a new privacy-preserving scalar product computation (PPSPC) technique. However, we found out that Lu et al.'s protocol still has some secure flaws such as user anonymity and mutual authentication. To fix those problems and further enhance the computation efficiency of Lu et al.'s protocol, in this article, the authors will present an improved mobile-Healthcare emergency system based on extended chaotic maps. The new system is capable of not only providing flawless user anonymity and mutual authentication but also reducing the computation cost.

Survey of Collaboration Technologies in Multi-level Security Environments

DTIC Science & Technology

2014-04-28

infrastructure or resources. In this research program, the security implications of the US Air Force GeoBase (the US The problem is that in many cases...design structure. ORA uses a Java interface for ease of use, and a C++ computational backend . The current version ORA1.2 software is available on the...information: culture, policy, governance, economics and resources, and technology and infrastructure . This plan, the DoD Information Sharing

12 CFR 792.19 - How does NCUA calculate the fees for processing my request?

Code of Federal Regulations, 2012 CFR

2012-01-01

... FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED.... Searches may be done manually or by computer. Search does not include modification of an existing program... cost of operating the computer for computer searches for records. (c) NCUA will charge the following...

12 CFR 792.19 - How does NCUA calculate the fees for processing my request?

Code of Federal Regulations, 2010 CFR

2010-01-01

... FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED.... Searches may be done manually or by computer. Search does not include modification of an existing program... cost of operating the computer for computer searches for records. (c) NCUA will charge the following...

12 CFR 792.19 - How does NCUA calculate the fees for processing my request?

Code of Federal Regulations, 2013 CFR

2013-01-01

... FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED.... Searches may be done manually or by computer. Search does not include modification of an existing program... cost of operating the computer for computer searches for records. (c) NCUA will charge the following...

12 CFR 792.19 - How does NCUA calculate the fees for processing my request?

Code of Federal Regulations, 2011 CFR

2011-01-01

... FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED.... Searches may be done manually or by computer. Search does not include modification of an existing program... cost of operating the computer for computer searches for records. (c) NCUA will charge the following...

12 CFR 792.19 - How does NCUA calculate the fees for processing my request?

Code of Federal Regulations, 2014 CFR

2014-01-01

... FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED.... Searches may be done manually or by computer. Search does not include modification of an existing program... cost of operating the computer for computer searches for records. (c) NCUA will charge the following...

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Multicore Architectures for Multiple Independent Levels of Security Applications

DTIC Science & Technology

2012-09-01

to bolster the MILS effort. However, current MILS operating systems are not designed for multi-core platforms. They do not have the hardware support...current MILS operating systems are not designed for multi‐core platforms. They do not have the hardware support to ensure that the separation...the availability of information at different security classification levels while increasing the overall security of the computing system . Due to the

Quantum technology and cryptology for information security

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2007-04-01

Cryptology and information security are set to play a more prominent role in the near future. In this regard, quantum communication and cryptography offer new opportunities to tackle ICT security. Quantum Information Processing and Communication (QIPC) is a scientific field where new conceptual foundations and techniques are being developed. They promise to play an important role in the future of information Security. It is therefore essential to have a cross-fertilizing development between quantum technology and cryptology in order to address the security challenges of the emerging quantum era. In this article, we discuss the impact of quantum technology on the current as well as future crypto-techniques. We then analyse the assumptions on which quantum computers may operate. Then we present our vision for the distribution of security attributes using a novel form of trust based on Heisenberg's uncertainty; and, building highly secure quantum networks based on the clear transmission of single photons and/or bundles of photons able to withstand unauthorized reading as a result of secure protocols based on the observations of quantum mechanics. We argue how quantum cryptographic systems need to be developed that can take advantage of the laws of physics to provide long-term security based on solid assumptions. This requires a structured integration effort to deploy quantum technologies within the existing security infrastructure. Finally, we conclude that classical cryptographic techniques need to be redesigned and upgraded in view of the growing threat of cryptanalytic attacks posed by quantum information processing devices leading to the development of post-quantum cryptography.

77 FR 70797 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

..., Control, Communications, Computers and Information Technology. [FR Doc. 2012-28695 Filed 11-26-12; 8:45 am... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0733] Collection of Information Under... forwarding an Information Collection Request (ICR), abstracted below, to the Office of Management and Budget...

The Secure Medical Research Workspace: An IT Infrastructure to Enable Secure Research on Clinical Data

PubMed Central

Owen, Phillips; Mostafa, Javed; Lamm, Brent; Wang, Xiaoshu; Schmitt, Charles P.; Ahalt, Stanley C.

2013-01-01

Abstract Clinical data have tremendous value for translational research, but only if security and privacy concerns can be addressed satisfactorily. A collaboration of clinical and informatics teams, including RENCI, NC TraCS, UNC's School of Information and Library Science, Information Technology Service's Research Computing and other partners at the University of North Carolina at Chapel Hill have developed a system called the Secure Medical Research Workspace (SMRW) that enables researchers to use clinical data securely for research. SMRW significantly minimizes the risk presented when using identified clinical data, thereby protecting patients, researchers, and institutions associated with the data. The SMRW is built on a novel combination of virtualization and data leakage protection and can be combined with other protection methodologies and scaled to production levels. PMID:23751029

Efficient proof of ownership for cloud storage systems

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage system through the deduplication technology to save disk space and bandwidth, but the use of this technology has appeared targeted security attacks: the attacker can deceive the server to obtain ownership of the file by get the hash value of original file. In order to solve the above security problems and the different security requirements of the files in the cloud storage system, an efficient and information-theoretical secure proof of ownership sceme is proposed to support the file rating. Through the K-means algorithm to implement file rating, and use random seed technology and pre-calculation method to achieve safe and efficient proof of ownership scheme. Finally, the scheme is information-theoretical secure, and achieve better performance in the most sensitive areas of client-side I/O and computation.

Legal issues of the electronic dental record: security and confidentiality.

PubMed

Szekely, D G; Milam, S; Khademi, J A

1996-01-01

Computer-based, electronic dental record keeping involves complex issues of patient privacy and the dental practitioner's ethical duty of confidentiality. Federal and state law is responding to the new legal issues presented by computer technology. Authenticating the electronic record in terms of ensuring its reliability and accuracy is essential in order to protect its admissibility as evidence in legal actions. Security systems must be carefully planned to limit access and provide for back-up and storage of dental records. Carefully planned security systems protect the patient from disclosure without the patient's consent and also protect the practitioner from the liability that would arise from such disclosure. Human errors account for the majority of data security problems. Personnel security is assured through pre-employment screening, employment contracts, policies, and staff education. Contracts for health information systems should include provisions for indemnification and ensure the confidentiality of the system by the vendor.

Information security system based on virtual-optics imaging methodology and public key infrastructure

NASA Astrophysics Data System (ADS)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

A review and a framework of handheld computer adoption in healthcare.

PubMed

Lu, Yen-Chiao; Xiao, Yan; Sears, Andrew; Jacko, Julie A

2005-06-01

Wide adoption of mobile computing technology can potentially improve information access, enhance workflow, and promote evidence-based practice to make informed and effective decisions at the point of care. Handheld computers or personal digital assistants (PDAs) offer portable and unobtrusive access to clinical data and relevant information at the point of care. This article reviews the literature on issues related to adoption of PDAs in health care and barriers to PDA adoption. Studies showed that PDAs were used widely in health care providers' practice, and the level of use is expected to rise rapidly. Most care providers found PDAs to be functional and useful in areas of documentation, medical reference, and access to patient data. Major barriers to adoption were identified as usability, security concerns, and lack of technical and organizational support. PDAs offer health care practitioners advantages to enhance their clinical practice. However, better designed PDA hardware and software applications, more institutional support, seamless integration of PDA technology with hospital information systems, and satisfactory security measures are necessary to increase acceptance and wide use of PDAs in healthcare.

The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

NASA Technical Reports Server (NTRS)

1986-01-01

The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies

DTIC Science & Technology

2005-07-01

policies in pervasive computing environments. In this context, the owner of information sources (e.g. user, sensor, application, or organization...work in decentralized trust management and semantic web technologies . Section 3 introduces an Information Disclosure Agent architecture for...Norman Sadeh July 2005 CMU-ISRI-05-113 School of Computer Science, Carnegie Mellon University 5000 Forbes Avenue, Pittsburgh, PA, 15213

Security of Color Image Data Designed by Public-Key Cryptosystem Associated with 2D-DWT

NASA Astrophysics Data System (ADS)

Mishra, D. C.; Sharma, R. K.; Kumar, Manish; Kumar, Kuldeep

2014-08-01

In present times the security of image data is a major issue. So, we have proposed a novel technique for security of color image data by public-key cryptosystem or asymmetric cryptosystem. In this technique, we have developed security of color image data using RSA (Rivest-Shamir-Adleman) cryptosystem with two-dimensional discrete wavelet transform (2D-DWT). Earlier proposed schemes for security of color images designed on the basis of keys, but this approach provides security of color images with the help of keys and correct arrangement of RSA parameters. If the attacker knows about exact keys, but has no information of exact arrangement of RSA parameters, then the original information cannot be recovered from the encrypted data. Computer simulation based on standard example is critically examining the behavior of the proposed technique. Security analysis and a detailed comparison between earlier developed schemes for security of color images and proposed technique are also mentioned for the robustness of the cryptosystem.

CLARUS as a Cloud Security Framework: e-Health Use Case.

PubMed

Vidal, David; Iriso, Santiago; Mulero, Rafael

2017-01-01

Maintaining Passive Medical Health Records (PMHR) is an increasing cost and resource consumption problem. Moving to the cloud is the clearest solution to solve the problem as it offers a high amount of space and computation power. But the cloud is not safe enough when dealing with this kind of information because it can be easily accessed by attackers. The European Commission funded research project CLARUS contributes to protect healthcare-sensitive information in a secure way.

National Computer Security Conference (13th) Held in Washington, DC on 1-4 October, 1990. Procedings. Volume 1: Information Systems Security: Standards - The Key to the Future

DTIC Science & Technology

1990-10-04

methods Category 6: Cryptographic methods (hard/ software ) - Tested countermeasures and standard means - Acknowledgements As the number of antivirus ...Skulason), only our own antiviruses have been mentioned in the catalog. We hope to include the major antivirus packages in the future. The current...Center GTE SRI International Trusted Information Systems, Inc. Grumann Data Systems SRI International Software Engineering Institute Trusted

Information Security due to Electromagnetic Environments

NASA Astrophysics Data System (ADS)

Sekiguchi, Hidenori; Seto, Shinji

Generally, active electronic devices emit slightly unintentional electromagnetic noise. From long ago, electromagnetic emission levels have been regulated from the aspect of electromagnetic compatibility (EMC). Also, it has been known the electromagnetic emissions have been generated from the ON/OFF of signals in the device. Recently, it becomes a topic of conversation on the information security that the ON/OFF on a desired signal in the device can be reproduced or guessed by receiving the electromagnetic emission. For an example, a display image on a personal computer (PC) can be reconstructed by receiving and analyzing the electromagnetic emission. In sum, this fact makes known information leakage due to electromagnetic emission. “TEMPEST" that has been known as a code name originated in the U. S. Department of Defense is to prevent the information leakage caused by electromagnetic emissions. This paper reports the brief summary of the information security due to electromagnetic emissions from information technology equipments.

NASA Information Resources Management Long Range Plan, FY 1994-1998

NASA Technical Reports Server (NTRS)

1993-01-01

Table of Contents: Introduction; Agency 5-Year IRM Investment Projections; Program Specific IRM Activities by Program Office; Major IRM Program Accomplishments for FY 1992; Information Collection Budget; Summary of Computer Security Plans; and Appendix: Acronym List.

Corporate Perspective: An Interview with John Sculley.

ERIC Educational Resources Information Center

Temares, M. Lewis

1989-01-01

John Sculley, the chairman of the board of Apple Computer, Inc., discusses information technology management, management strategies, network management, the Chief Information Officer, strategic planning, back-to-the-future planning, business and university joint ventures, and security issues. (MLW)

49 CFR 1.72 - Delegations to the Office of the Chief Information Officer.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) Carry out all functions and responsibilities assigned to the Secretary with respect to the Computer Security Act of 1987 (40 U.S.C. 759, 759 notes); (d) Approve waivers to Federal Information Processing...

49 CFR 1.72 - Delegations to the Office of the Chief Information Officer.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) Carry out all functions and responsibilities assigned to the Secretary with respect to the Computer Security Act of 1987 (40 U.S.C. 759, 759 notes); (d) Approve waivers to Federal Information Processing...

An Internet-Based Accounting Information Systems Project

ERIC Educational Resources Information Center

Miller, Louise

2012-01-01

This paper describes a student project assignment used in an accounting information systems course. We are now truly immersed in the internet age, and while many required accounting information systems courses and textbooks introduce database design, accounting software development, cloud computing, and internet security, projects involving the…

Access control and confidentiality in radiology

NASA Astrophysics Data System (ADS)

Noumeir, Rita; Chafik, Adil

2005-04-01

A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

75 FR 9012 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/U.S. Department of Health and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-26

... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L. 100-503), amended... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ U.S. Department of Health and Human Services (HHS), Administration for...

Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information

DTIC Science & Technology

2010-04-23

from the stock market. Journal of Computer Security, 11(3):431–448, 2003. [7] D . Chaum . Untraceable electronic mail, return addresses, and digital...to cross several other administrative boundaries (e.g., ISPs C, D , . . .), causing potential congestion at all of these intermediaries. A very...Quarterly Journal of Economics, 108(1):259–271, February 1993. [9] P. Ferguson and D . Senie. Network ingress filtering: Defeating denial of service

Information Security: Federal Guidance Needed to Address Control Issues With Implementing Cloud Computing

DTIC Science & Technology

2010-05-01

Figure 2: Cloud Computing Deployment Models 13 Figure 3: NIST Essential Characteristics 14 Figure 4: NASA Nebula Container 37...Access Computing Environment (RACE) program, the National Aeronautics and Space Administration’s (NASA) Nebula program, and the Department of...computing programs: the DOD’s RACE program; NASA’s Nebula program; and Department of Transportation’s CARS program, including lessons learned related

Federated Tensor Factorization for Computational Phenotyping

PubMed Central

Kim, Yejin; Sun, Jimeng; Yu, Hwanjo; Jiang, Xiaoqian

2017-01-01

Tensor factorization models offer an effective approach to convert massive electronic health records into meaningful clinical concepts (phenotypes) for data analysis. These models need a large amount of diverse samples to avoid population bias. An open challenge is how to derive phenotypes jointly across multiple hospitals, in which direct patient-level data sharing is not possible (e.g., due to institutional policies). In this paper, we developed a novel solution to enable federated tensor factorization for computational phenotyping without sharing patient-level data. We developed secure data harmonization and federated computation procedures based on alternating direction method of multipliers (ADMM). Using this method, the multiple hospitals iteratively update tensors and transfer secure summarized information to a central server, and the server aggregates the information to generate phenotypes. We demonstrated with real medical datasets that our method resembles the centralized training model (based on combined datasets) in terms of accuracy and phenotypes discovery while respecting privacy. PMID:29071165

Secure medical information sharing in cloud computing.

PubMed

Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

2015-01-01

Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

Smart cards--the key to trustworthy health information systems.

PubMed Central

Neame, R.

1997-01-01

Some 20 years after they were first developed, "smart cards" are set to play a crucial part in healthcare systems. Last year about a billion were supplied, mainly for use in the financial sector, but their special features make them of particular strategic importance for the health sector, where they offer a ready made solution to some key problems of security and confidentiality. This article outlines what smart cards are and why they are so important in managing health information. I discuss some of the unique features of smart cards that are of special importance in the development of secure and trustworthy health information systems. Smart cards would enable individuals' identities to be authenticated and communications to be secured and would provide the mechanisms for implementing strong security, differential access to data, and definitive audit trails. Patient cards can also with complete security carry personal details, data on current health problems and medications, emergency care data, and pointers to where medical records for the patient can be found. Provider cards can in addition carry authorisations and information on computer set up. PMID:9055719

A Cloud Computing Based Patient Centric Medical Information System

NASA Astrophysics Data System (ADS)

Agarwal, Ankur; Henehan, Nathan; Somashekarappa, Vivek; Pandya, A. S.; Kalva, Hari; Furht, Borko

This chapter discusses an emerging concept of a cloud computing based Patient Centric Medical Information System framework that will allow various authorized users to securely access patient records from various Care Delivery Organizations (CDOs) such as hospitals, urgent care centers, doctors, laboratories, imaging centers among others, from any location. Such a system must seamlessly integrate all patient records including images such as CT-SCANS and MRI'S which can easily be accessed from any location and reviewed by any authorized user. In such a scenario the storage and transmission of medical records will have be conducted in a totally secure and safe environment with a very high standard of data integrity, protecting patient privacy and complying with all Health Insurance Portability and Accountability Act (HIPAA) regulations.

Hash function based on chaotic map lattices.

PubMed

Wang, Shihong; Hu, Gang

2007-06-01

A new hash function system, based on coupled chaotic map dynamics, is suggested. By combining floating point computation of chaos and some simple algebraic operations, the system reaches very high bit confusion and diffusion rates, and this enables the system to have desired statistical properties and strong collision resistance. The chaos-based hash function has its advantages for high security and fast performance, and it serves as one of the most highly competitive candidates for practical applications of hash function for software realization and secure information communications in computer networks.

Hash function based on chaotic map lattices

NASA Astrophysics Data System (ADS)

Wang, Shihong; Hu, Gang

2007-06-01

A new hash function system, based on coupled chaotic map dynamics, is suggested. By combining floating point computation of chaos and some simple algebraic operations, the system reaches very high bit confusion and diffusion rates, and this enables the system to have desired statistical properties and strong collision resistance. The chaos-based hash function has its advantages for high security and fast performance, and it serves as one of the most highly competitive candidates for practical applications of hash function for software realization and secure information communications in computer networks.

Security and Communication Improve Community Trust

ERIC Educational Resources Information Center

Schneiderman, Mark

2015-01-01

Using student information in schools is nothing new nor is the reliance on information technologies supported by external service providers. What is new is the adoption of innovations like cloud computing and data analytics that are increasing teacher and family data access, creating actionable information to drive instruction and decision making,…

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2014 CFR

2014-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2012 CFR

2012-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2013 CFR

2013-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

76 FR 78286 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-16

..., between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. OIRA posts its decisions on.... Coast Guard, Acting Assistant Commandant for Command, Control, Communications, Computers and Information... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0902] Collection of Information Under...

78 FR 45545 - Collection of Information under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-29

.... OIRA posts its decisions on ICRs online at http://www.reginfo.gov/public/do/PRAMain after the comment... Commandant for Command, Control, Communications, Computers and Information Technology. [FR Doc. 2013-18068... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0045] Collection of Information under...

FuzzyFusion: an application architecture for multisource information fusion

NASA Astrophysics Data System (ADS)

Fox, Kevin L.; Henning, Ronda R.

2009-04-01

The correlation of information from disparate sources has long been an issue in data fusion research. Traditional data fusion addresses the correlation of information from sources as diverse as single-purpose sensors to all-source multi-media information. Information system vulnerability information is similar in its diversity of sources and content, and in the desire to draw a meaningful conclusion, namely, the security posture of the system under inspection. FuzzyFusionTM, A data fusion model that is being applied to the computer network operations domain is presented. This model has been successfully prototyped in an applied research environment and represents a next generation assurance tool for system and network security.

Enhanced delegated computing using coherence

NASA Astrophysics Data System (ADS)

Barz, Stefanie; Dunjko, Vedran; Schlederer, Florian; Moore, Merritt; Kashefi, Elham; Walmsley, Ian A.

2016-03-01

A longstanding question is whether it is possible to delegate computational tasks securely—such that neither the computation nor the data is revealed to the server. Recently, both a classical and a quantum solution to this problem were found [C. Gentry, in Proceedings of the 41st Annual ACM Symposium on the Theory of Computing (Association for Computing Machinery, New York, 2009), pp. 167-178; A. Broadbent, J. Fitzsimons, and E. Kashefi, in Proceedings of the 50th Annual Symposium on Foundations of Computer Science (IEEE Computer Society, Los Alamitos, CA, 2009), pp. 517-526]. Here, we study the first step towards the interplay between classical and quantum approaches and show how coherence can be used as a tool for secure delegated classical computation. We show that a client with limited computational capacity—restricted to an XOR gate—can perform universal classical computation by manipulating information carriers that may occupy superpositions of two states. Using single photonic qubits or coherent light, we experimentally implement secure delegated classical computations between an independent client and a server, which are installed in two different laboratories and separated by 50 m . The server has access to the light sources and measurement devices, whereas the client may use only a restricted set of passive optical devices to manipulate the information-carrying light beams. Thus, our work highlights how minimal quantum and classical resources can be combined and exploited for classical computing.

Framework for Deploying a Virtualized Computing Environment for Collaborative and Secure Data Analytics

PubMed Central

Meyer, Adrian; Green, Laura; Faulk, Ciearro; Galla, Stephen; Meyer, Anne-Marie

2016-01-01

Introduction: Large amounts of health data generated by a wide range of health care applications across a variety of systems have the potential to offer valuable insight into populations and health care systems, but robust and secure computing and analytic systems are required to leverage this information. Framework: We discuss our experiences deploying a Secure Data Analysis Platform (SeDAP), and provide a framework to plan, build and deploy a virtual desktop infrastructure (VDI) to enable innovation, collaboration and operate within academic funding structures. It outlines 6 core components: Security, Ease of Access, Performance, Cost, Tools, and Training. Conclusion: A platform like SeDAP is not simply successful through technical excellence and performance. It’s adoption is dependent on a collaborative environment where researchers and users plan and evaluate the requirements of all aspects. PMID:27683665

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

PubMed Central

Lee, Tian-Fu; Wang, Zeng-Bo

2017-01-01

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions. PMID:29207509

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... defense information. (e) Cyber incident means actions taken through the use of computer networks that... residing therein. (f) Cyber intrusion damage assessment means a managed, coordinated process to determine...

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... defense information. (e) Cyber incident means actions taken through the use of computer networks that... residing therein. (f) Cyber intrusion damage assessment means a managed, coordinated process to determine...

49 CFR Appendix A to Part 1511 - Aviation Security Infrastructure Fee

Code of Federal Regulations, 2012 CFR

2012-10-01

.... Please also submit the same information in Microsoft Word either on a computer disk or by e-mail to TSA..., including Checkpoint Screening Supervisors. 7. All associated expensed non-labor costs including computers, communications equipment, time management systems, supplies, parking, identification badging, furniture, fixtures...

49 CFR Appendix A to Part 1511 - Aviation Security Infrastructure Fee

Code of Federal Regulations, 2014 CFR

2014-10-01

.... Please also submit the same information in Microsoft Word either on a computer disk or by e-mail to TSA..., including Checkpoint Screening Supervisors. 7. All associated expensed non-labor costs including computers, communications equipment, time management systems, supplies, parking, identification badging, furniture, fixtures...

49 CFR Appendix A to Part 1511 - Aviation Security Infrastructure Fee

Code of Federal Regulations, 2013 CFR

2013-10-01

.... Please also submit the same information in Microsoft Word either on a computer disk or by e-mail to TSA..., including Checkpoint Screening Supervisors. 7. All associated expensed non-labor costs including computers, communications equipment, time management systems, supplies, parking, identification badging, furniture, fixtures...

48 CFR 204.7301 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 204.7301 Definitions. As used in this subpart— Adequate security means protective measures that are... restrictions. Cyber incident means actions taken through the use of computer networks that result in an actual.... Technical information means technical data or computer software, as those terms are defined in the clause at...

Verification of Security Policy Enforcement in Enterprise Systems

NASA Astrophysics Data System (ADS)

Gupta, Puneet; Stoller, Scott D.

Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

Securely Measuring the Overlap between Private Datasets with Cryptosets

PubMed Central

Swamidass, S. Joshua; Matlock, Matthew; Rozenblit, Leon

2015-01-01

Many scientific questions are best approached by sharing data—collected by different groups or across large collaborative networks—into a combined analysis. Unfortunately, some of the most interesting and powerful datasets—like health records, genetic data, and drug discovery data—cannot be freely shared because they contain sensitive information. In many situations, knowing if private datasets overlap determines if it is worthwhile to navigate the institutional, ethical, and legal barriers that govern access to sensitive, private data. We report the first method of publicly measuring the overlap between private datasets that is secure under a malicious model without relying on private protocols or message passing. This method uses a publicly shareable summary of a dataset’s contents, its cryptoset, to estimate its overlap with other datasets. Cryptosets approach “information-theoretic” security, the strongest type of security possible in cryptography, which is not even crackable with infinite computing power. We empirically and theoretically assess both the accuracy of these estimates and the security of the approach, demonstrating that cryptosets are informative, with a stable accuracy, and secure. PMID:25714898

Quantum simulator review

NASA Astrophysics Data System (ADS)

Bednar, Earl; Drager, Steven L.

2007-04-01

Quantum information processing's objective is to utilize revolutionary computing capability based on harnessing the paradigm shift offered by quantum computing to solve classically hard and computationally challenging problems. Some of our computationally challenging problems of interest include: the capability for rapid image processing, rapid optimization of logistics, protecting information, secure distributed simulation, and massively parallel computation. Currently, one important problem with quantum information processing is that the implementation of quantum computers is difficult to realize due to poor scalability and great presence of errors. Therefore, we have supported the development of Quantum eXpress and QuIDD Pro, two quantum computer simulators running on classical computers for the development and testing of new quantum algorithms and processes. This paper examines the different methods used by these two quantum computing simulators. It reviews both simulators, highlighting each simulators background, interface, and special features. It also demonstrates the implementation of current quantum algorithms on each simulator. It concludes with summary comments on both simulators.

Teaching Hands-On Linux Host Computer Security

ERIC Educational Resources Information Center

Shumba, Rose

2006-01-01

In the summer of 2003, a project to augment and improve the teaching of information assurance courses was started at IUP. Thus far, ten hands-on exercises have been developed. The exercises described in this article, and presented in the appendix, are based on actions required to secure a Linux host. Publicly available resources were used to…

Control Issues.

ERIC Educational Resources Information Center

Olsen, Florence

2003-01-01

Discusses how the potential effectiveness of Palladium, Microsoft's new approach to computer security, is worrying academics, who say it could allow publishers to dam the free flow of online information. (EV)

Development of a medical information system that minimizes staff workload and secures system safety at a small medical institution

NASA Astrophysics Data System (ADS)

Haneda, Kiyofumi; Koyama, Tadashi

2005-04-01

We developed a secure system that minimizes staff workload and secures safety of a medical information system. In this study, we assess the legal security requirements and risks occurring from the use of digitized data. We then analyze the security measures for ways of reducing these risks. In the analysis, not only safety, but also costs of security measures and ease of operability are taken into consideration. Finally, we assess the effectiveness of security measures by employing our system in small-sized medical institution. As a result of the current study, we developed and implemented several security measures, such as authentications, cryptography, data back-up, and secure sockets layer protocol (SSL) in our system. In conclusion, the cost for the introduction and maintenance of a system is one of the primary difficulties with its employment by a small-sized institution. However, with recent reductions in the price of computers, and certain advantages of small-sized medical institutions, the development of an efficient system configuration has become possible.

Network Penetration Testing and Research

NASA Technical Reports Server (NTRS)

Murphy, Brandon F.

2013-01-01

This paper will focus the on research and testing done on penetrating a network for security purposes. This research will provide the IT security office new methods of attacks across and against a company's network as well as introduce them to new platforms and software that can be used to better assist with protecting against such attacks. Throughout this paper testing and research has been done on two different Linux based operating systems, for attacking and compromising a Windows based host computer. Backtrack 5 and BlackBuntu (Linux based penetration testing operating systems) are two different "attacker'' computers that will attempt to plant viruses and or NASA USRP - Internship Final Report exploits on a host Windows 7 operating system, as well as try to retrieve information from the host. On each Linux OS (Backtrack 5 and BlackBuntu) there is penetration testing software which provides the necessary tools to create exploits that can compromise a windows system as well as other operating systems. This paper will focus on two main methods of deploying exploits 1 onto a host computer in order to retrieve information from a compromised system. One method of deployment for an exploit that was tested is known as a "social engineering" exploit. This type of method requires interaction from unsuspecting user. With this user interaction, a deployed exploit may allow a malicious user to gain access to the unsuspecting user's computer as well as the network that such computer is connected to. Due to more advance security setting and antivirus protection and detection, this method is easily identified and defended against. The second method of exploit deployment is the method mainly focused upon within this paper. This method required extensive research on the best way to compromise a security enabled protected network. Once a network has been compromised, then any and all devices connected to such network has the potential to be compromised as well. With a compromised network, computers and devices can be penetrated through deployed exploits. This paper will illustrate the research done to test ability to penetrate a network without user interaction, in order to retrieve personal information from a targeted host.

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

National Computer Security Conference (15th) held in Baltimore, Maryland on October 13-16, 1992. Volume 2: Proceedings

DTIC Science & Technology

1992-10-16

the DNA Fingerprint Laboratory. The Los Angeles Police Department and its former Chief, Daryl Gates for permitting a secret unit, the ...authorized to change information in. Conclusions Where angels fear .... Of all the reasons for compartmentation for which the level of evaluation...database, and a security label attribute is associated with data in each tuple in a relation. The range and distribution of security levels may

The QUANTGRID Project (RO)—Quantum Security in GRID Computing Applications

NASA Astrophysics Data System (ADS)

Dima, M.; Dulea, M.; Petre, M.; Petre, C.; Mitrica, B.; Stoica, M.; Udrea, M.; Sterian, R.; Sterian, P.

2010-01-01

The QUANTGRID Project, financed through the National Center for Programme Management (CNMP-Romania), is the first attempt at using Quantum Crypted Communications (QCC) in large scale operations, such as GRID Computing, and conceivably in the years ahead in the banking sector and other security tight communications. In relation with the GRID activities of the Center for Computing & Communications (Nat.'l Inst. Nucl. Phys.—IFIN-HH), the Quantum Optics Lab. (Nat.'l Inst. Plasma and Lasers—INFLPR) and the Physics Dept. (University Polytechnica—UPB) the project will build a demonstrator infrastructure for this technology. The status of the project in its incipient phase is reported, featuring tests for communications in classical security mode: socket level communications under AES (Advanced Encryption Std.), both proprietary code in C++ technology. An outline of the planned undertaking of the project is communicated, highlighting its impact in quantum physics, coherent optics and information technology.

Protecting computer-based medical devices: defending against viruses and other threats.

PubMed

2005-07-01

The increasing integration of computer hardware has exposed medical devices to greater risks than ever before. More and more devices rely on commercial off-the-shelf software and operating systems, which are vulnerable to the increasing proliferation of viruses and other malicious programs that target computers. Therefore, it is necessary for hospitals to take steps such as those outlined in this article to ensure that their computer-based devices are made safe and continue to remain safe in the future. Maintaining the security of medical devices requires planning, careful execution, and a commitment of resources. A team should be created to develop a process for surveying the security status of all computerized devices in the hospital and making sure that patches and other updates are applied as needed. These patches and updates should be approved by the medical system supplier before being implemented. The team should consider using virtual local area networks to isolate susceptible devices on the hospital's network. All security measures should be carefully documented, and the documentation should be kept up-to-date. Above all, care must be taken to ensure that medical device security involves a collaborative, supportive partnership between the hospital's information technology staff and biomedical engineering personnel.

Verifying the secure setup of UNIX client/servers and detection of network intrusion

NASA Astrophysics Data System (ADS)

Feingold, Richard; Bruestle, Harry R.; Bartoletti, Tony; Saroyan, R. A.; Fisher, John M.

1996-03-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today's global `Infosphere' presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI's broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI's use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on the Ethernet broadcast Local Area Network segment and product transcripts of suspicious user connections. NID's retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.

A Lightweight Encryption Scheme Combined with Trust Management for Privacy-Preserving in Body Sensor Networks.

PubMed

Guo, Ping; Wang, Jin; Ji, Sai; Geng, Xue Hua; Xiong, Neal N

2015-12-01

With the pervasiveness of smart phones and the advance of wireless body sensor network (BSN), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information security and privacy preservation. In this paper, we propose a secure and privacy-preserving framework combining with multilevel trust management. In our scheme, smart phone resources including computing power and energy can be opportunistically gathered to process the computing-intensive PHI (personal health information) during m-Healthcare emergency with minimal privacy disclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcare emergency, we introduce an efficient lightweight encryption for those users whose trust level is low, which is based on mix cipher algorithms and pair of plain text and cipher texts, and allow a medical user to decide who can participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis and simulations show that the proposed framework can efficiently achieve user-centric privacy protection in m-Healthcare system.

Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce.

PubMed

Mishra, Dheerendra; Mukhopadhyay, Sourav; Kumari, Saru; Khan, Muhammad Khurram; Chaturvedi, Ankita

2014-05-01

Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services which increase the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interacting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions.pagebreak Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava's scheme does not achieve efficient password change phase. Moreover, their scheme does not resist off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava's scheme with the aim to remove the drawbacks of their scheme.

New Results on Unconditionally Secure Multi-receiver Manual Authentication

NASA Astrophysics Data System (ADS)

Wang, Shuhong; Safavi-Naini, Reihaneh

Manual authentication is a recently proposed model of communication motivated by the settings where the only trusted infrastructure is a low bandwidth authenticated channel, possibly realized by the aid of a human, that connects the sender and the receiver who are otherwise connected through an insecure channel and do not have any shared key or public key infrastructure. A good example of such scenarios is pairing of devices in Bluetooth. Manual authentication systems are studied in computational and information theoretic security model and protocols with provable security have been proposed. In this paper we extend the results in information theoretic model in two directions. Firstly, we extend a single receiver scenario to multireceiver case where the sender wants to authenticate the same message to a group of receivers. We show new attacks (compared to single receiver case) that can launched in this model and demonstrate that the single receiver lower bound 2log(1/ɛ) + O(1) on the bandwidth of manual channel stays valid in the multireceiver scenario. We further propose a protocol that achieves this bound and provides security, in the sense that we define, if up to c receivers are corrupted. The second direction is the study of non-interactive protocols in unconditionally secure model. We prove that unlike computational security framework, without interaction a secure authentication protocol requires the bandwidth of the manual channel to be at least the same as the message size, hence non-trivial protocols do not exist.

75 FR 80042 - Information Privacy and Innovation in the Internet Economy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-21

... statistics that provide evidence of concern--or comments explaining why concerns are unwarranted--about cloud computing data privacy and security in the commercial context. We also seek data that links any such concerns to decisions to adopt, or refrain from adopting, cloud computing services. (41) The Task Force...

32 CFR Appendix A to Part 310 - Safeguarding Personally Identifiable Information (PII)

Code of Federal Regulations, 2012 CFR

2012-07-01

... all computer products containing classified data in accordance with the requirements of DoD 5200.1-R... computer environments outside the data processing installation (such as, remote job entry stations... process classified material have adequate procedures and security for the purposes of this Regulation...

32 CFR Appendix A to Part 310 - Safeguarding Personally Identifiable Information (PII)

Code of Federal Regulations, 2010 CFR

2010-07-01

... all computer products containing classified data in accordance with the requirements of DoD 5200.1-R... computer environments outside the data processing installation (such as, remote job entry stations... process classified material have adequate procedures and security for the purposes of this Regulation...

32 CFR Appendix A to Part 310 - Safeguarding Personally Identifiable Information (PII)

Code of Federal Regulations, 2011 CFR

2011-07-01

... all computer products containing classified data in accordance with the requirements of DoD 5200.1-R... computer environments outside the data processing installation (such as, remote job entry stations... process classified material have adequate procedures and security for the purposes of this Regulation...

32 CFR Appendix A to Part 310 - Safeguarding Personally Identifiable Information (PII)

Code of Federal Regulations, 2014 CFR

2014-07-01

... all computer products containing classified data in accordance with the requirements of DoD 5200.1-R... computer environments outside the data processing installation (such as, remote job entry stations... process classified material have adequate procedures and security for the purposes of this Regulation...

32 CFR Appendix A to Part 310 - Safeguarding Personally Identifiable Information (PII)

Code of Federal Regulations, 2013 CFR

2013-07-01

... all computer products containing classified data in accordance with the requirements of DoD 5200.1-R... computer environments outside the data processing installation (such as, remote job entry stations... process classified material have adequate procedures and security for the purposes of this Regulation...

12 CFR 403.9 - Fees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

12 CFR 403.9 - Fees.

Code of Federal Regulations, 2012 CFR

2012-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

12 CFR 403.9 - Fees.

Code of Federal Regulations, 2011 CFR

2011-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

12 CFR 403.9 - Fees.

Code of Federal Regulations, 2013 CFR

2013-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

12 CFR 403.9 - Fees.

Code of Federal Regulations, 2014 CFR

2014-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEPARTMENT OF DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... information. (e) Cyber incident means actions taken through the use of computer networks that result in an...) Cyber intrusion damage assessment means a managed, coordinated process to determine the effect on...

Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment.

PubMed

Das, Ashok Kumar; Wazid, Mohammad; Kumar, Neeraj; Khan, Muhammad Khurram; Choo, Kim-Kwang Raymond; Park, YoungHo

2017-09-18

Wearable devices are used in various applications to collect information including step information, sleeping cycles, workout statistics, and health related information. Due to the nature and richness of the data collected by such devices, it is important to ensure the security of the collected data. This paper presents a new lightweight authentication scheme suitable for wearable device deployment. The scheme allows a user to mutually authenticate his/her wearable device(s) and the mobile terminal (e.g., Android and iOS device) and establish a session key among these devices (worn and carried by the same user) for secure communication between the wearable device and the mobile terminal. The security of the proposed scheme is then demonstrated through the broadly-accepted Real-Or-Random model, as well as using the popular formal security verification tool, known as the Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, we present a comparative summary of the proposed scheme in terms of the overheads such as computation and communication costs, security and functionality features of the proposed scheme and related schemes, and also the evaluation findings from the NS2 simulation.

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

InfoSec-MobCop - Framework for Theft Detection and Data Security on Mobile Computing Devices

NASA Astrophysics Data System (ADS)

Gupta, Anand; Gupta, Deepank; Gupta, Nidhi

People steal mobile devices with the intention of making money either by selling the mobile or by taking the sensitive information stored inside it. Mobile thefts are rising even with existing deterrents in place. This is because; they are ineffective, as they generate unnecessary alerts and might require expensive hardware equipments. In this paper a novel framework termed as InfoSec-MobCop is proposed which secures a mobile user’s data and discovers theft by detecting any anomaly in the user behavior. The anomaly of the user is computed by extracting and monitoring user specific details (typing pattern and usage history). The result of any intrusion attempt by a masquerader is intimated to the service provider through an SMS. Effectiveness of the used approach is discussed using FAR and FRR graphs. The experimental system uses both real users and simulated studies to quantify the effectiveness of the InfoSec-MobCop (Information Security Mobile Cop).

Privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks.

PubMed

Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

2014-01-01

With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions.

Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

PubMed Central

Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

2014-01-01

With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

Security Issues in Cross-Organizational Peer-to-Peer Applications and Some Solutions

NASA Astrophysics Data System (ADS)

Gupta, Ankur; Awasthi, Lalit K.

Peer-to-Peer networks have been widely used for sharing millions of terabytes of content, for large-scale distributed computing and for a variety of other novel applications, due to their scalability and fault-tolerance. However, the scope of P2P networks has somehow been limited to individual computers connected to the internet. P2P networks are also notorious for blatant copyright violations and facilitating several kinds of security attacks. Businesses and large organizations have thus stayed away from deploying P2P applications citing security loopholes in P2P systems as the biggest reason for non-adoption. In theory P2P applications can help fulfill many organizational requirements such as collaboration and joint projects with other organizations, access to specialized computing infrastructure and finally accessing the specialized information/content and expert human knowledge available at other organizations. These potentially beneficial interactions necessitate that the research community attempt to alleviate the security shortcomings in P2P systems and ensure their acceptance and wide deployment. This research paper therefore examines the security issues prevalent in enabling cross-organizational P2P interactions and provides some technical insights into how some of these issues can be resolved.

SecSIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Secure remote access to a clinical data repository using a wireless personal digital assistant (PDA).

PubMed

Duncan, R G; Shabot, M M

2000-01-01

TCP/IP and World-Wide-Web (WWW) technology have become the universal standards for networking and delivery of information. Personal digital assistants (PDAs), cellular telephones, and alphanumeric pagers are rapidly converging on a single pocket device that will leverage wireless TCP/IP networks and WWW protocols and can be used to deliver clinical information and alerts anytime, anywhere. We describe a wireless interface to clinical information for physicians based on Palm Corp.'s Palm VII pocket computer, a wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository (CDR).

Secure remote access to a clinical data repository using a wireless personal digital assistant (PDA).

PubMed Central

Duncan, R. G.; Shabot, M. M.

2000-01-01

TCP/IP and World-Wide-Web (WWW) technology have become the universal standards for networking and delivery of information. Personal digital assistants (PDAs), cellular telephones, and alphanumeric pagers are rapidly converging on a single pocket device that will leverage wireless TCP/IP networks and WWW protocols and can be used to deliver clinical information and alerts anytime, anywhere. We describe a wireless interface to clinical information for physicians based on Palm Corp.'s Palm VII pocket computer, a wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository (CDR). PMID:11079875

Computerized Vocational Information and Decision-Making in Secured Environments in New York State.

ERIC Educational Resources Information Center

Heller, Barbara R.; Gross, Linda Chitayat

A study was conducted on the use of the Guidance Information System (GIS), an on-line computer information retrieval system for occupational, two-year college, four-year college, and scholarship and financial aid information, in four detention/correctional facilities in New York. These were the Queens House of Detention for Men (QHDM), Brooklyn…

Secure Encapsulation and Publication of Biological Services in the Cloud Computing Environment

PubMed Central

Zhang, Weizhe; Wang, Xuehui; Lu, Bo; Kim, Tai-hoon

2013-01-01

Secure encapsulation and publication for bioinformatics software products based on web service are presented, and the basic function of biological information is realized in the cloud computing environment. In the encapsulation phase, the workflow and function of bioinformatics software are conducted, the encapsulation interfaces are designed, and the runtime interaction between users and computers is simulated. In the publication phase, the execution and management mechanisms and principles of the GRAM components are analyzed. The functions such as remote user job submission and job status query are implemented by using the GRAM components. The services of bioinformatics software are published to remote users. Finally the basic prototype system of the biological cloud is achieved. PMID:24078906

Secure encapsulation and publication of biological services in the cloud computing environment.

PubMed

Zhang, Weizhe; Wang, Xuehui; Lu, Bo; Kim, Tai-hoon

2013-01-01

Secure encapsulation and publication for bioinformatics software products based on web service are presented, and the basic function of biological information is realized in the cloud computing environment. In the encapsulation phase, the workflow and function of bioinformatics software are conducted, the encapsulation interfaces are designed, and the runtime interaction between users and computers is simulated. In the publication phase, the execution and management mechanisms and principles of the GRAM components are analyzed. The functions such as remote user job submission and job status query are implemented by using the GRAM components. The services of bioinformatics software are published to remote users. Finally the basic prototype system of the biological cloud is achieved.

The myth of secure computing.

PubMed

Austin, Robert D; Darby, Christopher A

2003-06-01

Few senior executives pay a whole lot of attention to computer security. They either hand off responsibility to their technical people or bring in consultants. But given the stakes involved, an arm's-length approach is extremely unwise. According to industry estimates, security breaches affect 90% of all businesses every year and cost some $17 billion. Fortunately, the authors say, senior executives don't need to learn about the more arcane aspects of their company's IT systems in order to take a hands-on approach. Instead, they should focus on the familiar task of managing risk. Their role should be to assess the business value of their information assets, determine the likelihood that those assets will be compromised, and then tailor a set of risk abatement processes to their company's particular vulnerabilities. This approach, which views computer security as an operational rather than a technical challenge, is akin to a classic quality assurance program in that it attempts to avoid problems rather than fix them and involves all employees, not just IT staffers. The goal is not to make computer systems completely secure--that's impossible--but to reduce the business risk to an acceptable level. This article looks at the types of threats a company is apt to face. It also examines the processes a general manager should spearhead to lessen the likelihood of a successful attack. The authors recommend eight processes in all, ranging from deciding how much protection each digital asset deserves to insisting on secure software to rehearsing a response to a security breach. The important thing to realize, they emphasize, is that decisions about digital security are not much different from other cost-benefit decisions. The tools general managers bring to bear on other areas of the business are good models for what they need to do in this technical space.

48 CFR 239.7103 - Contract clauses.

Code of Federal Regulations, 2012 CFR

2012-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7103 Contract clauses. (a) Use the clause at 252.239-7000, Protection...

48 CFR 239.7103 - Contract clauses.

Code of Federal Regulations, 2014 CFR

2014-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7103 Contract clauses. (a) Use the clause at 252.239-7000, Protection...

48 CFR 239.7103 - Contract clauses.

Code of Federal Regulations, 2011 CFR

2011-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7103 Contract clauses. (a) Use the clause at 252.239-7000, Protection...

48 CFR 239.7103 - Contract clauses.

Code of Federal Regulations, 2013 CFR

2013-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7103 Contract clauses. (a) Use the clause at 252.239-7000, Protection...

48 CFR 239.7103 - Contract clauses.

Code of Federal Regulations, 2010 CFR

2010-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7103 Contract clauses. (a) Use the clause at 252.239-7000, Protection...

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

PubMed

Mohit, Prerna; Amin, Ruhul; Karati, Arijit; Biswas, G P; Khan, Muhammad Khurram

2017-04-01

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

77 FR 12066 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-28

... holidays. OIRA posts its decisions on ICRs online at http://www.reginfo.gov/public/do/PRAMain after the... Command, Control, Communications, Computers and Information Technology. [FR Doc. 2012-4607 Filed 2-27-12... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-1061] Collection of Information Under...

78 FR 52939 - Collection of Information under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-27

.... OIRA posts its decisions on ICRs online at http://www.reginfo.gov/public/do/PRAMain after the comment..., Communications, Computers and Information Technology. [FR Doc. 2013-20787 Filed 8-26-13; 8:45 am] BILLING CODE... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0222] Collection of Information under...

77 FR 1942 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-12

... through Friday, except Federal holidays. OIRA posts its decisions on ICRs online at http://www.reginfo.gov..., Communications, Computers and Information Technology. [FR Doc. 2012-400 Filed 1-11-12; 8:45 am] BILLING CODE 9110... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-1014] Collection of Information Under...

A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

PubMed

Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

2017-11-01

A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.