Study of the Use of Ada in Trusted Computing Bases (TCBs) to be Certified at, or Below, the B3 Level

DTIC Science & Technology

1989-04-01

of th . Each M class, fran Cl throh B3, is described. nTe tor ajor steadings of TcBs, Security policy , Acxntability, Ass-ranre, and D Mnt.Iticn, am...the system’s security policy . Data - Information with a specific physical representation. Discreticnary A C Itrol - A means of restricting access to...including hardware firmware, and software - the cambination of which is responsible for enforcing a security policy . A TCB consists of one or more

Towards an Approach of Semantic Access Control for Cloud Computing

NASA Astrophysics Data System (ADS)

Hu, Luokai; Ying, Shi; Jia, Xiangyang; Zhao, Kai

With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

78 FR 48170 - Privacy Act of 1974; CMS Computer Match No. 2013-12; HHS Computer Match No. 1307; SSA Computer...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... Wesolowski, Director, Verifications Policy & Operations Branch, Division of Eligibility and Enrollment Policy..., electronic interfaces and an on-line system for the verification of eligibility. PURPOSE(S) OF THE MATCHING... Security number (SSN) verifications, (2) a death indicator, (3) an indicator of a finding of disability by...

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and... classified national security information (classified information) on computer networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified information to be shared...

Verification of Security Policy Enforcement in Enterprise Systems

NASA Astrophysics Data System (ADS)

Gupta, Puneet; Stoller, Scott D.

Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

Selecting, Evaluating and Creating Policies for Computer-Based Resources in the Behavioral Sciences and Education.

ERIC Educational Resources Information Center

Richardson, Linda B., Comp.; And Others

This collection includes four handouts: (1) "Selection Critria Considerations for Computer-Based Resources" (Linda B. Richardson); (2) "Software Collection Policies in Academic Libraries" (a 24-item bibliography, Jane W. Johnson); (3) "Circulation and Security of Software" (a 19-item bibliography, Sara Elizabeth Williams); and (4) "Bibliography of…

Operating Policies and Procedures of Computer Data-Base Systems.

ERIC Educational Resources Information Center

Anderson, David O.

Speaking on the operating policies and procedures of computer data bases containing information on students, the author divides his remarks into three parts: content decisions, data base security, and user access. He offers nine recommended practices that should increase the data base's usefulness to the user community: (1) the cost of developing…

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

An Information Policy for the Information Age.

ERIC Educational Resources Information Center

Blake, Virgil; Surprenant, Thomas

1988-01-01

Discusses recent federal information policies that pose a threat to access to information. A short-lived policy for protection of sensitive but unclassified information is criticized, and the Computer Security Act of 1987, currently under consideration in Congress, is described. Involvement by the library and information community in developing…

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation.

PubMed

Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

2018-05-17

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

System security in the space flight operations center

NASA Technical Reports Server (NTRS)

Wagner, David A.

1988-01-01

The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

NASA Astrophysics Data System (ADS)

Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

2016-11-01

Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies

DTIC Science & Technology

2005-07-01

policies in pervasive computing environments. In this context, the owner of information sources (e.g. user, sensor, application, or organization...work in decentralized trust management and semantic web technologies . Section 3 introduces an Information Disclosure Agent architecture for...Norman Sadeh July 2005 CMU-ISRI-05-113 School of Computer Science, Carnegie Mellon University 5000 Forbes Avenue, Pittsburgh, PA, 15213

Information Assurance and Forensic Readiness

NASA Astrophysics Data System (ADS)

Pangalos, Georgios; Katos, Vasilios

Egalitarianism and justice are amongst the core attributes of a democratic regime and should be also secured in an e-democratic setting. As such, the rise of computer related offenses pose a threat to the fundamental aspects of e-democracy and e-governance. Digital forensics are a key component for protecting and enabling the underlying (e-)democratic values and therefore forensic readiness should be considered in an e-democratic setting. This position paper commences from the observation that the density of compliance and potential litigation activities is monotonically increasing in modern organizations, as rules, legislative regulations and policies are being constantly added to the corporate environment. Forensic practices seem to be departing from the niche of law enforcement and are becoming a business function and infrastructural component, posing new challenges to the security professionals. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, we advocate that computer forensics need to be applied to all investigatory, monitoring and auditing activities. This would result into an inflation of the responsibilities of the Information Security Officer. After exploring some commonalities and differences between IS audit and computer forensics, we present a list of strategic challenges the organization and, in effect, the IS security and audit practitioner will face.

A computer science approach to managing security in health care.

PubMed

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

Government Cloud Computing Policies: Potential Opportunities for Advancing Military Biomedical Research.

PubMed

Lebeda, Frank J; Zalatoris, Jeffrey J; Scheerer, Julia B

2018-02-07

This position paper summarizes the development and the present status of Department of Defense (DoD) and other government policies and guidances regarding cloud computing services. Due to the heterogeneous and growing biomedical big datasets, cloud computing services offer an opportunity to mitigate the associated storage and analysis requirements. Having on-demand network access to a shared pool of flexible computing resources creates a consolidated system that should reduce potential duplications of effort in military biomedical research. Interactive, online literature searches were performed with Google, at the Defense Technical Information Center, and at two National Institutes of Health research portfolio information sites. References cited within some of the collected documents also served as literature resources. We gathered, selected, and reviewed DoD and other government cloud computing policies and guidances published from 2009 to 2017. These policies were intended to consolidate computer resources within the government and reduce costs by decreasing the number of federal data centers and by migrating electronic data to cloud systems. Initial White House Office of Management and Budget information technology guidelines were developed for cloud usage, followed by policies and other documents from the DoD, the Defense Health Agency, and the Armed Services. Security standards from the National Institute of Standards and Technology, the Government Services Administration, the DoD, and the Army were also developed. Government Services Administration and DoD Inspectors General monitored cloud usage by the DoD. A 2016 Government Accountability Office report characterized cloud computing as being economical, flexible and fast. A congressionally mandated independent study reported that the DoD was active in offering a wide selection of commercial cloud services in addition to its milCloud system. Our findings from the Department of Health and Human Services indicated that the security infrastructure in cloud services may be more compliant with the Health Insurance Portability and Accountability Act of 1996 regulations than traditional methods. To gauge the DoD's adoption of cloud technologies proposed metrics included cost factors, ease of use, automation, availability, accessibility, security, and policy compliance. Since 2009, plans and policies were developed for the use of cloud technology to help consolidate and reduce the number of data centers which were expected to reduce costs, improve environmental factors, enhance information technology security, and maintain mission support for service members. Cloud technologies were also expected to improve employee efficiency and productivity. Federal cloud computing policies within the last decade also offered increased opportunities to advance military healthcare. It was assumed that these opportunities would benefit consumers of healthcare and health science data by allowing more access to centralized cloud computer facilities to store, analyze, search and share relevant data, to enhance standardization, and to reduce potential duplications of effort. We recommend that cloud computing be considered by DoD biomedical researchers for increasing connectivity, presumably by facilitating communications and data sharing, among the various intra- and extramural laboratories. We also recommend that policies and other guidances be updated to include developing additional metrics that will help stakeholders evaluate the above mentioned assumptions and expectations. Published by Oxford University Press on behalf of the Association of Military Surgeons of the United States 2018. This work is written by (a) US Government employee(s) and is in the public domain in the US.

28 CFR 0.64-5 - Policy with regard to bringing charges under the Economic Espionage Act of 1996, Pub. L. 104-294...

Code of Federal Regulations, 2010 CFR

2010-07-01

... of the National Security Division, which will consult, as necessary, with the Computer Crime and... Attorney General, the Deputy Attorney General, the Assistant Attorney General for National Security, or the...

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

PubMed

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation

PubMed Central

Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

2018-01-01

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional “encrypt-then-sign” or “sign-then-encrypt” strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation. PMID:29772840

Proceedings from the conference on high speed computing: High speed computing and national security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hirons, K.P.; Vigil, M.; Carlson, R.

1997-07-01

This meeting covered the following topics: technologies/national needs/policies: past, present and future; information warfare; crisis management/massive data systems; risk assessment/vulnerabilities; Internet law/privacy and rights of society; challenges to effective ASCI programmatic use of 100 TFLOPs systems; and new computing technologies.

Model-Driven Configuration of SELinux Policies

NASA Astrophysics Data System (ADS)

Agreiter, Berthold; Breu, Ruth

The need for access control in computer systems is inherent. However, the complexity to configure such systems is constantly increasing which affects the overall security of a system negatively. We think that it is important to define security requirements on a non-technical level while taking the application domain into respect in order to have a clear and separated view on security configuration (i.e. unblurred by technical details). On the other hand, security functionality has to be tightly integrated with the system and its development process in order to provide comprehensive means of enforcement. In this paper, we propose a systematic approach based on model-driven security configuration to leverage existing operating system security mechanisms (SELinux) for realising access control. We use UML models and develop a UML profile to satisfy these needs. Our goal is to exploit a comprehensive protection mechanism while rendering its security policy manageable by a domain specialist.

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

Scalable Trust of Next-Generation Management (STRONGMAN)

DTIC Science & Technology

2004-10-01

remote logins might be policy controlled to allow only strongly encrypted IPSec tunnels to log in remotely, to access selected files, etc. The...and Angelos D. Keromytis. Drop-in Security for Distributed and Portable Computing Elements. Emerald Journal of Internet Research. Electronic...Security and Privacy, pp. 17-31, May 1999. [2] S. M. Bellovin. Distributed Firewalls. ; login : magazine, special issue on security, November 1999. [3] M

New Directions for Hardware-assisted Trusted Computing Policies (Position Paper)

NASA Astrophysics Data System (ADS)

Bratus, Sergey; Locasto, Michael E.; Ramaswamy, Ashwin; Smith, Sean W.

The basic technological building blocks of the TCG architecture seem to be stabilizing. As a result, we believe that the focus of the Trusted Computing (TC) discipline must naturally shift from the design and implementation of the hardware root of trust (and the subsequent trust chain) to the higher-level application policies. Such policies must build on these primitives to express new sets of security goals. We highlight the relationship between enforcing these types of policies and debugging, since both activities establish the link between expected and actual application behavior. We argue that this new class of policies better fits developers' mental models of expected application behaviors, and we suggest a hardware design direction for enabling the efficient interpretation of such policies.

Computer Security-Risks, Threats, and Safeguards.

ERIC Educational Resources Information Center

Ekhaml, Leticia

2001-01-01

Describes a variety of Internet threats to computers and networks used in schools. Discusses electronic trashing; clearing hard drives; cyber spying on Web sites visited; protection against cyber spying, including disposable email accounts; password sniffers; privacy policies; email snooping; email attachments that carry viruses; and hoaxes. (LRW)

Protecting Public-Access Computers in Libraries.

ERIC Educational Resources Information Center

King, Monica

1999-01-01

Describes one public library's development of a computer-security plan, along with helpful products used. Discussion includes Internet policy, physical protection of hardware, basic protection of the operating system and software on the network, browser dilemmas and maintenance, creating clear intuitive interface, and administering fair use and…

The HEPiX Virtualisation Working Group: Towards a Grid of Clouds

NASA Astrophysics Data System (ADS)

Cass, Tony

2012-12-01

The use of virtual machine images, as for example with Cloud services such as Amazon's Elastic Compute Cloud, is attractive for users as they have a guaranteed execution environment, something that cannot today be provided across sites participating in computing grids such as the Worldwide LHC Computing Grid. However, Grid sites often operate within computer security frameworks which preclude the use of remotely generated images. The HEPiX Virtualisation Working Group was setup with the objective to enable use of remotely generated virtual machine images at Grid sites and, to this end, has introduced the idea of trusted virtual machine images which are guaranteed to be secure and configurable by sites such that security policy commitments can be met. This paper describes the requirements and details of these trusted virtual machine images and presents a model for their use to facilitate the integration of Grid- and Cloud-based computing environments for High Energy Physics.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

PubMed Central

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-01-01

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

Policy revision in health enterprise information security: P3WG final report

NASA Astrophysics Data System (ADS)

Sostrom, Kristen; Collmann, Jeff R.

2003-05-01

Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center (TATRC), TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG) examined military policies and regulations relating to computer-based information systems and medical records management. Using an interdisciplinary and interservice QA approach they compared existing military policies with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to identify gaps and discrepancies. The final report, including a plain English explanation of the individual standards and relevance to the Department of Defense (DoD), a comparative analysis and recommendations, will feed in to the security management process and HIPAA implementation efforts at multiple levels within the DoD. In light of High Reliability Theory, this process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains, building consensus on key policy reforms among military stakeholders across different disciplines, levels of command hierarchy and services.

Beyond grid security

NASA Astrophysics Data System (ADS)

Hoeft, B.; Epting, U.; Koenig, T.

2008-07-01

While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls.

Certified In-lined Reference Monitoring on .NET

DTIC Science & Technology

2006-06-01

Introduction Language -based approaches to computer security have employed two major strategies for enforcing security policies over untrusted programs. • Low...automatically verify IRM’s using a static type-checker. Mobile (MOnitorable BIL with Effects) is an exten- sion of BIL (Baby Intermediate Language ) [15], a...AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES Proceedings of the 2006 Programming Languages and

Security & Privacy Policy - Naval Oceanography Portal

Science.gov Websites

Notice: This is a U.S. Government Web Site 1. This is a World Wide Web site for official information information on this Web site are strictly prohibited and may be punishable under the Computer Fraud and Abuse Information Act (FOIA) | External Link Disclaimer This is an official U.S. Navy web site. Security &

Data Security Policy | High-Performance Computing | NREL

Science.gov Websites

to use its high-performance computing (HPC) systems. NREL HPC systems are operated as research systems and may only contain data related to scientific research. These systems are categorized as low per sensitive or non-sensitive. One example of sensitive data would be personally identifiable information (PII

77 FR 24728 - President's National Security Telecommunications Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... on their Report to the President on Cloud Computing. The members will also discuss and vote on the... Technology Management, such as progress made towards implementing the Government's Cloud First Policy...

Legal issues of the electronic dental record: security and confidentiality.

PubMed

Szekely, D G; Milam, S; Khademi, J A

1996-01-01

Computer-based, electronic dental record keeping involves complex issues of patient privacy and the dental practitioner's ethical duty of confidentiality. Federal and state law is responding to the new legal issues presented by computer technology. Authenticating the electronic record in terms of ensuring its reliability and accuracy is essential in order to protect its admissibility as evidence in legal actions. Security systems must be carefully planned to limit access and provide for back-up and storage of dental records. Carefully planned security systems protect the patient from disclosure without the patient's consent and also protect the practitioner from the liability that would arise from such disclosure. Human errors account for the majority of data security problems. Personnel security is assured through pre-employment screening, employment contracts, policies, and staff education. Contracts for health information systems should include provisions for indemnification and ensure the confidentiality of the system by the vendor.

Energy Structure and Energy Security under Climate Mitigation Scenarios in China

PubMed Central

Matsumoto, Ken’ichi

2015-01-01

This study investigates how energy structure and energy security in China will change in the future under climate mitigation policy scenarios using Representative Concentration Pathways in a computable general equilibrium model. The findings suggest that to reduce greenhouse gas emissions, China needs to shift its energy structure from fossil fuel dominance to renewables and nuclear. The lower the allowable emissions, the larger the shifts required. Among fossil fuels, coal use particularly must significantly decrease. Such structural shifts will improve energy self-sufficiency, thus enhancing energy security. Under the policy scenarios, energy-source diversity as measured by the Herfindahl Index improves until 2050, after which diversity declines because of high dependence on a specific energy source (nuclear and biomass). Overall, however, it is revealed that energy security improves along with progress in climate mitigation. These improvements will also contribute to the economy by reducing energy procurement risks. PMID:26660094

Server-Based and Server-Less Byod Solutions to Support Electronic Learning

DTIC Science & Technology

2016-06-01

Knowledge Online NSD National Security Directive OS operating system OWA Outlook Web Access PC personal computer PED personal electronic device PDA...mobile devices, institute mobile device policies and standards, and promote the development and use of DOD mobile and web -enabled applications” (DOD...with an isolated BYOD web server, properly educated system administrators must carry out and execute the necessary, pre-defined network security

In Internet-Based Visualization System Study about Breakthrough Applet Security Restrictions

NASA Astrophysics Data System (ADS)

Chen, Jie; Huang, Yan

In the process of realization Internet-based visualization system of the protein molecules, system needs to allow users to use the system to observe the molecular structure of the local computer, that is, customers can generate the three-dimensional graphics from PDB file on the client computer. This requires Applet access to local file, related to the Applet security restrictions question. In this paper include two realization methods: 1.Use such as signature tools, key management tools and Policy Editor tools provided by the JDK to digital signature and authentication for Java Applet, breakthrough certain security restrictions in the browser. 2. Through the use of Servlet agent implement indirect access data methods, breakthrough the traditional Java Virtual Machine sandbox model restriction of Applet ability. The two ways can break through the Applet's security restrictions, but each has its own strengths.

Protecting genomic data analytics in the cloud: state of the art and opportunities.

PubMed

Tang, Haixu; Jiang, Xiaoqian; Wang, Xiaofeng; Wang, Shuang; Sofia, Heidi; Fox, Dov; Lauter, Kristin; Malin, Bradley; Telenti, Amalio; Xiong, Li; Ohno-Machado, Lucila

2016-10-13

The outsourcing of genomic data into public cloud computing settings raises concerns over privacy and security. Significant advancements in secure computation methods have emerged over the past several years, but such techniques need to be rigorously evaluated for their ability to support the analysis of human genomic data in an efficient and cost-effective manner. With respect to public cloud environments, there are concerns about the inadvertent exposure of human genomic data to unauthorized users. In analyses involving multiple institutions, there is additional concern about data being used beyond agreed research scope and being prcoessed in untrused computational environments, which may not satisfy institutional policies. To systematically investigate these issues, the NIH-funded National Center for Biomedical Computing iDASH (integrating Data for Analysis, 'anonymization' and SHaring) hosted the second Critical Assessment of Data Privacy and Protection competition to assess the capacity of cryptographic technologies for protecting computation over human genomes in the cloud and promoting cross-institutional collaboration. Data scientists were challenged to design and engineer practical algorithms for secure outsourcing of genome computation tasks in working software, whereby analyses are performed only on encrypted data. They were also challenged to develop approaches to enable secure collaboration on data from genomic studies generated by multiple organizations (e.g., medical centers) to jointly compute aggregate statistics without sharing individual-level records. The results of the competition indicated that secure computation techniques can enable comparative analysis of human genomes, but greater efficiency (in terms of compute time and memory utilization) are needed before they are sufficiently practical for real world environments.

A Research Program in Computer Technology. 1987 Annual Technical Report

DTIC Science & Technology

1990-07-01

TITLE (Indcle Security Clanificstion) 1987 Annual Technical Report: *A Research Program in Computer Technology (Unclassified) 12. PERSONAL AUTHOR(S) IS...distributed processing, survivable networks 17. NCE: distributed processing, local networks, personal computers, workstation environment 18. SC Dev...are the auw’iors and should not be Interpreted as representIng the official opinion or policy of DARPA, the U.S. Government, or any person or agency

Reviewing and reforming policy in health enterprise information security

NASA Astrophysics Data System (ADS)

Sostrom, Kristen; Collmann, Jeff R.

2001-08-01

Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center, TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG), examined military policies and regulations relating to computer-based information systems and medical records management. Using a system of templates and matrices created for the purpose, P3WG identified gaps and discrepancies in DoD and service compliance with the proposed Health Insurance Portability and Accountability Act (HIPAA) Security Standard. P3WG represents an unprecedented attempt to coordinate policy review and revision across all military health services and the Office of Health Affairs. This method of policy reform can identify where changes need to be made to integrate health management policy and IT policy in to an organizational policy that will enable compliance with HIPAA standards. The process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains.

76 FR 78327 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-16

... security and law enforcement access issues related to cloud computing, as well as recent private sector.... Visitor's full name. 3. Date of birth. 4. Citizenship. 5. Acceptable forms of identification for entry...

Computer-Aided Process and Tools for Mobile Software Acquisition

DTIC Science & Technology

2013-07-30

moldo^j= pmlkploba=obmloq=pbofbp= Computer-Aided Process and Tools for Mobile Software Acquisition 30 July 2013 LT Christopher Bonine , USN, Dr...Christopher Bonine is a lieutenant in the United States Navy. He is currently assigned to the Navy Cyber Defense Operations Command in Norfolk, VA. He has...interests are in development and implementation of cyber security policy. Bonine has a master’s in computer science from the Naval Postgraduate School

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Survey of Collaboration Technologies in Multi-level Security Environments

DTIC Science & Technology

2014-04-28

infrastructure or resources. In this research program, the security implications of the US Air Force GeoBase (the US The problem is that in many cases...design structure. ORA uses a Java interface for ease of use, and a C++ computational backend . The current version ORA1.2 software is available on the...information: culture, policy, governance, economics and resources, and technology and infrastructure . This plan, the DoD Information Sharing

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Index of Selected Publications Through December 1983,

DTIC Science & Technology

1984-03-01

substantiating methodology , and is designed mainly for * readers with a professional interest in the subject but do * not have a primary responsibility in that...Navy in postwar American security policy -- computer subroutines - CRC 20 H 1052 experimental design techniques, computer North Atlantic-Norwegian...statistical tion and Congestion, With an Example from Southern experimental design technique aids the analysis California, 27 pp., Jan 1971, AD 719 906 of

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

48 CFR 304.1300 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

...: As defined by the Computer Security Act of 1987, any data/information, “the loss, misuse, or... Project Officer determines greater access controls are necessary, an OPDIV may protect and control...)]. (c) As part of the acquisition planning process, the Project Officer shall determine whether, based...

48 CFR 304.1300 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

...: As defined by the Computer Security Act of 1987, any data/information, “the loss, misuse, or... Project Officer determines greater access controls are necessary, an OPDIV may protect and control...)]. (c) As part of the acquisition planning process, the Project Officer shall determine whether, based...

48 CFR 304.1300 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

...: As defined by the Computer Security Act of 1987, any data/information, “the loss, misuse, or... Project Officer determines greater access controls are necessary, an OPDIV may protect and control...)]. (c) As part of the acquisition planning process, the Project Officer shall determine whether, based...

48 CFR 304.1300 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

...: As defined by the Computer Security Act of 1987, any data/information, “the loss, misuse, or... Project Officer determines greater access controls are necessary, an OPDIV may protect and control...)]. (c) As part of the acquisition planning process, the Project Officer shall determine whether, based...

48 CFR 304.1300 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

...: As defined by the Computer Security Act of 1987, any data/information, “the loss, misuse, or... Project Officer determines greater access controls are necessary, an OPDIV may protect and control...)]. (c) As part of the acquisition planning process, the Project Officer shall determine whether, based...

Security and Policy for Group Collaboration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ian Foster; Carl Kesselman

2006-07-31

“Security and Policy for Group Collaboration” was a Collaboratory Middleware research project aimed at providing the fundamental security and policy infrastructure required to support the creation and operation of distributed, computationally enabled collaborations. The project developed infrastructure that exploits innovative new techniques to address challenging issues of scale, dynamics, distribution, and role. To reduce greatly the cost of adding new members to a collaboration, we developed and evaluated new techniques for creating and managing credentials based on public key certificates, including support for online certificate generation, online certificate repositories, and support for multiple certificate authorities. To facilitate the integration ofmore » new resources into a collaboration, we improved significantly the integration of local security environments. To make it easy to create and change the role and associated privileges of both resources and participants of collaboration, we developed community wide authorization services that provide distributed, scalable means for specifying policy. These services make it possible for the delegation of capability from the community to a specific user, class of user or resource. Finally, we instantiated our research results into a framework that makes it useable to a wide range of collaborative tools. The resulting mechanisms and software have been widely adopted within DOE projects and in many other scientific projects. The widespread adoption of our Globus Toolkit technology has provided, and continues to provide, a natural dissemination and technology transfer vehicle for our results.« less

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

NASA Astrophysics Data System (ADS)

Hassan, Ahmed A.; Bahgat, Waleed M.

2010-01-01

Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

A Risk Management Approach to the "Insider Threat"

NASA Astrophysics Data System (ADS)

Bishop, Matt; Engle, Sophie; Frincke, Deborah A.; Gates, Carrie; Greitzer, Frank L.; Peisert, Sean; Whalen, Sean

Recent surveys indicate that the financial impact and operating losses due to insider intrusions are increasing. But these studies often disagree on what constitutes an "insider;" indeed, manydefine it only implicitly. In theory, appropriate selection of, and enforcement of, properly specified security policies should prevent legitimate users from abusing their access to computer systems, information, and other resources. However, even if policies could be expressed precisely, the natural mapping between the natural language expression of a security policy, and the expression of that policyin a form that can be implemented on a computer system or network, createsgaps in enforcement. This paper defines "insider" precisely, in termsof thesegaps, andexploresan access-based modelfor analyzing threats that include those usually termed "insider threats." This model enables an organization to order its resources based on thebusinessvalue for that resource andof the information it contains. By identifying those users with access to high-value resources, we obtain an ordered list of users who can cause the greatest amount of damage. Concurrently with this, we examine psychological indicators in order to determine which usersareatthe greatestriskofacting inappropriately. We concludebyexamining how to merge this model with one of forensic logging and auditing.

Privacy Preserving Nearest Neighbor Search

NASA Astrophysics Data System (ADS)

Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

The PEDA Model. An advocacy tool modeling the interrelationships between population, development, the environment and agriculture in Africa.

PubMed

1999-01-01

This article reports on the PEDA (population changes, environment, socioeconomic development and agriculture) model and its implication for policy-making in Africa. PEDA is an interactive computer simulation model (developed for a Windows environment) demonstrating the long-term impacts of alternative national policies on food security status of the population. The model is based on multistate demographic techniques, projecting at the same time 8 different subgroups (by age and sex) in the population, and based on 3 dichotomous individual characteristics: urban/rural place of residence; literacy status; and food security status. Through the manipulation of scenario variables, the model enables the user to project the proportion of the population that will be food secure and food insecure for a chosen point in time. This model developed by Dr. W. Lutz, Director of the International Institute for Applied Systems Analysis, will serve as an advocacy tool to help convince policy-makers and country experts in Africa of the negative synergy arising from the interconnections of population growth, environmental deterioration, and declining agricultural production.

Efficient Web Services Policy Combination

NASA Technical Reports Server (NTRS)

Vatan, Farrokh; Harman, Joseph G.

2010-01-01

Large-scale Web security systems usually involve cooperation between domains with non-identical policies. The network management and Web communication software used by the different organizations presents a stumbling block. Many of the tools used by the various divisions do not have the ability to communicate network management data with each other. At best, this means that manual human intervention into the communication protocols used at various network routers and endpoints is required. Developing practical, sound, and automated ways to compose policies to bridge these differences is a long-standing problem. One of the key subtleties is the need to deal with inconsistencies and defaults where one organization proposes a rule on a particular feature, and another has a different rule or expresses no rule. A general approach is to assign priorities to rules and observe the rules with the highest priorities when there are conflicts. The present methods have inherent inefficiency, which heavily restrict their practical applications. A new, efficient algorithm combines policies utilized for Web services. The method is based on an algorithm that allows an automatic and scalable composition of security policies between multiple organizations. It is based on defeasible policy composition, a promising approach for finding conflicts and resolving priorities between rules. In the general case, policy negotiation is an intractable problem. A promising method, suggested in the literature, is when policies are represented in defeasible logic, and composition is based on rules for non-monotonic inference. In this system, policy writers construct metapolicies describing both the policy that they wish to enforce and annotations describing their composition preferences. These annotations can indicate whether certain policy assertions are required by the policy writer or, if not, under what circumstances the policy writer is willing to compromise and allow other assertions to take precedence. Meta-policies are specified in defeasible logic, a computationally efficient non-monotonic logic developed to model human reasoning. One drawback of this method is that at one point the algorithm starts an exhaustive search of all subsets of the set of conclusions of a defeasible theory. Although the propositional defeasible logic has linear complexity, the set of conclusions here may be large, especially in real-life practical cases. This phenomenon leads to an inefficient exponential explosion of complexity. The current process of getting a Web security policy from combination of two meta-policies consists of two steps. The first is generating a new meta-policy that is a composition of the input meta-policies, and the second is mapping the meta-policy onto a security policy. The new algorithm avoids the exhaustive search in the current algorithm, and provides a security policy that matches all requirements of the involved metapolicies.

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 1 2014-01-01 2014-01-01 false Securities trading policies and procedures. 12... RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and procedures. (a) Policies and procedures; reports of securities trading. A national bank effecting securities...

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 1 2013-01-01 2013-01-01 false Securities trading policies and procedures. 12... RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and procedures. (a) Policies and procedures; reports of securities trading. A national bank effecting securities...

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 1 2012-01-01 2012-01-01 false Securities trading policies and procedures. 12... RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and procedures. (a) Policies and procedures; reports of securities trading. A national bank effecting securities...

Flexible session management in a distributed environment

NASA Astrophysics Data System (ADS)

Miller, Zach; Bradley, Dan; Tannenbaum, Todd; Sfiligoi, Igor

2010-04-01

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.

Applying Automated Theorem Proving to Computer Security

DTIC Science & Technology

2008-03-01

CS96]”. Violations of policy can also be specified in this model. La Padula [Pad90] discusses a domain-independent formal model which imple- ments a...Science Laboratory, SRI International, Menlo Park, CA, September 1999. Pad90. L.J. La Padula . Formal modeling in a generalized framework for ac- cess

Airborne Hazards and Open Burn Pit Registry

MedlinePlus

... Burn Pit Registry requires a common web browser technology to guide you through the registry questionnaire. You may try a different browser, or you may try from a different computer. You may also see this problem if you are in a high security environment where this is disabled by a network policy. ...

Canada’s Foreign Policy Objectives and Canadian Security Arrangements in the North,

DTIC Science & Technology

1980-02-01

NATO - but really the issue is greater even than that. The importance of sea communciations is so clearly perceived, the evidence of two world wars...submarines in transit, with computer processing of signals from fixed and mobile acoustic sensors somewhat compensating for the inability to detect

A national-scale authentication infrastructure.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Butler, R.; Engert, D.; Foster, I.

2000-12-01

Today, individuals and institutions in science and industry are increasingly forming virtual organizations to pool resources and tackle a common goal. Participants in virtual organizations commonly need to share resources such as data archives, computer cycles, and networks - resources usually available only with restrictions based on the requested resource's nature and the user's identity. Thus, any sharing mechanism must have the ability to authenticate the user's identity and determine if the user is authorized to request the resource. Virtual organizations tend to be fluid, however, so authentication mechanisms must be flexible and lightweight, allowing administrators to quickly establish andmore » change resource-sharing arrangements. However, because virtual organizations complement rather than replace existing institutions, sharing mechanisms cannot change local policies and must allow individual institutions to maintain control over their own resources. Our group has created and deployed an authentication and authorization infrastructure that meets these requirements: the Grid Security Infrastructure. GSI offers secure single sign-ons and preserves site control over access policies and local security. It provides its own versions of common applications, such as FTP and remote login, and a programming interface for creating secure applications.« less

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing.

PubMed

Huang, Qinlong; Yang, Yixian; Shi, Yuxiang

2018-02-24

With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC.

SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing

PubMed Central

Yang, Yixian; Shi, Yuxiang

2018-01-01

With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC. PMID:29495269

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing.

PubMed

Yu, Si; Gui, Xiaolin; Lin, Jiancai; Tian, Feng; Zhao, Jianqiang; Dai, Min

2014-01-01

Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect of virtual machine (VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use the aggressive conflict of interest relation (ACIR) and aggressive in ally with relation (AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much.

A Security-Awareness Virtual Machine Management Scheme Based on Chinese Wall Policy in Cloud Computing

PubMed Central

Gui, Xiaolin; Lin, Jiancai; Tian, Feng; Zhao, Jianqiang; Dai, Min

2014-01-01

Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect of virtual machine (VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use the aggressive conflict of interest relation (ACIR) and aggressive in ally with relation (AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much. PMID:24688434

Role-based access control permissions

DOEpatents

Staggs, Kevin P.; Markham, Thomas R.; Hull Roskos, Julie J.; Chernoguzov, Alexander

2017-04-25

Devices, systems, and methods for role-based access control permissions are disclosed. One method includes a policy decision point that receives up-to-date security context information from one or more outside sources to determine whether to grant access for a data client to a portion of the system and creates an access vector including the determination; receiving, via a policy agent, a request by the data client for access to the portion of the computing system by the data client, wherein the policy agent checks to ensure there is a session established with communications and user/application enforcement points; receiving, via communications policy enforcement point, the request from the policy agent, wherein the communications policy enforcement point determines whether the data client is an authorized node, based upon the access vector received from the policy decision point; and receiving, via the user/application policy enforcement point, the request from the communications policy enforcement point.

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks

PubMed Central

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-01-01

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs. PMID:26404300

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

PubMed

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-09-03

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients' full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Federated Tensor Factorization for Computational Phenotyping

PubMed Central

Kim, Yejin; Sun, Jimeng; Yu, Hwanjo; Jiang, Xiaoqian

2017-01-01

Tensor factorization models offer an effective approach to convert massive electronic health records into meaningful clinical concepts (phenotypes) for data analysis. These models need a large amount of diverse samples to avoid population bias. An open challenge is how to derive phenotypes jointly across multiple hospitals, in which direct patient-level data sharing is not possible (e.g., due to institutional policies). In this paper, we developed a novel solution to enable federated tensor factorization for computational phenotyping without sharing patient-level data. We developed secure data harmonization and federated computation procedures based on alternating direction method of multipliers (ADMM). Using this method, the multiple hospitals iteratively update tensors and transfer secure summarized information to a central server, and the server aggregates the information to generate phenotypes. We demonstrated with real medical datasets that our method resembles the centralized training model (based on combined datasets) in terms of accuracy and phenotypes discovery while respecting privacy. PMID:29071165

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 4 2011-01-01 2011-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 5 2012-01-01 2012-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

Department of the Navy For Policy

Science.gov Websites

Policy DEPARTMENT OF THE NAVY For Policy Search this site... Search Policy Security Skip navigation links Security Expand Security Deputy Under Secretary of the Navy (Policy) Roles and Responsibilities: - Policy Page Content Deputy Under Secretary of the Navy (Policy) Roles and Responsibilities: Enterprise OPM

An index to determine vulnerability of communities in a coastal zone: a case study of Baler, Aurora, Philippines.

PubMed

Orencio, Pedcris M; Fujii, Masahiko

2013-02-01

A coastal community vulnerability index (CCVI) was constructed to evaluate the vulnerability of coastal communities (Buhangin, Pingit, Reserva, Sabang, and Zabali) in the municipality of Baler, Aurora, Philippines. This index was composed of weighted averages of seven vulnerability factors namely geographical, economic and livelihood, food security, environmental, policy and institutional, demographic, and capital good. Factor values were computed based on scores that described range of conditions that influence communities' susceptibility to hazard effects. Among the factors evaluated, economic and livelihood, policy and institutional and food security contributed to CCVI across communities. Only small variations on CCVI values (i.e., 0.47-0.53) were observed as factor values cancelled out one another during combination process. Overall, Sabang received the highest CCVI, which was contributed mainly by geographical and demographic factors. This technique to determine factors that influenced communities' vulnerability can provide information for local governments in enhancing policies on risk mitigation and adaptation.

A game-theoretical approach to multimedia social networks security.

PubMed

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

A Game-Theoretical Approach to Multimedia Social Networks Security

PubMed Central

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

Leadership Matters: Prime Minister Koizumi’s Role in the Normalization of Japan’s Post-9/11 Security Policy

DTIC Science & Technology

2008-12-01

normalization of Japan’s post-9/11 security policy and discuss why it took his specific brand of leadership to allow Japan’s security policy to...security policy and discuss why it took his specific brand of leadership to allow Japan’s security policy to expand. vi THIS PAGE INTENTIONALLY LEFT...performance will demonstrate that institutional reasons alone will not make the position of prime minister stronger or more effective . The literature

A new preparedness policy for EMS logistics.

PubMed

Lee, Seokcheon

2017-03-01

Response time in emergency medical services (EMS) is defined as the interval for an ambulance to arrive the scene after receipt of a 911 call. When several ambulances are available upon the receipt of a new call, a decision of selecting an ambulance has to be made in an effort to reduce response time. Dispatching the closest unit available is commonly used in practice; however, recently the Preparedness policy was designed that is in a simplistic form yet being capable of securing a long-term efficiency. This research aims to improve the Preparedness policy, resolving several critical issues inherent in the current form of the policy. The new Preparedness policy incorporates a new metric of preparedness based on the notion of centrality and involves a tuning parameter, weight on preparedness, which has to be appropriately chosen according to operational scenario. Computational experiment shows that the new policy significantly improves the former policy robustly in various scenarios.

Policy Framework for Addressing Personal Security Issues Concerning Women and Girls. National Strategy on Community Safety and Crime Prevention.

ERIC Educational Resources Information Center

National Crime Prevention Centre, Ottawa (Ontario).

This document presents a policy framework for improving the personal security of women and girls. The document includes: (1) "Introduction"; (2) "Policy Background" (the concept of personal security, the societal context of women's personal security, consequences of violence for women and girls, long-term policy concern, and…

m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting.

PubMed

Miao, Yinbin; Ma, Jianfeng; Liu, Ximeng; Wei, Fushan; Liu, Zhiquan; Wang, Xu An

2016-11-01

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search via Ciphertext-Policy Attribute-Based Encryption. Formal security analysis proves our scheme is selectively secure against chosen-keyword attack. As a further contribution, we conduct empirical experiments over real-world dataset to show its feasibility and practicality in a broad range of actual scenarios without incurring additional computational burden.

77 FR 63893 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-17

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

78 FR 9431 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2014 CFR

2014-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2012 CFR

2012-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2010 CFR

2010-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2011 CFR

2011-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2013 CFR

2013-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

Insider Alert 1.0 Beta Version

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Robert

2004-02-01

Insider Alert 1.0 Beta Version supports interactive selection and graphical display of data generated by the Sandia Cognitive Framework, which simulates the examination of security data by experts of various specialties. Insider Alert also encompasses the configuration and data files input to the Cognitive Framework for this application. Insider Alert 1.0 Beta Version is a computer program for analyzing data indicative of possible espionage or improper handling of data by employees at Sandia National Laboratories (or other facilities with comparable policies and procedures for managing sensitive information) It prioritizes and displays information for review by security analysts.

Margin and sensitivity methods for security analysis of electric power systems

NASA Astrophysics Data System (ADS)

Greene, Scott L.

Reliable operation of large scale electric power networks requires that system voltages and currents stay within design limits. Operation beyond those limits can lead to equipment failures and blackouts. Security margins measure the amount by which system loads or power transfers can change before a security violation, such as an overloaded transmission line, is encountered. This thesis shows how to efficiently compute security margins defined by limiting events and instabilities, and the sensitivity of those margins with respect to assumptions, system parameters, operating policy, and transactions. Security margins to voltage collapse blackouts, oscillatory instability, generator limits, voltage constraints and line overloads are considered. The usefulness of computing the sensitivities of these margins with respect to interarea transfers, loading parameters, generator dispatch, transmission line parameters, and VAR support is established for networks as large as 1500 buses. The sensitivity formulas presented apply to a range of power system models. Conventional sensitivity formulas such as line distribution factors, outage distribution factors, participation factors and penalty factors are shown to be special cases of the general sensitivity formulas derived in this thesis. The sensitivity formulas readily accommodate sparse matrix techniques. Margin sensitivity methods are shown to work effectively for avoiding voltage collapse blackouts caused by either saddle node bifurcation of equilibria or immediate instability due to generator reactive power limits. Extremely fast contingency analysis for voltage collapse can be implemented with margin sensitivity based rankings. Interarea transfer can be limited by voltage limits, line limits, or voltage stability. The sensitivity formulas presented in this thesis apply to security margins defined by any limit criteria. A method to compute transfer margins by directly locating intermediate events reduces the total number of loadflow iterations required by each margin computation and provides sensitivity information at minimal additional cost. Estimates of the effect of simultaneous transfers on the transfer margins agree well with the exact computations for a network model derived from a portion of the U.S grid. The accuracy of the estimates over a useful range of conditions and the ease of obtaining the estimates suggest that the sensitivity computations will be of practical value.

Managing the technological edge: the UNESCO International Computation Centre and the limits to the transfer of computer technology, 1946-61.

PubMed

Nofre, David

2014-07-01

The spread of the modern computer is assumed to have been a smooth process of technology transfer. This view relies on an assessment of the open circulation of knowledge ensured by the US and British governments in the early post-war years. This article presents new historical evidence that question this view. At the centre of the article lies the ill-fated establishment of the UNESCO International Computation Centre. The project was initially conceived in 1946 to provide advanced computation capabilities to scientists of all nations. It soon became a prize sought by Western European countries like The Netherlands and Italy seeking to speed up their own national research programs. Nonetheless, as the article explains, the US government's limitations on the research function of the future centre resulted in the withdrawal of European support for the project. These limitations illustrate the extent to which US foreign science policy could operate as (stealth) industrial policy to secure a competitive technological advantage and the prospects of US manufacturers in a future European market.

Susceptibility of South Korea to hydrologic extremes affecting the global food system

NASA Astrophysics Data System (ADS)

Puma, M. J.; Chon, S. Y.

2015-12-01

Food security in South Korea is closely linked to trade in the global food system. The country's production of major grains declined from 5.8 million metric tons (mmt) in 1998 to 4.8 mmt in 2014, which coincided with a shift in grain self sufficiency from 43% down to 24% over this same period. Many factors led to these changes, including reductions in domestic agricultural land, governmental policies supporting industry over agriculture, and a push towards trade liberalization. South Korea's self sufficiency is now one of the lowest among Organisation for Economic Co-operation and Development (OECD) countries, leaving it vulnerable to disruptions in the global food system. Here we explore this vulnerability by assessing how global trade disruptions would affect Korea's food security. We impose historical extreme drought and flood events that would possibly affect today's major food producing regions concurrently. Next we compute food supply deficits in South Korea that might result from these events. Our analyses provide a framework for formulating domestic food policies to enhance South Korea's food security in the increasingly fragile global food system.

17 CFR 200.735-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Policy. 200.735-2 Section 200.735-2 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND... Members and Employees of the Commission § 200.735-2 Policy. (a) The Securities and Exchange Commission has...

Network Computing Infrastructure to Share Tools and Data in Global Nuclear Energy Partnership

NASA Astrophysics Data System (ADS)

Kim, Guehee; Suzuki, Yoshio; Teshima, Naoya

CCSE/JAEA (Center for Computational Science and e-Systems/Japan Atomic Energy Agency) integrated a prototype system of a network computing infrastructure for sharing tools and data to support the U.S. and Japan collaboration in GNEP (Global Nuclear Energy Partnership). We focused on three technical issues to apply our information process infrastructure, which are accessibility, security, and usability. In designing the prototype system, we integrated and improved both network and Web technologies. For the accessibility issue, we adopted SSL-VPN (Security Socket Layer-Virtual Private Network) technology for the access beyond firewalls. For the security issue, we developed an authentication gateway based on the PKI (Public Key Infrastructure) authentication mechanism to strengthen the security. Also, we set fine access control policy to shared tools and data and used shared key based encryption method to protect tools and data against leakage to third parties. For the usability issue, we chose Web browsers as user interface and developed Web application to provide functions to support sharing tools and data. By using WebDAV (Web-based Distributed Authoring and Versioning) function, users can manipulate shared tools and data through the Windows-like folder environment. We implemented the prototype system in Grid infrastructure for atomic energy research: AEGIS (Atomic Energy Grid Infrastructure) developed by CCSE/JAEA. The prototype system was applied for the trial use in the first period of GNEP.

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

A new security model for collaborative environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Agarwal, Deborah; Lorch, Markus; Thompson, Mary

Prevalent authentication and authorization models for distributed systems provide for the protection of computer systems and resources from unauthorized use. The rules and policies that drive the access decisions in such systems are typically configured up front and require trust establishment before the systems can be used. This approach does not work well for computer software that moderates human-to-human interaction. This work proposes a new model for trust establishment and management in computer systems supporting collaborative work. The model supports the dynamic addition of new users to a collaboration with very little initial trust placed into their identity and supportsmore » the incremental building of trust relationships through endorsements from established collaborators. It also recognizes the strength of a users authentication when making trust decisions. By mimicking the way humans build trust naturally the model can support a wide variety of usage scenarios. Its particular strength lies in the support for ad-hoc and dynamic collaborations and the ubiquitous access to a Computer Supported Collaboration Workspace (CSCW) system from locations with varying levels of trust and security.« less

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Dynamic Enforcement of Knowledge-based Security Policies

DTIC Science & Technology

2011-04-05

foster and maintain relationships by sharing information with friends and fans. These services store users’ personal information and use it to customize...Facebook selects ads based on age, gender, and even sexual preference [2]. Unfortunately, once personal information is collected, users have limited...could use a storage server (e.g., running on their home network) that handles personal † University of Maryland, Department of Computer Science

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

[Information security in health care].

PubMed

Ködmön, József; Csajbók, Zoltán Ernő

2015-07-05

Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

Considerations When Including Students with Disabilities in Test Security Policies. NCEO Policy Directions. Number 23

ERIC Educational Resources Information Center

Lazarus, Sheryl; Thurlow, Martha

2015-01-01

Sound test security policies and procedures are needed to ensure test security and confidentiality, and to help prevent cheating. In this era when cheating on tests draws regular media attention, there is a need for thoughtful consideration of the ways in which possible test security measures may affect accessibility for some students with…

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

The INDIGO-Datacloud Authentication and Authorization Infrastructure

NASA Astrophysics Data System (ADS)

Ceccanti, A.; Hardt, M.; Wegh, B.; Millar, AP; Caberletti, M.; Vianello, E.; Licehammer, S.

2017-10-01

Contemporary distributed computing infrastructures (DCIs) are not easily and securely accessible by scientists. These computing environments are typically hard to integrate due to interoperability problems resulting from the use of different authentication mechanisms, identity negotiation protocols and access control policies. Such limitations have a big impact on the user experience making it hard for user communities to port and run their scientific applications on resources aggregated from multiple providers. The INDIGO-DataCloud project wants to provide the services and tools needed to enable a secure composition of resources from multiple providers in support of scientific applications. In order to do so, a common AAI architecture has to be defined that supports multiple authentication mechanisms, support delegated authorization across services and can be easily integrated in off-the-shelf software. In this contribution we introduce the INDIGO Authentication and Authorization Infrastructure, describing its main components and their status and how authentication, delegation and authorization flows are implemented across services.

Cyber-Security Issues in Healthcare Information Technology.

PubMed

Langer, Steve G

2017-02-01

In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

PRINCESS: Privacy-protecting Rare disease International Network Collaboration via Encryption through Software guard extensionS

PubMed Central

Chen, Feng; Wang, Shuang; Jiang, Xiaoqian; Ding, Sijie; Lu, Yao; Kim, Jihoon; Sahinalp, S. Cenk; Shimizu, Chisato; Burns, Jane C.; Wright, Victoria J.; Png, Eileen; Hibberd, Martin L.; Lloyd, David D.; Yang, Hai; Telenti, Amalio; Bloss, Cinnamon S.; Fox, Dov; Lauter, Kristin; Ohno-Machado, Lucila

2017-01-01

Abstract Motivation: We introduce PRINCESS, a privacy-preserving international collaboration framework for analyzing rare disease genetic data that are distributed across different continents. PRINCESS leverages Software Guard Extensions (SGX) and hardware for trustworthy computation. Unlike a traditional international collaboration model, where individual-level patient DNA are physically centralized at a single site, PRINCESS performs a secure and distributed computation over encrypted data, fulfilling institutional policies and regulations for protected health information. Results: To demonstrate PRINCESS’ performance and feasibility, we conducted a family-based allelic association study for Kawasaki Disease, with data hosted in three different continents. The experimental results show that PRINCESS provides secure and accurate analyses much faster than alternative solutions, such as homomorphic encryption and garbled circuits (over 40 000× faster). Availability and Implementation: https://github.com/achenfengb/PRINCESS_opensource Contact: shw070@ucsd.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:28065902

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

Health Security and Risk Aversion.

PubMed

Herington, Jonathan

2016-09-01

Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

32 CFR 148.5 - Identification of the security policy board.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and Inspections of Facilities § 148.5 Identification of the security policy board. Agencies...

32 CFR 148.5 - Idenfification of the security policy board.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and Inspections of Facilities § 148.5 Idenfification of the security policy board. Agencies...

32 CFR 148.5 - Identification of the security policy board.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and Inspections of Facilities § 148.5 Identification of the security policy board. Agencies...

32 CFR 148.5 - Idenfification of the security policy board.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and Inspections of Facilities § 148.5 Idenfification of the security policy board. Agencies...

32 CFR 148.5 - Identification of the security policy board.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and Inspections of Facilities § 148.5 Identification of the security policy board. Agencies...

Financial forecasts accuracy in Brazil's social security system.

PubMed

Silva, Carlos Patrick Alves da; Puty, Claudio Alberto Castelo Branco; Silva, Marcelino Silva da; Carvalho, Solon Venâncio de; Francês, Carlos Renato Lisboa

2017-01-01

Long-term social security statistical forecasts produced and disseminated by the Brazilian government aim to provide accurate results that would serve as background information for optimal policy decisions. These forecasts are being used as support for the government's proposed pension reform that plans to radically change the Brazilian Constitution insofar as Social Security is concerned. However, the reliability of official results is uncertain since no systematic evaluation of these forecasts has ever been published by the Brazilian government or anyone else. This paper aims to present a study of the accuracy and methodology of the instruments used by the Brazilian government to carry out long-term actuarial forecasts. We base our research on an empirical and probabilistic analysis of the official models. Our empirical analysis shows that the long-term Social Security forecasts are systematically biased in the short term and have significant errors that render them meaningless in the long run. Moreover, the low level of transparency in the methods impaired the replication of results published by the Brazilian Government and the use of outdated data compromises forecast results. In the theoretical analysis, based on a mathematical modeling approach, we discuss the complexity and limitations of the macroeconomic forecast through the computation of confidence intervals. We demonstrate the problems related to error measurement inherent to any forecasting process. We then extend this exercise to the computation of confidence intervals for Social Security forecasts. This mathematical exercise raises questions about the degree of reliability of the Social Security forecasts.

Financial forecasts accuracy in Brazil’s social security system

PubMed Central

2017-01-01

Long-term social security statistical forecasts produced and disseminated by the Brazilian government aim to provide accurate results that would serve as background information for optimal policy decisions. These forecasts are being used as support for the government’s proposed pension reform that plans to radically change the Brazilian Constitution insofar as Social Security is concerned. However, the reliability of official results is uncertain since no systematic evaluation of these forecasts has ever been published by the Brazilian government or anyone else. This paper aims to present a study of the accuracy and methodology of the instruments used by the Brazilian government to carry out long-term actuarial forecasts. We base our research on an empirical and probabilistic analysis of the official models. Our empirical analysis shows that the long-term Social Security forecasts are systematically biased in the short term and have significant errors that render them meaningless in the long run. Moreover, the low level of transparency in the methods impaired the replication of results published by the Brazilian Government and the use of outdated data compromises forecast results. In the theoretical analysis, based on a mathematical modeling approach, we discuss the complexity and limitations of the macroeconomic forecast through the computation of confidence intervals. We demonstrate the problems related to error measurement inherent to any forecasting process. We then extend this exercise to the computation of confidence intervals for Social Security forecasts. This mathematical exercise raises questions about the degree of reliability of the Social Security forecasts. PMID:28859172

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

Library and Archival Security: Policies and Procedures To Protect Holdings from Theft and Damage.

ERIC Educational Resources Information Center

Trinkaus-Randall, Gregor

1998-01-01

Firm policies and procedures that address the environment, patron/staff behavior, general attitude, and care and handling of materials need to be at the core of the library/archival security program. Discussion includes evaluating a repository's security needs, collections security, security in non-public areas, security in the reading room,…

10 CFR 706.10 - Policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Policy. 706.10 Section 706.10 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies and Procedures in National Labor Relations Board Proceedings § 706.10 Policy. It is policy of DOE that NLRB cases falling...

10 CFR 706.10 - Policy.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Policy. 706.10 Section 706.10 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies and Procedures in National Labor Relations Board Proceedings § 706.10 Policy. It is policy of DOE that NLRB cases falling...

Homeland Security and Information.

ERIC Educational Resources Information Center

Relyea, Harold C.

2002-01-01

Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

Diplomatic Security: State Department Should Better Manage Risks to Residences and Other Soft Targets Overseas

DTIC Science & Technology

2015-07-09

Page ii GAO-15-700 Diplomatic Security Figure 2: Time Frames for Updates to Overseas Security Policy Board Residential Security...Standards since 2005 14 Abbreviations ARB Accountability Review Board DS Bureau of Diplomatic Security DS/C DS Directorate...Overseas Buildings Operations OSPB Overseas Security Policy Board RSO Regional Security Officer State Department of State This is a work of

77 FR 34411 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-11

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION National Industrial Security Program Policy Advisory... CFR 101-6, announcement is made for the following committee meeting. To discuss National Industrial Security Program policy matters. DATES: This meeting will be held on Wednesday, July 11, 2012 from 10:00 a...

Under Secretary of Defense for Policy > Home

Science.gov Websites

Weapons of Mass Destruction Cyber Policy Space Policy ASD for International Security Affairs ASD for collapse content Assistant Secretary of Defense Robert Karem ASD for International Security Affairs Randall Assistant Secretary of Defense Katie Wheelbarger PDASD for International Security Affairs David Helvey PDASD

41 CFR 102-192.80 - How do we develop written security policies and plans?

Code of Federal Regulations, 2014 CFR

2014-01-01

... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...

41 CFR 102-192.80 - How do we develop written security policies and plans?

Code of Federal Regulations, 2013 CFR

2013-07-01

... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...

41 CFR 102-192.80 - How do we develop written security policies and plans?

Code of Federal Regulations, 2012 CFR

2012-01-01

... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...

41 CFR 102-192.80 - How do we develop written security policies and plans?

Code of Federal Regulations, 2011 CFR

2011-01-01

... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...

Biofuels and Food Security. A report by the High Level Panel of Experts on Food Security and Nutrition

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

In October 2011, the UN Committee on World Food Security (CFS) recommended a ''review of biofuels policies -- where applicable and if necessary -- according to balanced science-based assessments of the opportunities and challenges that they may represent for food security so that biofuels can be produced where it is socially, economically and environmentally feasible to do so''. In line with this, the CFS requested the HLPE (High Level Panel of Experts) to ''conduct a science-based comparative literature analysis taking into consideration the work produced by the FAO and Global Bioenergy Partnership (GBEP) of the positive and negative effects ofmore » biofuels on food security''. Recommendations from the report include the following. Food security policies and biofuel policies cannot be separated because they mutually interact. Food security and the right to food should be priority concerns in the design of any biofuel policy. Governments should adopt the principle: biofuels shall not compromise food security and therefore should be managed so that food access or the resources necessary for the production of food, principally land, biodiversity, water and labour are not put at risk. The CFS should undertake action to ensure that this principle is operable in the very varied contexts in which all countries find themselves. Given the trend to the emergence of a global biofuels market, and a context moving from policy-driven to market-driven biofuels, there is an urgent need for close and pro-active coordination of food security, biofuel/bioenergy policies and energy policies, at national and international levels, as well as rapid response mechanisms in case of crisis. There is also an urgent need to create an enabling, responsible climate for food and non-food investments compatible with food security. The HLPE recommends that governments adopt a coordinated food security and energy security strategy, which would require articulation around the following five axes/dimensions: Adapt to the change to global, market-driven dynamics; Address the land, water and resource implications of biofuel policies; Foster the transition from biofuels to comprehensive food-energy policies; Promote research and development; and, Develop methods and guidelines for coordinated food, Biofuels, and bio-energy policies at national and international levels.« less

A Model of Managerial Effectiveness in Information Security: From Grounded Theory to Empirical Test

DTIC Science & Technology

2005-09-13

to observe employee performance (George, 1996) and encourage policy adherence ( Ariss , 2002) have been studied. While the published academic...for excessive monitoring ( Ariss , 2002). Managers have a key role to play in designing monitoring and enforcement systems that are effective yet not... Ariss , S. S. (2002). Computer Monitoring: Benefits and Pitfalls Facing Management. Information & Management, 39(7), 553-558. Armstrong, C. P

A keyword searchable attribute-based encryption scheme with attribute update for cloud storage.

PubMed

Wang, Shangping; Ye, Jian; Zhang, Yaling

2018-01-01

Ciphertext-policy attribute-based encryption (CP-ABE) scheme is a new type of data encryption primitive, which is very suitable for data cloud storage for its fine-grained access control. Keyword-based searchable encryption scheme enables users to quickly find interesting data stored in the cloud server without revealing any information of the searched keywords. In this work, we provide a keyword searchable attribute-based encryption scheme with attribute update for cloud storage, which is a combination of attribute-based encryption scheme and keyword searchable encryption scheme. The new scheme supports the user's attribute update, especially in our new scheme when a user's attribute need to be updated, only the user's secret key related with the attribute need to be updated, while other user's secret key and the ciphertexts related with this attribute need not to be updated with the help of the cloud server. In addition, we outsource the operation with high computation cost to cloud server to reduce the user's computational burden. Moreover, our scheme is proven to be semantic security against chosen ciphertext-policy and chosen plaintext attack in the general bilinear group model. And our scheme is also proven to be semantic security against chosen keyword attack under bilinear Diffie-Hellman (BDH) assumption.

A keyword searchable attribute-based encryption scheme with attribute update for cloud storage

PubMed Central

Wang, Shangping; Zhang, Yaling

2018-01-01

Ciphertext-policy attribute-based encryption (CP-ABE) scheme is a new type of data encryption primitive, which is very suitable for data cloud storage for its fine-grained access control. Keyword-based searchable encryption scheme enables users to quickly find interesting data stored in the cloud server without revealing any information of the searched keywords. In this work, we provide a keyword searchable attribute-based encryption scheme with attribute update for cloud storage, which is a combination of attribute-based encryption scheme and keyword searchable encryption scheme. The new scheme supports the user's attribute update, especially in our new scheme when a user's attribute need to be updated, only the user's secret key related with the attribute need to be updated, while other user's secret key and the ciphertexts related with this attribute need not to be updated with the help of the cloud server. In addition, we outsource the operation with high computation cost to cloud server to reduce the user's computational burden. Moreover, our scheme is proven to be semantic security against chosen ciphertext-policy and chosen plaintext attack in the general bilinear group model. And our scheme is also proven to be semantic security against chosen keyword attack under bilinear Diffie-Hellman (BDH) assumption. PMID:29795577

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the...) Safeguarding national security information. Some official information within the Federal Government is directly..., therefore, be subject to security constraints, and limited in term of its distribution. (b) Exemption from...

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-2014-001] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 8, 2013. ISOO...

[Goals in the discussion of old age insurance - a sketch].

PubMed

Schmähl, W

1980-01-01

In the Federal Republic of Germany often the discussion on social policy deals with instruments, yet seldom with goals to be realised. Scientific work on goals for old-age security policy is just starting. In this article the importance of distinctly defined goals is shown for rational economic and social policy, for an assessment of the existing situation, for a goal oriented selection and formation of measures and for success control. With reference to distributive goals in old-age security policy it is exemplified in which way scientific work can be helpful in defining goals in an operationalised form. For this it is important to deal with several distributive aspects, which are often mixed in discussions. As measures in one area of economic and social policy cannot be taken isolated, in order to avoid unwanted consequences, it is necessary for old-age security policies too, to take into consideration a general system of economic and social policy goals. As an example, it must be stated that e.g. aspects of business cycle and growth policy have to be considered while constructing a system of old-age security. Finally, some other criteria for old-age security policies, such as transparence, political feasibility and practicability are mentioned.

Required Security Screenings for Researchers: A Policy Analysis and Commentary

ERIC Educational Resources Information Center

Zucker, Andrew A.

2011-01-01

After the attacks of 9/11/2001 the federal government implemented new policies intended to protect people and institutions in the United States. A surprising policy requires education researchers conducting research under contract to the U.S. Department of Education (ED) to obtain security clearances, sometimes known as security screenings.…

78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-13-0030] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, July 12, 2013. ISOO will...

Are social security policies for Chinese landless farmers really effective on health in the process of Chinese rapid urbanization? a study on the effect of social security policies for Chinese landless farmers on their health-related quality of life

PubMed Central

2014-01-01

Background The continuing urbanization in China has resulted in a loss of land and rights among farmers. The social security of landless farmers has attracted considerable research attention. However, only few studies measure the health-related quality of life (HRQOL) of landless farmers by employing scientific standardized scales. By using five-dimensional European quality of life (EQ-5D) scales, this study measures the HRQOL of landless farmers from a new perspective and examines how the social security policies affect their HRQOL. Methods This study is based on a 2013 household survey that has been conducted among 1,500 landless famers who are residing in six resettlement areas in three cities within the Yangtze River Delta region, namely, Nanjing, Hangzhou, and Yangzhou. This study adopts EQ-5D scales to measure the HRQOL of these farmers. More than 50% of the respondents are in poor or non-serious health conditions, and over 50% are not satisfied with their current social security policies. The health conditions and social security policies are analyzed by multinomial regression analysis and the relationship between these two factors are analyzed via structural equation modeling (SEM). Results First, the descriptive statistical analysis shows that more than 50% of the respondents are in poor or non-serious health conditions, and that the largest proportion of these farmers are suffering from anxiety or depression, which is the most serious of the five dimensions. Second, multinomial regression analysis shows that the satisfaction of landless farmers with their social security policies improves their living conditions, particularly in their capacity for self-care, in their ability to perform daily activities, and in the reduction of pain, anxiety, and depression. Third, SEM model analysis shows that the satisfaction of landless farmers with their social security policies positively influences their HRQOL. Among the five dimensions of EQ-5D, daily activities produce the greatest influence on the HRQOL of landless farmers. As regards social security policies, the land acquisition compensation policy and the employment security policy produce the greatest and weakest influences on the HRQOL of landless farmers, respectively. Conclusions The rapid urbanization in China has deprived many farmers of their lands and of the benefits of urbanization. These farmers are often in a disadvantaged position in the land acquisition process. Statistic analysis in this paper shows that the satisfaction of landless farmers with their social security policies positively influences their HRQOL. The implementation and improvement of social security policies is very important for the long-term and sustainable development of these landless farmers. PMID:24433258

Are social security policies for Chinese landless farmers really effective on health in the process of Chinese rapid urbanization? A study on the effect of social security policies for Chinese landless farmers on their health-related quality of life.

PubMed

Liang, Ying; Lu, Wanyi; Wu, Wei

2014-01-15

The continuing urbanization in China has resulted in a loss of land and rights among farmers. The social security of landless farmers has attracted considerable research attention. However, only few studies measure the health-related quality of life (HRQOL) of landless farmers by employing scientific standardized scales. By using five-dimensional European quality of life (EQ-5D) scales, this study measures the HRQOL of landless farmers from a new perspective and examines how the social security policies affect their HRQOL. This study is based on a 2013 household survey that has been conducted among 1,500 landless famers who are residing in six resettlement areas in three cities within the Yangtze River Delta region, namely, Nanjing, Hangzhou, and Yangzhou. This study adopts EQ-5D scales to measure the HRQOL of these farmers. More than 50% of the respondents are in poor or non-serious health conditions, and over 50% are not satisfied with their current social security policies. The health conditions and social security policies are analyzed by multinomial regression analysis and the relationship between these two factors are analyzed via structural equation modeling (SEM). First, the descriptive statistical analysis shows that more than 50% of the respondents are in poor or non-serious health conditions, and that the largest proportion of these farmers are suffering from anxiety or depression, which is the most serious of the five dimensions. Second, multinomial regression analysis shows that the satisfaction of landless farmers with their social security policies improves their living conditions, particularly in their capacity for self-care, in their ability to perform daily activities, and in the reduction of pain, anxiety, and depression. Third, SEM model analysis shows that the satisfaction of landless farmers with their social security policies positively influences their HRQOL. Among the five dimensions of EQ-5D, daily activities produce the greatest influence on the HRQOL of landless farmers. As regards social security policies, the land acquisition compensation policy and the employment security policy produce the greatest and weakest influences on the HRQOL of landless farmers, respectively. The rapid urbanization in China has deprived many farmers of their lands and of the benefits of urbanization. These farmers are often in a disadvantaged position in the land acquisition process. Statistic analysis in this paper shows that the satisfaction of landless farmers with their social security policies positively influences their HRQOL. The implementation and improvement of social security policies is very important for the long-term and sustainable development of these landless farmers.

Performance optimization of internet firewalls

NASA Astrophysics Data System (ADS)

Chiueh, Tzi-cker; Ballman, Allen

1997-01-01

Internet firewalls control the data traffic in and out of an enterprise network by checking network packets against a set of rules that embodies an organization's security policy. Because rule checking is computationally more expensive than routing-table look-up, it could become a potential bottleneck for scaling up the performance of IP routers, which typically implement firewall functions in software. in this paper, we analyzed the performance problems associated with firewalls, particularly packet filters, propose a good connection cache to amortize the costly security check over the packets in a connection, and report the preliminary performance results of a trace-driven simulation that show the average packet check time can be reduced by a factor of 2.5 at the least.

10 CFR 706.10 - Policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies and Procedures in... within the scope of the Labor Management Relations Act at the various DOE installations should be... published decisions. This policy does not preclude adoption of special arrangements which may be required...

50 CFR 540.1 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 50 Wildlife and Fisheries 9 2011-10-01 2011-10-01 false Policy. 540.1 Section 540.1 Wildlife and Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.1 Policy. It is the policy of the Marine... security information. [44 FR 55381, Sept. 26, 1979] ...

50 CFR 540.1 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 50 Wildlife and Fisheries 7 2010-10-01 2010-10-01 false Policy. 540.1 Section 540.1 Wildlife and Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.1 Policy. It is the policy of the Marine... security information. [44 FR 55381, Sept. 26, 1979] ...

Making Computing on Encrypted Data Secure and Practical

DTIC Science & Technology

2013-06-01

with SAF/AQR memorandum dated 10 Dec 08 and AFRL/ CA policy clarification memorandum dated 16 Jan 09. This report is available to the general public...control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (DD-MM-YYYY) JUNE 2013 2 . REPORT TYPE FINAL TECHNICAL REPORT 3...150 Irvine, CA 92697 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) Air Force Research

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

A Portable Computer Security Workshop

ERIC Educational Resources Information Center

Wagner, Paul J.; Phillips, Andrew T.

2006-01-01

We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

CP-ABE Based Privacy-Preserving User Profile Matching in Mobile Social Networks

PubMed Central

Cui, Weirong; Du, Chenglie; Chen, Jinchao

2016-01-01

Privacy-preserving profile matching, a challenging task in mobile social networks, is getting more attention in recent years. In this paper, we propose a novel scheme that is based on ciphertext-policy attribute-based encryption to tackle this problem. In our scheme, a user can submit a preference-profile and search for users with matching-profile in decentralized mobile social networks. In this process, no participant’s profile and the submitted preference-profile is exposed. Meanwhile, a secure communication channel can be established between the pair of successfully matched users. In contrast to existing related schemes which are mainly based on the secure multi-party computation, our scheme can provide verifiability (both the initiator and any unmatched user cannot cheat each other to pretend to be matched), and requires few interactions among users. We provide thorough security analysis and performance evaluation on our scheme, and show its advantages in terms of security, efficiency and usability over state-of-the-art schemes. PMID:27337001

CP-ABE Based Privacy-Preserving User Profile Matching in Mobile Social Networks.

PubMed

Cui, Weirong; Du, Chenglie; Chen, Jinchao

2016-01-01

Privacy-preserving profile matching, a challenging task in mobile social networks, is getting more attention in recent years. In this paper, we propose a novel scheme that is based on ciphertext-policy attribute-based encryption to tackle this problem. In our scheme, a user can submit a preference-profile and search for users with matching-profile in decentralized mobile social networks. In this process, no participant's profile and the submitted preference-profile is exposed. Meanwhile, a secure communication channel can be established between the pair of successfully matched users. In contrast to existing related schemes which are mainly based on the secure multi-party computation, our scheme can provide verifiability (both the initiator and any unmatched user cannot cheat each other to pretend to be matched), and requires few interactions among users. We provide thorough security analysis and performance evaluation on our scheme, and show its advantages in terms of security, efficiency and usability over state-of-the-art schemes.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

17 CFR 239.17c - Form N-6, registration statement for separate accounts organized as unit investment trusts that...

Code of Federal Regulations, 2010 CFR

2010-04-01

... insurance policies. Form N-6 shall be used for registration under the Securities Act of 1933 of securities... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Form N-6, registration... policies. 239.17c Section 239.17c Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION...

47 CFR 202.1 - Policies.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 5 2010-10-01 2010-10-01 false Policies. 202.1 Section 202.1 Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND EMERGENCY... Office of Science and Technology Policy is the single point of authority within the Federal Government...

47 CFR 202.1 - Policies.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 47 Telecommunication 5 2011-10-01 2011-10-01 false Policies. 202.1 Section 202.1 Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND EMERGENCY... Office of Science and Technology Policy is the single point of authority within the Federal Government...

47 CFR 202.1 - Policies.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 47 Telecommunication 5 2012-10-01 2012-10-01 false Policies. 202.1 Section 202.1 Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND EMERGENCY... Office of Science and Technology Policy is the single point of authority within the Federal Government...

47 CFR 202.1 - Policies.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 47 Telecommunication 5 2013-10-01 2013-10-01 false Policies. 202.1 Section 202.1 Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND EMERGENCY... Office of Science and Technology Policy is the single point of authority within the Federal Government...

47 CFR 202.1 - Policies.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 47 Telecommunication 5 2014-10-01 2014-10-01 false Policies. 202.1 Section 202.1 Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND EMERGENCY... Office of Science and Technology Policy is the single point of authority within the Federal Government...

CORBASec Used to Secure Distributed Aerospace Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

The NASA Glenn Research Center and its industry partners are developing a Common Object Request Broker (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines. It was developed by Glenn and is being managed by the NASA Ames Research Center as the lead center reporting directly to NASA Headquarters' Aerospace Technology Enterprise. Glenn is an active domain member of the Object Management Group: an open membership, not-for-profit consortium that produces and manages computer industry specifications (i.e., CORBA) for interoperable enterprise applications. When NPSS is deployed, it will assemble a distributed aerospace propulsion simulation scenario from proprietary analytical CORBA servers and execute them with security afforded by the CORBASec implementation. The NPSS CORBASec test bed was initially developed with the TPBroker Security Service product (Hitachi Computer Products (America), Inc., Waltham, MA) using the Object Request Broker (ORB), which is based on the TPBroker Basic Object Adaptor, and using NPSS software across different firewall products. The test bed has been migrated to the Portable Object Adaptor architecture using the Hitachi Security Service product based on the VisiBroker 4.x ORB (Borland, Scotts Valley, CA) and on the Orbix 2000 ORB (Dublin, Ireland, with U.S. headquarters in Waltham, MA). Glenn, GE Aircraft Engines, and Pratt & Whitney Aircraft are the initial industry partners contributing to the NPSS CORBASec test bed. The test bed uses Security SecurID (RSA Security Inc., Bedford, MA) two-factor token-based authentication together with Hitachi Security Service digital-certificate-based authentication to validate the various NPSS users. The test bed is expected to demonstrate NPSS CORBASec-specific policy functionality, confirm adequate performance, and validate the required Internet configuration in a distributed collaborative aerospace propulsion environment.

Russian Stance in the Caucasus and the National Security Strategy of Georgia

DTIC Science & Technology

2005-06-01

12, 2005) 10 Marcel de Haas, “The Development of Russia’s Security Policy, 1992-2002,” in: Russian Military Reform 1992-2002, ed. Anne C. Aldis...positive tendencies in the world.14 12Marcel de Haas, “The Development of Russia’s Security Policy, 1992-2002,” in: Russian Military Reform 1992...Development of Russia’s Security Policy, 1992-2002,” in: Russian Military Reform 1992-2002, ed. Anne C. Aldis, Roger N. McDermott, 13- 18 (London, Portland

Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

ERIC Educational Resources Information Center

Mutchler, Leigh Ann

2012-01-01

The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

Policy in Conflict: The Struggle Between Environmental Policy and Homeland Security Goals

DTIC Science & Technology

2013-09-01

security by reducing consumption in the most important petroleum consuming sector, that of automobile transportation. Some U.S. oil dollars may be...sustainable energy security by reducing consumption in the most important petroleum consuming sector, that of automobile transportation. Some U.S...39  A.  POLICY CHOICES............................................................................. 39  B.  WHY IS THIS PROBLEM IMPORTANT

Reflecting on the ethical administration of computerized medical records

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.

1995-05-01

This presentation examines the ethical issues raised by computerized image management and communication systems (IMAC), the ethical principals that should guide development of policies, procedures and practices for IMACS systems, and who should be involved in developing a hospital's approach to these issues. The ready access of computerized records creates special hazards of which hospitals must beware. Hospitals must maintain confidentiality of patient's records while making records available to authorized users as efficiently as possible. The general conditions of contemporary health care undermine protecting the confidentiality of patient record. Patients may not provide health care institutions with information about themselves under conditions of informed consent. The field of information science must design sophisticated systems of computer security that stratify access, create audit trails on data changes and system use, safeguard patient data from corruption, and protect the databases from outside invasion. Radiology professionals must both work with information science experts in their own hospitals to create institutional safeguards and include the adequacy of security measures as a criterion for evaluating PACS systems. New policies and procedures on maintaining computerized patient records must be developed that obligate all members of the health care staff, not just care givers. Patients must be informed about the existence of computerized medical records, the rules and practices that govern their dissemination and given the opportunity to give or withhold consent for their use. Departmental and hospital policies on confidentiality should be reviewed to determine if revisions are necessary to manage computer-based records. Well developed discussions of the ethical principles and administrative policies on confidentiality and informed consent and of the risks posed by computer-based patient records systems should be included in initial and continuing staff system training. Administration should develop ways to monitor staff compliance with confidentiality policies and should assess diligence in maintaining patient record confidentiality as part of staff annual performance evaluations. Ethical management of IMAC systems is the business of all members of the health care team. Computerized patient records management (including IMAC) should be scrutinized as any other clinical medial ethical issue. If hospitals include these processes in their planning for RIS, IMACS, and HIS systems, they should have time to develop institutional expertise on these questions before and as systems are installed rather than only as ethical dilemmas develop during their use.

78 FR 30800 - Reopening of Comment Periods for Certain Proposed Rulemaking Releases and Policy Statements...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-23

..., among other things: (1) The registration and comprehensive oversight of security-based swap dealers and... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 240, 242, and 249 [Release No. 34-69491; File Nos... Releases and Policy Statements Applicable to Security-Based Swaps AGENCY: Securities and Exchange...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

Is Brain Emulation Dangerous?

NASA Astrophysics Data System (ADS)

Eckersley, Peter; Sandberg, Anders

2013-12-01

Brain emulation is a hypothetical but extremely transformative technology which has a non-zero chance of appearing during the next century. This paper investigates whether such a technology would also have any predictable characteristics that give it a chance of being catastrophically dangerous, and whether there are any policy levers which might be used to make it safer. We conclude that the riskiness of brain emulation probably depends on the order of the preceding research trajectory. Broadly speaking, it appears safer for brain emulation to happen sooner, because slower CPUs would make the technology`s impact more gradual. It may also be safer if brains are scanned before they are fully understood from a neuroscience perspective, thereby increasing the initial population of emulations, although this prediction is weaker and more scenario-dependent. The risks posed by brain emulation also seem strongly connected to questions about the balance of power between attackers and defenders in computer security contests. If economic property rights in CPU cycles1 are essentially enforceable, emulation appears to be comparatively safe; if CPU cycles are ultimately easy to steal, the appearance of brain emulation is more likely to be a destabilizing development for human geopolitics. Furthermore, if the computers used to run emulations can be kept secure, then it appears that making brain emulation technologies ―open‖ would make them safer. If, however, computer insecurity is deep and unavoidable, openness may actually be more dangerous. We point to some arguments that suggest the former may be true, tentatively implying that it would be good policy to work towards brain emulation using open scientific methodology and free/open source software codebases

32 CFR 155.4 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Policy. 155.4 Section 155.4 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEFENSE INDUSTRIAL PERSONNEL SECURITY CLEARANCE PROGRAM § 155.4 Policy. It is DoD policy that: (a) All proceedings provided for by this part shall...

32 CFR 155.4 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Policy. 155.4 Section 155.4 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEFENSE INDUSTRIAL PERSONNEL SECURITY CLEARANCE PROGRAM § 155.4 Policy. It is DoD policy that: (a) All proceedings provided for by this part shall...

32 CFR 155.4 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 1 2012-07-01 2012-07-01 false Policy. 155.4 Section 155.4 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEFENSE INDUSTRIAL PERSONNEL SECURITY CLEARANCE PROGRAM § 155.4 Policy. It is DoD policy that: (a) All proceedings provided for by this part shall...

32 CFR 155.4 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 1 2013-07-01 2013-07-01 false Policy. 155.4 Section 155.4 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEFENSE INDUSTRIAL PERSONNEL SECURITY CLEARANCE PROGRAM § 155.4 Policy. It is DoD policy that: (a) All proceedings provided for by this part shall...

17 CFR 202.9 - Small entity enforcement penalty reduction policy.

Code of Federal Regulations, 2010 CFR

2010-04-01

... penalty reduction policy. 202.9 Section 202.9 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION INFORMAL AND OTHER PROCEDURES § 202.9 Small entity enforcement penalty reduction policy. The Commission's policy with respect to whether to reduce or assess civil money penalties against a small entity...

ESnet authentication services and trust federations

NASA Astrophysics Data System (ADS)

Muruganantham, Dhivakaran; Helm, Mike; Genovese, Tony

2005-01-01

ESnet provides authentication services and trust federation support for SciDAC projects, collaboratories, and other distributed computing applications. The ESnet ATF team operates the DOEGrids Certificate Authority, available to all DOE Office of Science programs, plus several custom CAs, including one for the National Fusion Collaboratory and one for NERSC. The secure hardware and software environment developed to support CAs is suitable for supporting additional custom authentication and authorization applications that your program might require. Seamless, secure interoperation across organizational and international boundaries is vital to collaborative science. We are fostering the development of international PKI federations by founding the TAGPMA, the American regional PMA, and the worldwide IGTF Policy Management Authority (PMA), as well as participating in European and Asian regional PMAs. We are investigating and prototyping distributed authentication technology that will allow us to support the "roaming scientist" (distributed wireless via eduroam), as well as more secure authentication methods (one-time password tokens).

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2011 CFR

2011-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

Student Conduct Administrator Knowledge of the Statistical Reporting Obligations of the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act

ERIC Educational Resources Information Center

DeBowes, Michael Matthew

2014-01-01

The "Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act" (the "Clery Act") is a consumer right-to-know law originally passed by Congress in 1900. The law requires colleges and universities receiving federal student aid to publish annually their security-related policies and crime statistics. The…

Awareness-Enabled Coordination

DTIC Science & Technology

2006-04-01

contextualization, policy, team coordination. 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT UNCLASSIFIED 18. SECURITY ...CLASSIFICATION OF THIS PAGE 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT OF ABSTRACT UNCLASSIFIED UNCLASSIFIED UL NSN 7540-01-280... netowrk . Federal Austin FBI DHS CBP BobMary Carol John Alice 1 5 Texas NJ 3 4 1 2 3 4 Xavier Yanni 5 6 2 1 2 4 3 Policy & resource flow n Policies

National Aviation Security Policy, Strategy, and Mode-Specific Plans: Background and Considerations for Congress

DTIC Science & Technology

2009-02-02

aviation security . The approach to aviation security was largely shaped by past events, such as the bombing of Pan Am flight 103 in December 1988, rather...community. Following the September 11, 2001, attacks, U.S. aviation security policy and strategy was closely linked to the changes called for in the...have been considered security sensitive thus limiting public discourse on the DHS strategy for aviation security . However, in June 2006 President

Access control based on attribute certificates for medical intranet applications.

PubMed

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

Mass and Elite Views on Nuclear Security: US National Security Surveys 1993-1999

DOE Office of Scientific and Technical Information (OSTI.GOV)

HERRON,KERRY G.; JENKINS-SMITH,HANK C.; HUGHES,SCOTT D.

This is the fourth report in an ongoing series of studies examining how US perspectives about nuclear security are evolving in the post-Cold War era. In Volume 1 the authors present findings from a nationwide telephone survey of randomly selected members of the US general public conducted from 13 September to 14 October 1999. Results are compared to findings from previous surveys in this series conducted in 1993, 1995, and 1997, and trends are analyzed. Key areas of investigation reported in Volume 1 include evolving perceptions of nuclear weapons risks and benefits, preferences for related policy and spending issues, andmore » views about three emerging issue areas: deterrent utility of precision guided munitions; response options to attacks in which mass casualty weapons are used; and expectations about national missile defenses. In this volume they relate respondent beliefs about nuclear security to perceptions of nuclear risks and benefits and to policy preferences. They develop causal models to partially explain key preferences, and they employ cluster analysis to group respondents into four policy relevant clusters characterized by similar views and preferences about nuclear security within each cluster. Systematic links are found among respondent demographic characteristics, perceptions of nuclear risks and benefits, policy beliefs, and security policy and spending preferences. In Volume 2 they provide analysis of in-depth interviews with fifty members of the US security policy community.« less

Privacy-Preserving Location-Based Service Scheme for Mobile Sensing Data.

PubMed

Xie, Qingqing; Wang, Liangmin

2016-11-25

With the wide use of mobile sensing application, more and more location-embedded data are collected and stored in mobile clouds, such as iCloud, Samsung cloud, etc. Using these data, the cloud service provider (CSP) can provide location-based service (LBS) for users. However, the mobile cloud is untrustworthy. The privacy concerns force the sensitive locations to be stored on the mobile cloud in an encrypted form. However, this brings a great challenge to utilize these data to provide efficient LBS. To solve this problem, we propose a privacy-preserving LBS scheme for mobile sensing data, based on the RSA (for Rivest, Shamir and Adleman) algorithm and ciphertext policy attribute-based encryption (CP-ABE) scheme. The mobile cloud can perform location distance computing and comparison efficiently for authorized users, without location privacy leakage. In the end, theoretical security analysis and experimental evaluation demonstrate that our scheme is secure against the chosen plaintext attack (CPA) and efficient enough for practical applications in terms of user side computation overhead.

PRINCESS: Privacy-protecting Rare disease International Network Collaboration via Encryption through Software guard extensionS.

PubMed

Chen, Feng; Wang, Shuang; Jiang, Xiaoqian; Ding, Sijie; Lu, Yao; Kim, Jihoon; Sahinalp, S Cenk; Shimizu, Chisato; Burns, Jane C; Wright, Victoria J; Png, Eileen; Hibberd, Martin L; Lloyd, David D; Yang, Hai; Telenti, Amalio; Bloss, Cinnamon S; Fox, Dov; Lauter, Kristin; Ohno-Machado, Lucila

2017-03-15

We introduce PRINCESS, a privacy-preserving international collaboration framework for analyzing rare disease genetic data that are distributed across different continents. PRINCESS leverages Software Guard Extensions (SGX) and hardware for trustworthy computation. Unlike a traditional international collaboration model, where individual-level patient DNA are physically centralized at a single site, PRINCESS performs a secure and distributed computation over encrypted data, fulfilling institutional policies and regulations for protected health information. To demonstrate PRINCESS' performance and feasibility, we conducted a family-based allelic association study for Kawasaki Disease, with data hosted in three different continents. The experimental results show that PRINCESS provides secure and accurate analyses much faster than alternative solutions, such as homomorphic encryption and garbled circuits (over 40 000× faster). https://github.com/achenfengb/PRINCESS_opensource. shw070@ucsd.edu. Supplementary data are available at Bioinformatics online. © The Author 2016. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com

Privacy-Preserving Location-Based Service Scheme for Mobile Sensing Data †

PubMed Central

Xie, Qingqing; Wang, Liangmin

2016-01-01

With the wide use of mobile sensing application, more and more location-embedded data are collected and stored in mobile clouds, such as iCloud, Samsung cloud, etc. Using these data, the cloud service provider (CSP) can provide location-based service (LBS) for users. However, the mobile cloud is untrustworthy. The privacy concerns force the sensitive locations to be stored on the mobile cloud in an encrypted form. However, this brings a great challenge to utilize these data to provide efficient LBS. To solve this problem, we propose a privacy-preserving LBS scheme for mobile sensing data, based on the RSA (for Rivest, Shamir and Adleman) algorithm and ciphertext policy attribute-based encryption (CP-ABE) scheme. The mobile cloud can perform location distance computing and comparison efficiently for authorized users, without location privacy leakage. In the end, theoretical security analysis and experimental evaluation demonstrate that our scheme is secure against the chosen plaintext attack (CPA) and efficient enough for practical applications in terms of user side computation overhead. PMID:27897984

Development of a HIPAA-compliant environment for translational research data and analytics.

PubMed

Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

2014-01-01

High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58.

The Future of Mobile Information and Communication Technology in Austere Environments: A Command and Control Technology Integration Perspective

DTIC Science & Technology

2013-03-01

within the Global information Grid ( GiG ) (AFDD6-0, 2011). JP 1-02 describes the GiG : 10 The GIG is the globally interconnected, end-to-end set of...to warfighters, policy makers, and support personnel. The GIG includes all owned and leased communications and computing systems and services...software (including applications), data, security services, and other 19 associated services necessary to achieve information superiority. The GIG

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

Changing Homeland Security: The Year in Review - 2008

DTIC Science & Technology

2009-01-01

new opportunities for terrorist safe havens. The specter of homegrown terrorism has not abated. Naturalized citizens of Somali descent traveled to...34 • The Nature of Homeland Security: Now a Second Tier Policy Issue? • Organizing for Homeland Security: Possible Futures, Emerging Issues • The...emerging definitions of the homeland security mission space in 2009. The Nature of Homeland Security: Now a Second Tier Policy Issue? Has the bar

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 29 Labor 1 2011-07-01 2011-07-01 false Policy. 14.2 Section 14.2 Labor Office of the Secretary of Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the... Information Act (5 U.S.C. 552) and in the current public information policies of the executive branch. (a...

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 29 Labor 1 2012-07-01 2012-07-01 false Policy. 14.2 Section 14.2 Labor Office of the Secretary of Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the... Information Act (5 U.S.C. 552) and in the current public information policies of the executive branch. (a...

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 29 Labor 1 2014-07-01 2013-07-01 true Policy. 14.2 Section 14.2 Labor Office of the Secretary of Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the... Information Act (5 U.S.C. 552) and in the current public information policies of the executive branch. (a...

Measuring Security Effectiveness and Efficiency at U.S. Commercial Airports

DTIC Science & Technology

2013-03-01

formative program evaluation and policy analysis to investigate current airport security programs. It identifies innovative public administration and...policy-analysis tools that could provide potential benefits to airport security . These tools will complement the System Based Risk Management framework if

12 CFR 403.1 - General policies and definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... information requires, in the interest of national security, protection against unauthorized disclosure... SAFEGUARDING OF NATIONAL SECURITY INFORMATION § 403.1 General policies and definitions. (a) This regulation of..., declassification, and safeguarding of national security information and material of the United States. This...

Motives for European Union Common Security and Defense Policy Mission Selection

DTIC Science & Technology

2011-03-01

2 Jolyon Howorth, Security and Defence Policy in the European Union (Basingstoke: Plagrave Macmillan, 2007), 34–35. 3 Giovanni ...Lieber and Alexander 2005). Such “conceptual stretching” ( Sartori 1970) renders “balancing” indistinguishable from “normal diplomatic friction...The Shape of Things to Come,” 511. 55 Giovanni Grevi, Damian Helly, and Daniel Keohane, eds. European Security and Defense Policy: The First Ten Years

National Aviation Security Policy, Strategy, and Mode-Specific Plans: Background and Considerations for Congress

DTIC Science & Technology

2008-01-02

aviation security . The approach to aviation security was largely shaped by past events, such as the bombing of Pan Am flight 103 in December 1988, rather...2001 attacks, U.S. aviation security policy and strategy was closely linked to the changes called for in the Aviation and Transportation Security Act...sensitive thus limiting public discourse on the DHS strategy for aviation security . However, in June 2006 President Bush directed the DHS to establish and

A progress report on UNICOS misuse detection at Los Alamos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thompson, J.L.; Jackson, K.A.; Stallings, C.A.

An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos` UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rules. The expert rules express Los Alamos` security policy and define improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes the implementation to date of the UNICOS component ofmore » NADIR, along with the operational experiences and future plans for the system.« less

48 CFR 3042.1502 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Performance Information 3042.1502 Policy. (a) Components shall use the Contractor Performance System (CPS) for... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Policy. 3042.1502 Section 3042.1502 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY...

47 CFR 202.0 - Objectives.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... services based on national policy/direction. (4) The capability to execute a telecommunications recovery plan based on national policy/guidance. (c) Notwithstanding any provision regarding NS/EP Planning and...

47 CFR 202.0 - Objectives.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... services based on national policy/direction. (4) The capability to execute a telecommunications recovery plan based on national policy/guidance. (c) Notwithstanding any provision regarding NS/EP Planning and...

47 CFR 202.0 - Objectives.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... services based on national policy/direction. (4) The capability to execute a telecommunications recovery plan based on national policy/guidance. (c) Notwithstanding any provision regarding NS/EP Planning and...

47 CFR 202.0 - Objectives.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... services based on national policy/direction. (4) The capability to execute a telecommunications recovery plan based on national policy/guidance. (c) Notwithstanding any provision regarding NS/EP Planning and...

47 CFR 202.0 - Objectives.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... services based on national policy/direction. (4) The capability to execute a telecommunications recovery plan based on national policy/guidance. (c) Notwithstanding any provision regarding NS/EP Planning and...

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

Comparison of computing capability and information system abilities of state hospitals owned by Ministry of Labor and Social Security and Ministry of Health.

PubMed

Tengilimoğlu, Dilaver; Celik, Yusuf; Ulgü, Mahir

2006-08-01

The main purpose of this study is to give an idea to the readers about how big and important the computing and information problems that hospital managers as well as policy makers will face with after collecting the Ministry of Labor and Social Security (MoLSS) and Ministry of Health (MoH) hospitals under single structure in Turkey by comparing the current level of computing capability of hospitals owned by two ministries. The data used in this study were obtained from 729 hospitals that belong to both ministries by using a data collection tool. The results indicate that there have been considerable differences among the hospitals owned by the two ministries in terms of human resources and information systems. The hospital managers and decision makers making their decisions based on the data produced by current hospital information system (HIS) would more likely face very important difficulties after merging MoH and MoLSS hospitals in Turkey. It is also possible to claim that the level and adequacy of computing abilities and devices do not allow the managers of public hospitals to use computer technology effectively in their information management practices. Lack of technical information, undeveloped information culture, inappropriate management styles, and being inexperienced are the main reasons of why HIS does not run properly and effectively in Turkish hospitals.

Infusing Aging and Public Policy Content into Gerontology Courses: Collaborative Learning Methods To Teach about Social Security and Medicare.

ERIC Educational Resources Information Center

Cianciolo, Patricia K.; Henderson, Tammy L.

2003-01-01

Describes modules on Social Security and Medicare for gerontology policy courses. Discusses collaborative exercises in which students explore Internet resources on Social Security and health care finance, identity major concerns about reforms, and enact scenarios about retirees with varying degrees of income and health care security. (Contains 33…

Using K-12 Lessons Learned about How to Balance Accessibility and Test Security to Inform Licensure, Credentialing, and Certification Exam Policies

ERIC Educational Resources Information Center

Lazarus, Sheryl S.; van den Heuvel, Jill R.; Thurlow, Martha L.

2017-01-01

This paper explores how to balance test security and accessibility on licensure, credentialing, and certification exams. It examines K-12 test security policies related to educational assessments across states to discover lessons learned about how to meet accessibility needs of individuals with disabilities while minimizing test security risks. It…

Framework for Flexible Security in Group Communications

NASA Technical Reports Server (NTRS)

McDaniel, Patrick; Prakash, Atul

2006-01-01

The Antigone software system defines a framework for the flexible definition and implementation of security policies in group communication systems. Antigone does not dictate the available security policies, but provides high-level mechanisms for implementing them. A central element of the Antigone architecture is a suite of such mechanisms comprising micro-protocols that provide the basic services needed by secure groups.

An E-Hospital Security Architecture

NASA Astrophysics Data System (ADS)

Tian, Fang; Adams, Carlisle

In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

75 FR 69688 - Agency Information Collection Activities: Regulation on Agency Protests

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... Protests AGENCY: Office of Chief Procurement Officer, Acquisition Policy and Legislation Office, DHS... Department of Homeland Security, Office of Chief Procurement Officer, Acquisition Policy and Legislation..., Acquisition Policy and Legislation Office, DHS Attn.: Camara Francis, Department of Homeland Security, Office...

10 CFR 706.10 - Policy.

Code of Federal Regulations, 2014 CFR

2014-01-01

... SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies and Procedures in... within the scope of the Labor Management Relations Act at the various DOE installations should be conducted in normal fashion whereever possible, on the basis of open hearings, unclassified records and...

10 CFR 706.10 - Policy.

Code of Federal Regulations, 2013 CFR

2013-01-01

... SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies and Procedures in... within the scope of the Labor Management Relations Act at the various DOE installations should be conducted in normal fashion whereever possible, on the basis of open hearings, unclassified records and...

32 CFR 2700.11 - Basic policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... government information with the need to protect certain national security information from disclosure, these... Defense Other Regulations Relating to National Defense OFFICE FOR MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Original Classification § 2700.11 Basic policy. (a) General. It is the policy of OMSN...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

47 CFR 202.2 - Criteria and guidance.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... can best be accomplished by centralized policy development, planning, and broad direction. Detailed... policies, procedures and responsibilities as described in parts 211 and 213 of this chapter. (c) The Nation...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

47 CFR 202.2 - Criteria and guidance.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... can best be accomplished by centralized policy development, planning, and broad direction. Detailed... policies, procedures and responsibilities as described in parts 211 and 213 of this chapter. (c) The Nation...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

47 CFR 202.2 - Criteria and guidance.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... can best be accomplished by centralized policy development, planning, and broad direction. Detailed... policies, procedures and responsibilities as described in parts 211 and 213 of this chapter. (c) The Nation...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

47 CFR 202.2 - Criteria and guidance.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Telecommunication OFFICE OF SCIENCE AND TECHNOLOGY POLICY AND NATIONAL SECURITY COUNCIL NATIONAL SECURITY AND... can best be accomplished by centralized policy development, planning, and broad direction. Detailed... policies, procedures and responsibilities as described in parts 211 and 213 of this chapter. (c) The Nation...

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Christoph, G.G; Jackson, K.A.; Neuman, M.C.

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in the system audit record, by changes in the vulnerability posture of the system configuration, and in other evidence found through active testing of the system. In 1989 we started developing an automatic misuse detection system for the Integrated Computing Network (ICN) at Los Alamos National Laboratory. Since 1990 this system has been operational, monitoring a variety of network systems and services. We call it the Network Anomaly Detection and Intrusion Reporter, or NADIR. During the last year andmore » a half, we expanded NADIR to include processing of audit and activity records for the Cray UNICOS operating system. This new component is called the UNICOS Real-time NADIR, or UNICORN. UNICORN summarizes user activity and system configuration information in statistical profiles. In near real-time, it can compare current activity to historical profiles and test activity against expert rules that express our security policy and define improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. UNICORN is currently operational on four Crays in Los Alamos` main computing network, the ICN.« less

Access Control based on Attribute Certificates for Medical Intranet Applications

PubMed Central

Georgiadis, Christos; Pangalos, George; Khair, Marie

2001-01-01

Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Security Policies for Mitigating the Risk of Load Altering Attacks on Smart Grid Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ryutov, Tatyana; AlMajali, Anas; Neuman, Clifford

2015-04-01

While demand response programs implement energy efficiency and power quality objectives, they bring potential security threats to the Smart Grid. The ability to influence load in a system enables attackers to cause system failures and impacts the quality and integrity of power delivered to customers. This paper presents a security mechanism to monitor and control load according to a set of security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. We examined the security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. We implementedmore » a proof of concept prototype and tested it using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.« less

Welfare, Liberty, and Security for All? U.S. Sex Education Policy and the 1996 Title V Section 510 of the Social Security Act.

PubMed

Lerner, Justin E; Hawkins, Robert L

2016-07-01

When adolescents delay (meaning they wait until after middle school) engaging in sexual intercourse, they use condoms at higher rates and have fewer sexual partners than those who have sex earlier, thus resulting in a lower risk for unintended pregnancies and sexually transmitted infections. The 1996 Section 510 of Title V of the Social Security Act (often referred to as A-H) is a policy that promotes abstinence-only-until-marriage education (AOE) within public schools. Using Stone's (2012) policy analysis framework, this article explores how A-H limits welfare, liberty, and security among adolescents due to the poor empirical outcomes of AOE policy. We recommend incorporating theory-informed comprehensive sex education in addition to theory-informed abstinence education that utilizes Fishbein and Ajzen's (2010) reasoned action model within schools in order to begin to address adolescent welfare, liberty, and security.

75 FR 881 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-06

... development issues, international spectrum requirements and harmonization, cyber-security, and data protection... will discuss key issues of importance to U.S. communications policy interests including future... Bureau of Diplomatic Security to enhance the Department's security by tracking visitor traffic and to...

Judge says leading viatical firm violated securities laws.

PubMed

1995-09-22

A Federal judge has agreed with the Securities and Exchange Commission (SEC) in its suit against Life Partners, a leading viatical settlement company. According to the SEC, Life Partners buys insurance policies from persons living with AIDS in its own name and then sells interests in these policies to investors. The SEC alleges that these interests fall under the Federal securities laws. Life Partners contends that it acts solely as an agent on behalf of investors, and therefore securities laws do not apply. The judge's injunction requires Life Partners to transfer its insurance policies to an independent agent until the case is resolved.

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Participant’s Manual to Accompany the Yugoslav Dilemma (A Computer Simulation)

DTIC Science & Technology

1984-02-01

INOV 65IS OBSOLETE UCASFE S/W 0102.0P.01461101 UCASFE SECURITY CLASSIFICATION OF THIS PAGE (Vh.n Do#& 800ae.) % % P . . ... J4 , . .. . S. FOREWORD... Poland caused Europeans to think carefully about the tendency to rely heavily on the benefits of detente as a basis for foreign policy. The Soviet...contracts were signed with Hungary and Poland for the supply of industrial plants. A Defense Cooperation Agreement was signed with the United States. It

Potential Cost Savings and Cost Avoidances Associated With Security Cooperation Training Programs

DTIC Science & Technology

2015-12-01

has long been a staple of U.S. diplomatic policy. Recent events in Iraq, Afghanistan, and Syria have raised questions about both the efficiency and...computed as part of a pricing strategy for an ID/ IQ contract. The pricing was made to ensure that the contractor would make an adequate profit on all...diem rates, the contractors are authorized by contract to raise their prices 3.44% each year. This rate elevation far surpasses the annual military

Radioactivity and Environmental Security in the Oceans: New Research and Policy Priorities in the Arctic and North Atlantic

DTIC Science & Technology

1993-06-09

within the framework of an update for the computer database "DiaNIK" which has been developed at the Vernadsky Institute of Geochemistry and Analytical...chemical thermodynamic data for minerals and mineral-forming substances. The structure of thermodynamic database "DiaNIK" is based on the principles...in the database . A substantial portion of the thermodynamic values recommended by "DiaNIK" experts for the substances in User Version 3.1 resulted from

Proton beam therapy control system

DOEpatents

Baumann, Michael A [Riverside, CA; Beloussov, Alexandre V [Bernardino, CA; Bakir, Julide [Alta Loma, CA; Armon, Deganit [Redlands, CA; Olsen, Howard B [Colton, CA; Salem, Dana [Riverside, CA

2008-07-08

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Proton beam therapy control system

DOEpatents

Baumann, Michael A.; Beloussov, Alexandre V.; Bakir, Julide; Armon, Deganit; Olsen, Howard B.; Salem, Dana

2010-09-21

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Proton beam therapy control system

DOEpatents

Baumann, Michael A; Beloussov, Alexandre V; Bakir, Julide; Armon, Deganit; Olsen, Howard B; Salem, Dana

2013-06-25

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Proton beam therapy control system

DOEpatents

Baumann, Michael A; Beloussov, Alexandre V; Bakir, Julide; Armon, Deganit; Olsen, Howard B; Salem, Dana

2013-12-03

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

Bootstrapping Security Policies for Wearable Apps Using Attributed Structural Graphs.

PubMed

González-Tablas, Ana I; Tapiador, Juan E

2016-05-11

We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structural relationships among them. This graph is then augmented with attributes capturing the features of each entity together with user-defined tags. We then adapt available graph-based similarity metrics to find the closest app to a new one to be deployed, with the aim of reusing, and possibly adapting, its security policy. We illustrate our approach through a detailed smartphone ecosystem case study. Our results suggest that the scheme can provide users with a reasonably good policy that is consistent with the user's security preferences implicitly captured by policies already in place.

Bootstrapping Security Policies for Wearable Apps Using Attributed Structural Graphs

PubMed Central

González-Tablas, Ana I.; Tapiador, Juan E.

2016-01-01

We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structural relationships among them. This graph is then augmented with attributes capturing the features of each entity together with user-defined tags. We then adapt available graph-based similarity metrics to find the closest app to a new one to be deployed, with the aim of reusing, and possibly adapting, its security policy. We illustrate our approach through a detailed smartphone ecosystem case study. Our results suggest that the scheme can provide users with a reasonably good policy that is consistent with the user’s security preferences implicitly captured by policies already in place. PMID:27187385

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

The Value of a European Security and Defense Policy

DTIC Science & Technology

2007-05-08

Union, Theory in International Affairs, US Foreign and Security Policy, Crisis Management, Crisis Response, 16. SECURITY CLASSIFICATION OF: 17...1 2. The importance of theory in...will examine which paradigm of international relations is most suited to explain current developments in the EU and which theory in international

[Review of food policy approaches: from food security to food sovereignty (2000-2013)].

PubMed

López-Giraldo, Luis Alirio; Franco-Giraldo, Álvaro

2015-07-01

Food policies have attracted special interest due to the global food crisis in 2008 and promotion of the Millennium Development Goals, leading to approaches by different fields. This thematic review aims to describe the main theoretical and methodological approaches to food security and food sovereignty policies. A search was performed in databases of scientific journals from 2000 to 2013. 320 complete articles were selected from a total of 2,699. After reading the articles to apply the inclusion criteria, 55 items were maintained for analysis. In conclusion, with the predominance of food security as a guiding policy, food sovereignty has emerged as a critical response to be included in designing and researching food policies. Food policies are essential for achieving public health goals. Public health should thus take a leading role in linking and orienting such policies.

The policy and science of soil change - a Victorian perspective

NASA Astrophysics Data System (ADS)

Fisher, Jane; Crawford, Michael C.

2015-07-01

Understanding and managing soil change is an important component of maintaining soil health and soil security which is important for the future of agricultural productivity in Victoria. Historically, soil policy in Victoria has been dealt with on the basis of a single issue. With the emergence of farming systems thinking, and the concept of soil health and soil security, a more holistic approach is now being taken. A seven-step policy framework has been developed that promotes dialogue between scientist and policy makers. The questions it asks (what is the problem and how can it be solved?) clarify the role of government investment, and developing partnerships between science and policy, enables early identification of potential policy problems and development of appropriate policy interventions to manage soil change and ultimately soil health, soil security and soil productivity.

SEED: A Suite of Instructional Laboratories for Computer Security Education

ERIC Educational Resources Information Center

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

POLICY VARIATION, LABOR SUPPLY ELASTICITIES, AND A STRUCTURAL MODEL OF RETIREMENT

PubMed Central

MANOLI, DAY; MULLEN, KATHLEEN J.; WAGNER, MATHIS

2015-01-01

This paper exploits a combination of policy variation from multiple pension reforms in Austria and administrative data from the Austrian Social Security Database. Using the policy changes for identification, we estimate social security wealth and accrual elasticities in individuals’ retirement decisions. Next, we use these elasticities to estimate a dynamic programming model of retirement decisions. Finally, we use the estimated model to examine the labor supply and welfare consequences of potential social security reforms. PMID:26472916

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

32 CFR 117.54 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Agency Central Security Service (NSA/CSS) Policy Manual 3-16, “Control of Communications Security Material” (available to authorized users of SIPRNET at www.iad.nsa.smil.mil/resources/library/nsa_office_of_policy_section/pdf/NSA_CSS_MAN-3-16_080505.pdf). (b) Adversely affecting the performance of classified...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2014 CFR

2014-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2014-07-01 2014-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2013 CFR

2013-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2013-07-01 2013-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2012 CFR

2012-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2012-07-01 2012-07-01 false DSS implementation policies. 321.14 Section 321...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

Security Policy for a Generic Space Exploration Communication Network Architecture

NASA Technical Reports Server (NTRS)

Ivancic, William D.; Sheehe, Charles J.; Vaden, Karl R.

2016-01-01

This document is one of three. It describes various security mechanisms and a security policy profile for a generic space-based communication architecture. Two other documents accompany this document- an Operations Concept (OpsCon) and a communication architecture document. The OpsCon should be read first followed by the security policy profile described by this document and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space.

Social Security Ruling, SSR 99-2p.; titles II and XVI; evaluating cases involving chronic fatigue syndrome (CFS). Social Security Administration. Notice of Social Security ruling.

PubMed

1999-04-30

In accordance with 20 CFR 402.35(b)(1), the Commissioner of Social Security gives notice of Social Security Ruling, SSR 99-2p. This Ruling clarifies disability policy for the evaluation and adjudication of disability claims involving Chronic Fatigue Syndrome (CFS). This Ruling explains that, when it is accompanied by appropriate medical signs or laboratory findings, CFS is a medically determinable impairment that can be the basis for a finding of "disability." This Ruling ensures that all adjudicators will use the same policies and procedures in evaluating disability claims involving CFS, and provides a consolidated statement of these policies and procedures.

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

Strategic Planning for Comprehensive Security in the European Union’s Military Operations: EUFOR RD Congo, EUFOR Tchad/RCA, and EUNAVFOR Somalia

DTIC Science & Technology

2010-06-01

Globalization and Environmental Challenges: Reconceptualizing Security in the 21st Century, 947. 11 Marco A. Ferroni and Ashoka Mody, International Public...Security and Defence Policy, 67–70; Howorth, Security and Defence Policy in the European Union, 152–154. 47 Hubert Zimmermann, “Security Exporters...consilium.europa.eu/showPage.aspx?id=1519&lang=en (accessed 12 March 2010). Ferroni, Marco A. and Ashoka Mody. International Public Goods: Incentives

75 FR 33811 - Office of the National Coordinator for Health Information Technology; HIT Policy Committee's...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the National Coordinator for Health Information Technology; HIT Policy Committee's Privacy & Security Tiger Team Meeting; Notice of Meeting AGENCY: Office of... of Committee: HIT Policy Committee's Privacy & Security Tiger Team. General Function of the Committee...

32 CFR 159.4 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Policy. 159.4 Section 159.4 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY PRIVATE SECURITY CONTRACTORS OPERATING IN CONTINGENCY OPERATIONS § 159.4 Policy. (a) Consistent with the requirements of paragraph (a)(2) of section 862...

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

77 FR 2293 - Federal Open Market Committee; Domestic Policy Directive of December 13, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-17

..., Treasury securities with remaining maturities of approximately 6 years to 30 years with a total face value... total face value of $400 billion. The Committee also directs the Desk to maintain its existing policies... mortgage-backed securities in order to maintain the total face value of domestic securities at...

Security Personnel Practices and Policies in U.S. Hospitals: Findings From a National Survey.

PubMed

Schoenfisch, Ashley L; Pompeii, Lisa A

2016-06-27

Concerns of violence in hospitals warrant examination of current hospital security practices. Cross-sectional survey data were collected from members of a health care security and safety association to examine the type of personnel serving as security in hospitals, their policies and practices related to training and weapon/restraint tool carrying/use, and the broader context in which security personnel work to maintain staff and patient safety, with an emphasis on workplace violence prevention and mitigation. Data pertaining to 340 hospitals suggest security personnel were typically non-sworn officers directly employed (72%) by hospitals. Available tools included handcuffs (96%), batons (56%), oleoresin capsicum products (e.g., pepper spray; 52%), hand guns (52%), conducted electrical weapons (e.g., TASERs®; 47%), and K9 units (12%). Current workplace violence prevention policy components, as well as recommendations to improve hospital security practices, aligned with Occupational Safety and Health Administration guidelines. Comprehensive efforts to address the safety and effectiveness of hospital security personnel should consider security personnel's relationships with other hospital work groups and hospitals' focus on patients' safety and satisfaction. © 2016 The Author(s).

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

Protecting the Ozone Shield: A New Public Policy

DTIC Science & Technology

1991-04-01

Public Policy Issue; Alterna- 11 tives; Risk Management; Clean Air Act; Global Warming 16. PRICE CODE 17. SECURITY CLASSIFICATION 𔄂. SECURITY...pattern of global warming , commonly known as "the greenhouse effect. 1 OVERVIEW OF THE OZONE DEPLETION PUBLIC POLICY ISSUE In 1974, two atmospheric...inhabitants from the harmful effects of increased UVb radiation and global warming . Another dilemma surrounds this public policy issue since the first

48 CFR 1804.470-3 - IT security requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... the provisioning of services or products (e.g., research and development, engineering, manufacturing... Policies are available at the NASA IT Security Policy Web site at: http://www.nasa.gov/offices/ocio...

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

The engineering of a scalable multi-site communications system utilizing quantum key distribution (QKD)

NASA Astrophysics Data System (ADS)

Tysowski, Piotr K.; Ling, Xinhua; Lütkenhaus, Norbert; Mosca, Michele

2018-04-01

Quantum key distribution (QKD) is a means of generating keys between a pair of computing hosts that is theoretically secure against cryptanalysis, even by a quantum computer. Although there is much active research into improving the QKD technology itself, there is still significant work to be done to apply engineering methodology and determine how it can be practically built to scale within an enterprise IT environment. Significant challenges exist in building a practical key management service (KMS) for use in a metropolitan network. QKD is generally a point-to-point technique only and is subject to steep performance constraints. The integration of QKD into enterprise-level computing has been researched, to enable quantum-safe communication. A novel method for constructing a KMS is presented that allows arbitrary computing hosts on one site to establish multiple secure communication sessions with the hosts of another site. A key exchange protocol is proposed where symmetric private keys are granted to hosts while satisfying the scalability needs of an enterprise population of users. The KMS operates within a layered architectural style that is able to interoperate with various underlying QKD implementations. Variable levels of security for the host population are enforced through a policy engine. A network layer provides key generation across a network of nodes connected by quantum links. Scheduling and routing functionality allows quantum key material to be relayed across trusted nodes. Optimizations are performed to match the real-time host demand for key material with the capacity afforded by the infrastructure. The result is a flexible and scalable architecture that is suitable for enterprise use and independent of any specific QKD technology.

The Climate Disruption Challenge for Water Security in a Growing World

NASA Astrophysics Data System (ADS)

Paxton, L. J.; Nix, M.; Ihde, A.; MacDonald, L. H.; Parker, C.; Schaefer, R. K.; Weiss, M.; Babin, S. M.; Swartz, W. H.; Schloman, J.

2012-12-01

Climate disruption, the increasingly large and erratic departures of weather and climate from the benign conditions of the last one hundred years, is the greatest challenge to the long-term stability of world governments. Population growth, food and water security, energy supplies, and economic factors are, to some degree, within the control of governance and policy and all of these are impacted by climate disruption. Climate disruption, on the other hand, is not amenable to direct modification on the short timescales that commonly dictate governmental policy and human response. Global average temperatures will continue to increase even if there were immediate, profound changes in emission scenarios. Policy makers are faced with the very practical and immediate problem of determining what can one reasonably do to ameliorate the impact of climate disruption. The issue from a policy viewpoint is: how does one make effective policy when faced with a situation in which there are varied viewpoints in competition. How does one establish a consensus for action? What information "speaks" to policy makers? Water security is one such issue and provides an important, immediate, and tangible device to use when we examine how one can determine what policies can be effectively pursued. The Global Assimilation of Information for Action (GAIA) project creates a support environment to address the impact of climate disruption on global, national, regional, and/or local interests. The basic research community is concerned with the scientific aspects of predicting climate change in terms of environmental parameters such as rainfall, temperature and humidity while decision makers must deal with planning for a world that may be very different from the one we have grown accustomed to. Decision makers must deal with the long-term impacts on public health, agriculture, economic productivity, security, extreme weather, etc in an environment that has come to focus on short-term issues. To complicate matters, the information available from the climate studies community is couched in terms of model projections with "uncertainties" and a choice of emission scenarios that are often expressed in terms of the results of computer simulations and model output. GAIA develops actionable information and explores the interactions of policy and practice. Part of this framework is the development of "games". These realistic games include the elements of both agent-based and role simulation games in which subject matter experts interact in a realistic scenario to explore courses of action and their outcomes based on realistic, projected environments. We will present examples of some of the past work done at APL and examples of collaborative or competitive games that could be used to explore climate disruption in terms of social, political, and economic impacts. These games provide immediate, "tactile" experience of the implications of a choice of policy. In this talk we will suggest how this tool can be applied to problems like the Colorado River Basin or the Brahmaputra.

Current Developments and Prospects for the Future: French Security Policy in a Changing World

DTIC Science & Technology

1991-06-01

GROUP SUBGROUP France , French Security Policy, Franco-German relations, NATO, French economy, Charles do Gaulle, Francois Mitterrand, European Community...concludes that the Gaullist myth of grandeur and independence can no longer be sustained . French security must now be achieved by strengthening ties...Gaulle. The thesis concludes that the Gaullist myth of grandeur and independence can no longer be sustained . French security must now be achieved by

How Colombian Interagency Cooperation Reestablished Security and Strengthened Democracy

DTIC Science & Technology

2010-03-23

2002, the electorate voted in President Alvaro Uribe , who implemented a new strategy: the Democratic Security and Defense Policy (DSDP). Before Uribe ... Alvaro Uribe became president of the nation. From the start, the main goal for Uribe’s government was to make Colombia a secure country. He defined... Alvaro Uribe , Achievements of the Democratic security and Defense Policy, UN 61 debate, 21 Sep-2006, http://www.un.org/webcast/ga/61/pdfs

Model Policy for Security and Safety Committee.

ERIC Educational Resources Information Center

Perillo, Stephen E.

The starting point of an effective school safety program is the development of a written policy statement that reflects the school board's belief in safety for its students and that is widely publicized to the staff and community. A sample safety/security policy is provided that lists, first, the superintendent's responsibilities in establishing a…

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Updating energy security and environmental policy: Energy security theories revisited.

PubMed

Proskuryakova, L

2018-06-18

The energy security theories are based on the premises of sufficient and reliable supply of fossil fuels at affordable prices in centralized supply systems. Policy-makers and company chief executives develop energy security strategies based on the energy security theories and definitions that dominate in the research and policy discourse. It is therefore of utmost importance that scientists revisit these theories in line with the latest changes in the energy industry: the rapid advancement of renewables and smart grid, decentralization of energy systems, new environmental and climate challenges. The study examines the classic energy security concepts (neorealism, neoliberalism, constructivism and international political economy) and assesses if energy technology changes are taken into consideration. This is done through integrative literature review, comparative analysis, identification of 'international relations' and 'energy' research discourse with the use of big data, and case studies of Germany, China, and Russia. The paper offers suggestions for revision of energy security concepts through integration of future technology considerations. Copyright © 2018 Elsevier Ltd. All rights reserved.

77 FR 31015 - Federal Open Market Committee; Domestic Policy Directive of April 24-25, 2012

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-24

..., Treasury securities with remaining maturities of approximately 6 years to 30 years with a total face value... total face value of $400 billion. The Committee also directs the Desk to maintain its existing policies... mortgage-backed securities in order to maintain the total face value of domestic securities at...

Toward a Theory of Employee Compliance with Information Security Policies: A Grounded Theory Methodology

ERIC Educational Resources Information Center

Sikolia, David Wafula

2013-01-01

User non-compliance with information security policies in organizations due to negligence or ignorance is reported as a key data security problem for organizations. The violation of the confidentiality, integrity and availability of organizational data has led to losses in millions of dollars for organizations in terms of money and time spent…

Safety and Security at School: A Pedagogical Perspective

ERIC Educational Resources Information Center

de Waal, Elda; Grosser, M. M.

2009-01-01

Education law and policy currently focus on broader physical aspects of safety and security at schools, as well as, for example, on pedagogical insecurity such as is caused by discriminatory teaching, but law and policy have yet to pay attention to the overall and far-reaching pedagogical safety and security of learners. By means of a descriptive…

Novel Threshold Changeable Secret Sharing Schemes Based on Polynomial Interpolation

PubMed Central

Li, Mingchu; Guo, Cheng; Choo, Kim-Kwang Raymond; Ren, Yizhi

2016-01-01

After any distribution of secret sharing shadows in a threshold changeable secret sharing scheme, the threshold may need to be adjusted to deal with changes in the security policy and adversary structure. For example, when employees leave the organization, it is not realistic to expect departing employees to ensure the security of their secret shadows. Therefore, in 2012, Zhang et al. proposed (t → t′, n) and ({t1, t2,⋯, tN}, n) threshold changeable secret sharing schemes. However, their schemes suffer from a number of limitations such as strict limit on the threshold values, large storage space requirement for secret shadows, and significant computation for constructing and recovering polynomials. To address these limitations, we propose two improved dealer-free threshold changeable secret sharing schemes. In our schemes, we construct polynomials to update secret shadows, and use two-variable one-way function to resist collusion attacks and secure the information stored by the combiner. We then demonstrate our schemes can adjust the threshold safely. PMID:27792784

The Feasibility of Wearables in an Enterprise Environment and Their Impact on IT Security

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2015-01-01

This paper is intended to explore the usability and feasibility of wearables in an enterprise environment and their impact on IT Security. In this day and age, with the advent of the Internet of Things, we must explore all the new technology emerging from the minds of the new inventors. This means exploring the use of wearables in regards to their benefits, limitations, and the new challenges they pose to securing computer networks in the Federal environment. We will explore the design of the wearables, the interfaces needed to connect them, and what it will take to connect personal devices in the Federal enterprise network environment. We will provide an overview of the wearable design, concerns of ensuring the confidentiality, integrity, and availability of information and the challenges faced by those doing so. We will also review the implications and limitations of the policies governing wearable technology and the physical efforts to enforce them.

Novel Threshold Changeable Secret Sharing Schemes Based on Polynomial Interpolation.

PubMed

Yuan, Lifeng; Li, Mingchu; Guo, Cheng; Choo, Kim-Kwang Raymond; Ren, Yizhi

2016-01-01

After any distribution of secret sharing shadows in a threshold changeable secret sharing scheme, the threshold may need to be adjusted to deal with changes in the security policy and adversary structure. For example, when employees leave the organization, it is not realistic to expect departing employees to ensure the security of their secret shadows. Therefore, in 2012, Zhang et al. proposed (t → t', n) and ({t1, t2,⋯, tN}, n) threshold changeable secret sharing schemes. However, their schemes suffer from a number of limitations such as strict limit on the threshold values, large storage space requirement for secret shadows, and significant computation for constructing and recovering polynomials. To address these limitations, we propose two improved dealer-free threshold changeable secret sharing schemes. In our schemes, we construct polynomials to update secret shadows, and use two-variable one-way function to resist collusion attacks and secure the information stored by the combiner. We then demonstrate our schemes can adjust the threshold safely.

United States national security policy making and Vietnam

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davidson, M.W.

1985-01-01

The United States failed to achieve its goals in waging a war in Vietnam. This thesis endeavors to show that this failure was due to errors in the formulation of American national security policy regarding Vietnam. The policy making process went astray, at least in part, due to a narrowing of the role of senior military officers as national security policy makers. The restricted role of senior officers as national security policy makers adversely affected American policy formulation regarding Vietnam. The United States response to the coup against Diem in 1963 and the deployment of conventional American forces to groundmore » combat in Vietnam, in 1965 were undertaken without a clear recognition of the considerable costs of the commitments being assumed. Senior military officers had prompted such a recognition in similar previous crises but were not in a policy making position to do so concerning Vietnam. The policymaking input that was absent was ethical counsel of a fundamental nature. Clausewitz viewed the mortality of a war as being embodied in the national will to fight that war. The absence of an accurate appreciation of the costs of a military solution in Vietnam denied civilian officials a critical policy making factor and contributed significantly to the defeat of the American purpose there.« less

Fortresses and Icebergs: The Evolution of the Transatlantic Defense Market and the Implications for U.S. National Security Policy. Volume 1: Study Findings and Recommendations

DTIC Science & Technology

2009-01-01

The United States needs a new model of “globalized” national security for this changing world: we must realign longstanding policies away from go...at the center of our approach to ensuring our future security. … Now, when we most need to re-examine our Transatlantic security model, this new two...address the globalized threats we face, our gov- ernment is already reorienting the capabilities of our national security forces to a new bal- ance

LANL continuity of operations plan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Senutovitch, Diane M

2010-12-22

The Los Alamos National Laboratory (LANL) is a premier national security research institution, delivering scientific and engineering solutions for the nation's most crucial and complex problems. Our primary responsibility is to ensure the safety, security, and reliability of the nation's nuclear stockpile. LANL emphasizes worker safety, effective operational safeguards and security, and environmental stewardship, outstanding science remains the foundation of work at the Laboratory. In addition to supporting the Laboratory's core national security mission, our work advances bioscience, chemistry, computer science, earth and environmental sciences, materials science, and physics disciplines. To accomplish LANL's mission, we must ensure that the Laboratorymore » EFs continue to be performed during a continuity event, including localized acts of nature, accidents, technological or attack-related emergencies, and pandemic or epidemic events. The LANL Continuity of Operations (COOP) Plan documents the overall LANL COOP Program and provides the operational framework to implement continuity policies, requirements, and responsibilities at LANL, as required by DOE 0 150.1, Continuity Programs, May 2008. LANL must maintain its ability to perform the nation's PMEFs, which are: (1) maintain the safety and security of nuclear materials in the DOE Complex at fixed sites and in transit; (2) respond to a nuclear incident, both domestically and internationally, caused by terrorist activity, natural disaster, or accident, including mobilizing the resources to support these efforts; and (3) support the nation's energy infrastructure. This plan supports Continuity of Operations for Los Alamos National Laboratory (LANL). This plan issues LANL policy as directed by the DOE 0 150.1, Continuity Programs, and provides direction for the orderly continuation of LANL EFs for 30 days of closure or 60 days for a pandemic/epidemic event. Initiation of COOP operations may be required to support an allhazards event, including a national security emergency, major fire, catastrophic natural disaster, man-made disaster, terrorism event, or technological disaster by rendering LANL buildings, infrastructure, or Technical Areas unsafe, temporarily unusable, or inaccessible.« less

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

Efficient Redundancy Techniques in Cloud and Desktop Grid Systems using MAP/G/c-type Queues

NASA Astrophysics Data System (ADS)

Chakravarthy, Srinivas R.; Rumyantsev, Alexander

2018-03-01

Cloud computing is continuing to prove its flexibility and versatility in helping industries and businesses as well as academia as a way of providing needed computing capacity. As an important alternative to cloud computing, desktop grids allow to utilize the idle computer resources of an enterprise/community by means of distributed computing system, providing a more secure and controllable environment with lower operational expenses. Further, both cloud computing and desktop grids are meant to optimize limited resources and at the same time to decrease the expected latency for users. The crucial parameter for optimization both in cloud computing and in desktop grids is the level of redundancy (replication) for service requests/workunits. In this paper we study the optimal replication policies by considering three variations of Fork-Join systems in the context of a multi-server queueing system with a versatile point process for the arrivals. For services we consider phase type distributions as well as shifted exponential and Weibull. We use both analytical and simulation approach in our analysis and report some interesting qualitative results.

Russia’s National Interests in the Transcaucasus and the U.S. Policy: Implications for Armenian National Security

DTIC Science & Technology

2006-03-01

Transition, 156. 106 Quoted in Jacob W. Kipp, “War Scare in the Caucasus: Redefining the Threat and the War on Terrorism,” in Russian Military Reform , ed...Garden, 232. 109 Marcel de Haas, “The Development of Russia’s Security Policy,” in Russian Military Reform , ed. Anne C. Aldis and Roger N. McDermott...2003). de Haas, Marcel. “The Development of Russia’s Security Policy,” in Russian Military Reform , ed. Anne C. Aldis and Roger N. McDermott, 3-21

Cost-Benefit Analysis of Confidentiality Policies for Advanced Knowledge Management Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

May, D

Knowledge Discovery (KD) processes can create new information within a Knowledge Management (KM) system. In many domains, including government, this new information must be secured against unauthorized disclosure. Applying an appropriate confidentiality policy achieves this. However, it is not evident which confidentiality policy to apply, especially when the goals of sharing and disseminating knowledge have to be balanced with the requirements to secure knowledge. This work proposes to solve this problem by developing a cost-benefit analysis technique for examining the tradeoffs between securing and sharing discovered knowledge.

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

76 FR 67731 - Federal Open Market Committee; Domestic Policy Directive of September 20 and 21, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

..., Treasury securities with remaining maturities of approximately 6 years to 30 years with a total face value... total face value of $400 billion. The Committee also directs the Desk to maintain its existing policy of...- backed securities in order to maintain the total face value of domestic securities at approximately $2.6...

Sports Venue Security: Public Policy Options for Sear 4-5 Events

DTIC Science & Technology

2014-06-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release; distribution is unlimited SPORTS VENUE...Thesis 4. TITLE AND SUBTITLE SPORTS VENUE SECURITY: PUBLIC POLICY OPTIONS FOR SEAR 4–5 EVENTS 5. FUNDING NUMBERS 6. AUTHOR(S) James M. Gehring...DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) Although the United States made considerable advances in improving sport venue security

17 CFR 200.13b - Director of the Office of Public Affairs, Policy Evaluation, and Research.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Director of the Office of Public Affairs, Policy Evaluation, and Research. 200.13b Section 200.13b Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General...

Beyond the Poverty of National Security: Toward a Critical Human Security Perspective in Educational Policy

ERIC Educational Resources Information Center

Means, Alexander J.

2014-01-01

This article examines the intersecting logics of human capital and national security underpinning the corporate school reform movement in the United States. Taking a 2012 policy report by the Council on Foreign Relations as an entry point, it suggests that these logics are incoherent not only on their own narrow instrumental terms, but also more…

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 1804.470-2 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE ADMINISTRATION GENERAL...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 1804.470-2 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE ADMINISTRATION GENERAL...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

14 CFR 1203.600 - Policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM Declassification and Downgrading § 1203.600 Policy. Information shall be declassified or downgraded as soon as national security considerations permit. NASA reviews of classified information shall be coordinated with...

Social Security for Composers and Free Lances.

ERIC Educational Resources Information Center

Rossel-Majdan, Karl

1982-01-01

Internationally, cultural policies are tending toward increased socioeconomic and legal support for creative artists. Austrian cultural policies which encourage art and cultural professional organizations, increased copyright protection, and greater social security for free-lance artists are discussed. (AM)

14 CFR 1203.600 - Policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM Declassification and Downgrading § 1203.600 Policy. Information shall be declassified or downgraded as soon as national security considerations permit. NASA reviews of classified information shall be coordinated with...

48 CFR 3004.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... unclassified information. MD 4300.1, entitled Information Technology Systems Security, and the DHS Sensitive Systems Handbook, prescribe the policies and procedures on security for Information Technology resources... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

49 CFR 806.2 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.2 Applicability. This rule supplements Executive Order 12065 within the Board with regard to national security information. It establishes general policies and certain procedures for the classification and declassification of information...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

Extending key sharing: how to generate a key tightly coupled to a network security policy

NASA Astrophysics Data System (ADS)

Kazantzidis, Matheos

2006-04-01

Current state of the art security policy technologies, besides the small scale limitation and largely manual nature of accompanied management methods, are lacking a) in real-timeliness of policy implementation and b) vulnerabilities and inflexibility stemming from the centralized policy decision making; even if, for example, a policy description or access control database is distributed, the actual decision is often a centralized action and forms a system single point of failure. In this paper we are presenting a new fundamental concept that allows implement a security policy by a systematic and efficient key distribution procedure. Specifically, we extend the polynomial Shamir key splitting. According to this, a global key is split into n parts, any k of which can re-construct the original key. In this paper we present a method that instead of having "any k parts" be able to re-construct the original key, the latter can only be reconstructed if keys are combined as any access control policy describes. This leads into an easily deployable key generation procedure that results a single key per entity that "knows" its role in the specific access control policy from which it was derived. The system is considered efficient as it may be used to avoid expensive PKI operations or pairwise key distributions as well as provides superior security due to its distributed nature, the fact that the key is tightly coupled to the policy, and that policy change may be implemented easier and faster.

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

Defense Department Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

DTIC Science & Technology

2011-05-01

communications and on computer networks—its Global Information Grid—which are potentially jeopardized by the millions of denial-of-service attacks, hacking ...Director,a National Security Agency Chief of Staff Joint Operations Center Defense Information Systems Agency Command Center J1 J2 J3 J4 J5 J6 J7 J8...DC Joint Staff • J39, Operations, Pentagon, Washington, DC • J5 , Strategic Plans and Policy, Pentagon, Washington, DC U.S. Strategic Command • J882

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2010 CFR

2010-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

Public Health Crisis: the Need for Primary Prevention in Failed and Fragile States.

PubMed

Quinn, John; Stoeva, Preslava; Zelený, Tomáš; Nanda, Toozy; Tomanová, Alžběta; Bencko, Vladimír

2017-09-01

A new 'normal' in global affairs may be erupting from large global powers to that of non-state actors and proxies committing violence through scaled conflict in a post-Westphalian world generating significant global health policy challenges. Health security of populations are multifactorial and indirectly proportional to war, conflict and disaster. Preventing conflict and avoiding the health vacuum that occurs in war and violence may be best practices for policy makers. This paper considers an approach of applying clinical primary prevention principles to global health policy. Brief policy review of current standards and practices in health security in fragile and failed states and prevention; and definitions discussion. A short case study series are presented with best practices, with risk and outcome review. The global balance of power and order may be shifting through geopolitical transference and inadequate action by major global power brokers. Health security in at risk nation-states may be decreasing as a result. Small scale conflict with large-scale violence threatens health security and may experience increased incidence and prevalence in fragile and failed states. Preventative policy to resuscitate fragile and failed states and prevent further external and internal shocks may support health and promote a positive feedback loop of further state stability and increased health security. Public health policy shift to mitigate state failure and public health crisis in war and conflict through the basis of primary prevention may provide best practices and maximize health security for at risk populations. Copyright© by the National Institute of Public Health, Prague 2017

European Energy Policy and Its Effects on Gas Security

NASA Astrophysics Data System (ADS)

Radu, Victorita Stefana Anda

The goal of this study is to examine the effects of the energy policies of the European Union (EU) on its gas security in the period 2006 to 2016. While energy security is often given a broad meaning, this paper focuses on its external dimension: the EU?s relations with external gas suppliers. It is grounded on four pillars drawing from the compounded institutionalist and liberal theoretical frameworks: regulatory state, rational-choice, external governance, and regime effectiveness. The research question was investigated through a qualitative methodology with two main components: a legislative analysis and four case studies representing the main gas supply options--Russia, North African exporting countries, Norway, and liquefied natural gas (LNG). They highlighted that the EU framed the need for gas security mainly in the context of political risks associated with Russian gas supply, but it almost never took into account other equally important risks. Moreover, the research revealed two main issues. First, that the deeper and the more numerous EU?s energy policies were, the bigger was the magnitude of the effect. Specifically, competitiveness and infrastructure policies had the largest magnitude, while the sustainability and security of supply policies had the smallest effect. Second, EU energy policies only partially diminished the economic and political risks in relation to foreign gas suppliers. To conclude, to a certain extent the EU?s efforts made a positive contribution to the external dimension of the EU?s gas security, but the distinguishing trait remains that there is no consistency in terms of the magnitude of the effect and its nature.

Secure count query on encrypted genomic data.

PubMed

Hasan, Mohammad Zahidul; Mahdi, Md Safiur Rahman; Sadat, Md Nazmus; Mohammed, Noman

2018-05-01

Human genomic information can yield more effective healthcare by guiding medical decisions. Therefore, genomics research is gaining popularity as it can identify potential correlations between a disease and a certain gene, which improves the safety and efficacy of drug treatment and can also develop more effective prevention strategies [1]. To reduce the sampling error and to increase the statistical accuracy of this type of research projects, data from different sources need to be brought together since a single organization does not necessarily possess required amount of data. In this case, data sharing among multiple organizations must satisfy strict policies (for instance, HIPAA and PIPEDA) that have been enforced to regulate privacy-sensitive data sharing. Storage and computation on the shared data can be outsourced to a third party cloud service provider, equipped with enormous storage and computation resources. However, outsourcing data to a third party is associated with a potential risk of privacy violation of the participants, whose genomic sequence or clinical profile is used in these studies. In this article, we propose a method for secure sharing and computation on genomic data in a semi-honest cloud server. In particular, there are two main contributions. Firstly, the proposed method can handle biomedical data containing both genotype and phenotype. Secondly, our proposed index tree scheme reduces the computational overhead significantly for executing secure count query operation. In our proposed method, the confidentiality of shared data is ensured through encryption, while making the entire computation process efficient and scalable for cutting-edge biomedical applications. We evaluated our proposed method in terms of efficiency on a database of Single-Nucleotide Polymorphism (SNP) sequences, and experimental results demonstrate that the execution time for a query of 50 SNPs in a database of 50,000 records is approximately 5 s, where each record contains 500 SNPs. And, it requires 69.7 s to execute the query on the same database that also includes phenotypes. Copyright © 2018 Elsevier Inc. All rights reserved.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

75 FR 51609 - Classified National Security Information Program for State, Local, Tribal, and Private Sector...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-23

... within that agency. Sec. 2. Policy Direction. With policy guidance from the National Security Advisor and... of other agencies and representatives of SLTPS entities, as nominated by any Committee member and...

10 CFR 706.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS General § 706.1 Purpose. The purpose of this part is to set forth Department of Energy, hereinafter “DOE,” security policies and practices in the area of labor-management relations. ...

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

17 CFR 147.1 - General policy considerations, purpose and scope of rules relating to open Commission meetings.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false General policy considerations, purpose and scope of rules relating to open Commission meetings. 147.1 Section 147.1 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION OPEN COMMISSION MEETINGS § 147.1 General policy considerations, purpose and scope of rules...

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will... conditions under which SSA will disclose Social Security benefit data to OPM via direct computer link. OPM...

Research review of nongovernmental organizations' security policies for humanitarian programs in war, conflict, and postconflict environments.

PubMed

Rowley, Elizabeth; Burns, Lauren; Burnham, Gilbert

2013-06-01

To identify the most and least commonly cited security management messages that nongovernmental organizations (NGOs) are communicating to their field staff, to determine the types of documentation that NGOs most often use to communicate key security messages, and to distinguish the points of commonality and divergence across organizations in the content of key security messages. The authors undertook a systematic review of available security policies, manuals, and training materials from 20 international humanitarian NGOs using the InterAction Minimum Operating Security Standards as the basis for a review framework. The most commonly cited standards include analytical security issues such as threat and risk assessment processes and guidance on acceptance, protection, and deterrence approaches. Among the least commonly cited standards were considering security threats to national staff during staffing decision processes, incorporating security awareness into job descriptions, and ensuring that national staff security issues are addressed in trainings. NGO staff receive security-related messages through multiple document types, but only 12 of the 20 organizations have a distinct security policy document. Points of convergence across organizations in the content of commonly cited standards were found in many areas, but differences in security risk and threat assessment guidance may undermine communication between aid workers about changes in local security environments. Although the humanitarian community has experienced significant progress in the development of practical staff security guidance during the past 10 years, gaps remain that can hinder efforts to garner needed resources, clarify security responsibilities, and ensure that the distinct needs of national staff are recognized and addressed.

Global Warming: Its Implications for U.S. National Security Policy

DTIC Science & Technology

2009-03-19

The approach to this topic will be to look at the science behind anthropogenic global warming . Is man largely responsible for causing global warming due...paper will then investigate the nexus between global warming and U.S. national security policy. It will address the challenges facing U.S. leaders and...policy makers as they tackle the issue of global warming and its implications for U.S. policy. Finally it will conclude with recommendations for those

Contemporary United States Foreign Policy Towards Indonesia

DTIC Science & Technology

2004-01-01

regard to resolving a number of longstanding territorial disputes, and it has become a cornerstone for the promotion of economic and social development...and stability and security in the region. However, Indonesia is also faced with a variety of social , economic, and internal security issues, most...faced with significant social , economic, and security issues. Thesis Question The thesis question is: Does contemporary US policy promote US national

Looming Discontinuities in U.S. Military Strategy and Defense Planning: Colliding RMAs Necessitate a New Strategy

DTIC Science & Technology

2011-01-01

CARE INFRASTRUCTURE AND TRANSPORTATION INTERNATIONAL AFFAIRS LAW AND BUSINESS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND...research was conducted within the International Security and Defense Policy Center of the RAND National Defense Research Institute, a federally funded...Marine Corps, the defense agencies, and the defense Intelligence Community. For more information on the International Security and Defense Policy

An Open Framework for Low-Latency Communications across the Smart Grid Network

ERIC Educational Resources Information Center

Sturm, John Andrew

2011-01-01

The recent White House (2011) policy paper for the Smart Grid that was released on June 13, 2011, "A Policy Framework for the 21st Century Grid: Enabling Our Secure Energy Future," defines four major problems to be solved and the one that is addressed in this dissertation is Securing the Grid. Securing the Grid is referred to as one of…

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

Aviation Security: Background and Policy Options for Screening and Securing Air Cargo

DTIC Science & Technology

2008-02-25

today, employees with unescorted access privileges to security identification display areas ( SIDAs ) may access secured areas and aircraft without...where all-cargo aircraft are loaded and unloaded, as security identification display areas ( SIDAs ). This effectively elevates the required security

76 FR 8753 - Final Information Quality Guidelines Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-15

... DEPARTMENT OF HOMELAND SECURITY Final Information Quality Guidelines Policy AGENCY: Department of Homeland Security. ACTION: Notice and request for public comment on Final Information Quality Guidelines. SUMMARY: These guidelines should be used to ensure and maximize the quality of disseminated information...

32 CFR 187.4 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... further foreign policy and national security interests while at the same time taking into consideration important environmental concerns. (b) The Department of Defense acts with care in the global commons because... be through the Assistant Secretary of Defense (International Security Affairs). (e) Executive Order...

7 CFR 1962.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... of the Department of Agriculture (Continued) RURAL HOUSING SERVICE, RURAL BUSINESS-COOPERATIVE... REGULATIONS (CONTINUED) PERSONAL PROPERTY Servicing and Liquidation of Chattel Security § 1962.2 Policy. Chattel security, EO property and note only loans will be serviced to accomplish the loan objectives and...

Finasteride Reduces the Risk of Low-Grade Prostate Cancer in Men 55 and Older

MedlinePlus

... the researchers gathered using data from the Social Security Death Index (SSDI) from the time the trial ... Websites POLICIES Accessibility Comment Policy Disclaimer FOIA Privacy & Security Reuse & Copyright Syndication Services Website Linking U.S. Department ...

Specifying and Verifying Organizational Security Properties in First-Order Logic

NASA Astrophysics Data System (ADS)

Brandt, Christoph; Otten, Jens; Kreitz, Christoph; Bibel, Wolfgang

In certain critical cases the data flow between business departments in banking organizations has to respect security policies known as Chinese Wall or Bell-La Padula. We show that these policies can be represented by formal requirements and constraints in first-order logic. By additionally providing a formal model for the flow of data between business departments we demonstrate how security policies can be applied to a concrete organizational setting and checked with a first-order theorem prover. Our approach can be applied without requiring a deep formal expertise and it therefore promises a high potential of usability in the business.

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Sweden After the Cold War: Implications for US Regional Strategies

DTIC Science & Technology

1993-09-01

transient threats to common interests rather than formal alliance structures." [Ref. 3:p. 9] Such was the case in the recent Gulf War. But as Colonel...European Union, Sweden will participate fully in the common security and foreign policy which was laid down in the Maastricht Treaty... A "policy of...34defense policy": The EC is developing in the direction for a European Union, with a common security and foreign policy, and possibly a common

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

Japanese Prime Minister Shinzo Abe’s Two Administrations: Successes and Failures of Domestic and Security Policies

DTIC Science & Technology

2016-12-01

administrations, Abe’s unrivaled political performance within the Liberal Democratic Party (LDP), the weakness of opposition parties, and an economic...political success and failure, domestic policy, security policy, pragmatism, political environment, normalization, Liberal Democratic Party (LDP) 15...level, political influence from former administrations, Abe’s unrivaled political performance within the Liberal Democratic Party (LDP), the weakness

Analysis of Government Policies to Support Sustainable Domestic Defense Industries

DTIC Science & Technology

2015-06-01

arms- industry. Syrian civil war . n.d. Retrieved June 10, 2015, from http://www.britannica.com/event/Syrian-Civil- War United Nations Commission on...perhaps the most significant variable is the government. Because governments are both buyers and suppliers of national security, government policies...are both buyers and suppliers of national security, government policies are often designed by governments to support and regulate their domestic

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanquist, Thomas F.; Mahy, Heidi A.; Morris, Fred A.

Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used to measure attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis yielded a two factor solution, with the rating scale loading pattern suggesting factors of Perceived Effectiveness and Perceived Intrusiveness. These factors also showed an inverse relationship.more » The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors, which were used to rank the systems in terms of overall acceptability. Difference scores for the rating scales and PCA factors were used to compute a single acceptability value reflecting the relative weight of risks and benefits. Of the 12 systems studied, airport screening, canine detectors and radiation monitoring at borders were found to be relatively acceptable, i.e., the perceived benefits for homeland security outweighed the perceived risks to civil liberties. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies, and can be used to anticipate potentially significant public acceptance issues.« less

Data security and patient confidentiality: the manager's role.

PubMed

Fisher, F; Madge, B

1996-10-01

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their 'need to know' clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients consent, except in a legally allowable situation, should be a statutory offence.

10 CFR 706.13 - Clearance of counsel.

Code of Federal Regulations, 2012 CFR

2012-01-01

... DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... even though the record is to be unclassified. Clearance of counsel makes possible their participation in any closed discussions needed preparatory to making an unclassified record. Each party is...

10 CFR 706.13 - Clearance of counsel.

Code of Federal Regulations, 2010 CFR

2010-01-01

... DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... even though the record is to be unclassified. Clearance of counsel makes possible their participation in any closed discussions needed preparatory to making an unclassified record. Each party is...

10 CFR 706.13 - Clearance of counsel.

Code of Federal Regulations, 2013 CFR

2013-01-01

... DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... even though the record is to be unclassified. Clearance of counsel makes possible their participation in any closed discussions needed preparatory to making an unclassified record. Each party is...

10 CFR 706.13 - Clearance of counsel.

Code of Federal Regulations, 2011 CFR

2011-01-01

... DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... even though the record is to be unclassified. Clearance of counsel makes possible their participation in any closed discussions needed preparatory to making an unclassified record. Each party is...

10 CFR 706.13 - Clearance of counsel.

Code of Federal Regulations, 2014 CFR

2014-01-01

... DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... even though the record is to be unclassified. Clearance of counsel makes possible their participation in any closed discussions needed preparatory to making an unclassified record. Each party is...

National Security and Information Technology: The New Regulatory Option?

ERIC Educational Resources Information Center

Irwin, Manley R.

1987-01-01

Summarizes recent developments in information technology research and development, telecommunication services, telephone manufacturing, telecommunication networks, information processing, and U.S. import/export policy. It is concluded that government regulation as a policy strategy depends on how one defines national security. (Author/CLB)

Critical Rare Earths, National Security, and U.S.-China Interactions: A Portfolio Approach to Dysprosium Policy Design

DTIC Science & Technology

2015-01-01

by the graduate fellow’s faculty committee. C O R P O R A T I O N Dissertation Critical Rare Earths, National Security, and U.S.-China Interactions A...Portfolio Approach to Dysprosium Policy Design David L. An Dissertation Critical Rare Earths, National Security, and U.S.-China Interactions A...Permanent Magnet ................................................ xxiv Dysprosium, the Most Critical Rare Earth

U.S.-China Counterterrorism Cooperation: Issues for U.S. Policy

DTIC Science & Technology

2008-10-08

detained Uighurs at Guantanamo Bay prison; weapons nonproliferation; port security; security for the Olympics in Beijing in August 2008; sanctions...the others for Resolution 1368 (to combat terrorism). On September 20, Beijing said that it offered “unconditional support” in fighting terrorism...transform — the closer bilateral relationship pursued by President Bush since late 2001. In the short-term, U.S. security policy toward Beijing sought

Century of the Seas: Unlocking Indian Maritime Strategy in the 21st Century

DTIC Science & Technology

2017-09-01

Ensuring Secure Seas. Finally, this thesis examines India’s economic policies, specifically maritime trade, as well as domestic politics, to see how...they engage and shape Indian maritime strategy. These findings present a combined analysis of economic , security, and political factors mentioned above...Ensuring Secure Seas. Finally, this thesis examines India’s economic policies, specifically maritime trade, as well as domestic politics, to see how

6 CFR 13.27 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Computation of time. 13.27 Section 13.27 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.27 Computation of time. (a) In computing any period of time under this part or in an order issued...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

48 CFR 239.7402 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... requiring security during telecommunications; (ii) The requirement for the contractor to secure telecommunications systems; (iii) The telecommunications security equipment, devices, techniques, or services with which the contractor's telecommunications security equipment, devices, techniques, or services must be...

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

Fact Sheet: National Space Policy. Appendix F-2

NASA Technical Reports Server (NTRS)

1996-01-01

For over three decades, the United States has led the world in the exploration and use of outer space. Our achievements in space have inspired a generation of Americans and people throughout the world. We will maintain this leadership role by supporting a strong, stable, and balanced national space program that serves our goals in national security, foreign policy, economic growth, environmental stewardship, and scientific and technical excellence. Access to and use of space are central for preserving peace and protecting US national security as well as civil and commercial interests. The United States will pursue greater levels of partnership and cooperation in national and international space activities and work with other nations to ensure the continued exploration and use of outer space for peaceful purposes. The goals of the US space program are to: (a) Enhance knowledge of the Earth, the solar system, and the universe through human and robotic exploration; (b) Strengthen and maintain the national security of the United States; (c) Enhance the economic competitiveness and scientific and technical capabilities of the United States; (d) Encourage State, local, and private sector investment in, and use of, space technologies; (e) Promote international cooperation to further US domestic, national security, and foreign policies. The United States is committed to the exploration and use of outer space by all nations for peaceful purposes and for the benefit of all humanity. "Peaceful purposes" allow defense and intelligence-related activities in pursuit of national security and other goals. The United States rejects any claims to sovereignty by any nation over outer space or celestial bodies, or any portion thereof, and rejects any limitations on the fundamental right of sovereign nations to acquire data from space. The United States considers the space systems of any nation to be national property with the right of passage through and operations in space without interference. Purposeful interference with space systems shall be viewed as an infringement on sovereign rights. The US Government will maintain and coordinate separate national security and civil space systems where differing needs dictate. All actions undertaken by agencies and departments in implementing the national space policy shall be consistent with US law, regulations, national security requirements, foreign policy, international obligations, and nonproliferation policy. The National Science and Technology Council (NSTC) is the principal forum for resolving issues related to national space policy. As appropriate, the NSTC and NSC will co-chair policy process. This policy will be implemented within the overall resource and policy guidance provided by the President.

Family Economic Security Policies and Child and Family Health.

PubMed

Spencer, Rachael A; Komro, Kelli A

2017-03-01

In this review, we examine the effects of family economic security policies (i.e., minimum wage, earned income tax credit, unemployment insurance, Temporary Assistance to Needy Families) on child and family health outcomes, summarize policy generosity across states in the USA, and discuss directions and possibilities for future research. This manuscript is an update to a review article that was published in 2014. Millions of Americans are affected by family economic security policies each year, many of whom are the most vulnerable in society. There is increasing evidence that these policies impact health outcomes and behaviors of adults and children. Further, research indicates that, overall, policies which are more restrictive are associated with poorer health behaviors and outcomes; however, the strength of the evidence differs across each of the four policies. There is significant diversity in state-level policies, and it is plausible that these policy variations are contributing to health disparities across and within states. Despite increasing evidence of the relationship between economic policies and health, there continues to be limited attention to this issue. State policy variations offer a valuable opportunity for scientists to conduct natural experiments and contribute to evidence linking social policy effects to family and child well-being. The mounting evidence will help to guide future research and policy making for evolving toward a more nurturing society for family and child health and well-being.

Family Economic Security Policies and Child and Family Health

PubMed Central

Spencer, Rachael A.; Komro, Kelli A.

2017-01-01

In this review we examine the effects of family economic security policies (i.e., minimum wage, Earned Income Tax Credit, unemployment insurance, Temporary Assistance to Needy Families) on child and family health outcomes, summarize policy generosity across states in the U.S., and discuss directions and possibilities for future research. This manuscript is an update to a review article that was published in 2014. Millions of Americans are affected by family economic security policies each year, many of whom are the most vulnerable in society. There is increasing evidence that these policies impact health outcomes and behaviors of adults and children. Further, research indicates that, overall, policies which are more restrictive are associated with poorer health behaviors and outcomes; however, the strength of the evidence differs across each of the four policies. There is significant diversity in state-level policies and it is plausible that these policy variations are contributing to health disparities across and within states. Despite increasing evidence of the relationship between economic policies and health, there continues to be limited attention to this issue. State policy variations offer a valuable opportunity for scientists to conduct natural experiments and contribute to evidence linking social policy effects to family and child wellbeing. The mounting evidence will help to guide future research and policy making for evolving toward a more nurturing society for family and child health and wellbeing. PMID:28176020

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

10 CFR 706.12 - Administrative Law Judges.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Administrative Law Judges. 706.12 Section 706.12 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... hearings and to facilitate preparation of an unclassified record. The assignment of individual...

10 CFR 706.12 - Administrative Law Judges.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 4 2013-01-01 2013-01-01 false Administrative Law Judges. 706.12 Section 706.12 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... hearings and to facilitate preparation of an unclassified record. The assignment of individual...

10 CFR 706.12 - Administrative Law Judges.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Administrative Law Judges. 706.12 Section 706.12 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... hearings and to facilitate preparation of an unclassified record. The assignment of individual...

10 CFR 706.12 - Administrative Law Judges.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 4 2014-01-01 2014-01-01 false Administrative Law Judges. 706.12 Section 706.12 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... hearings and to facilitate preparation of an unclassified record. The assignment of individual...

10 CFR 706.12 - Administrative Law Judges.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Administrative Law Judges. 706.12 Section 706.12 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT RELATIONS Security Policies... hearings and to facilitate preparation of an unclassified record. The assignment of individual...

Online Patron Records and Privacy: Service vs. Security.

ERIC Educational Resources Information Center

Fouty, Kathleen G.

1993-01-01

Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

46 CFR 503.56 - General declassification and downgrading policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... INFORMATION Information Security Program § 503.56 General declassification and downgrading policy. (a) The... Order 12958, only over that information originally classified by the Commission under previous Executive... Commission Security Officer, and such others as the Chairman may designate. Commission personnel may not...

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

31 CFR 515.535 - Exchange of certain securities.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 31 Money and Finance:Treasury 3 2012-07-01 2012-07-01 false Exchange of certain securities. 515..., Authorizations, and Statements of Licensing Policy § 515.535 Exchange of certain securities. (a) Subject to the... securities listed on a national securities exchange, including the withdrawal of such securities from blocked...

31 CFR 515.535 - Exchange of certain securities.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 31 Money and Finance:Treasury 3 2013-07-01 2013-07-01 false Exchange of certain securities. 515..., Authorizations, and Statements of Licensing Policy § 515.535 Exchange of certain securities. (a) Subject to the... securities listed on a national securities exchange, including the withdrawal of such securities from blocked...

31 CFR 515.535 - Exchange of certain securities.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 31 Money and Finance:Treasury 3 2011-07-01 2011-07-01 false Exchange of certain securities. 515..., Authorizations, and Statements of Licensing Policy § 515.535 Exchange of certain securities. (a) Subject to the... securities listed on a national securities exchange, including the withdrawal of such securities from blocked...

31 CFR 515.535 - Exchange of certain securities.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 31 Money and Finance:Treasury 3 2014-07-01 2014-07-01 false Exchange of certain securities. 515..., Authorizations, and Statements of Licensing Policy § 515.535 Exchange of certain securities. (a) Subject to the... securities listed on a national securities exchange, including the withdrawal of such securities from blocked...

Building a Secure Library System.

ERIC Educational Resources Information Center

Benson, Allen C.

1998-01-01

Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

Visualization Tools for Teaching Computer Security

ERIC Educational Resources Information Center

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

The French Defense and Foreign Policies: Rwanda Case Study

DTIC Science & Technology

2013-03-25

Charbonneau , Bruno. France and the New Imperialism: Security Policy in Sub-Saharan Africa. Aldershot: Ashgate, 2008. Chipman, John. French Power in Africa... Charbonneau , France and the New Imperialism: Security Policy in Sub-Saharan Africa. (Aldershot: Ashgate Publishing Limited, 2008), 125. 16 Le Monde, 1...Petitville, 583-585. 23 Charbonneau , 61-62. 24 Intentionally, the author does not use the American designation as Chairman of the Joint Chiefs of Staff due

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

The Flask Security Architecture: System Support for Diverse Security Policies

DTIC Science & Technology

2006-01-01

Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

32 CFR 148.3 - Security review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 1 2012-07-01 2012-07-01 false Security review. 148.3 Section 148.3 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE PERSONNEL, MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and...

32 CFR 148.3 - Security review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 1 2013-07-01 2013-07-01 false Security review. 148.3 Section 148.3 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE PERSONNEL, MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and...

32 CFR 148.3 - Security review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Security review. 148.3 Section 148.3 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE PERSONNEL, MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and...

32 CFR 148.3 - Security review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 1 2014-07-01 2014-07-01 false Security review. 148.3 Section 148.3 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE PERSONNEL, MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and...

32 CFR 148.3 - Security review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Security review. 148.3 Section 148.3 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE PERSONNEL, MILITARY AND CIVILIAN NATIONAL POLICY AND IMPLEMENTATION OF RECIPROCITY OF FACILITIES National Policy on Reciprocity of Use and...

45 CFR 164.316 - Policies and procedures and documentation requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Policies and procedures and documentation requirements. 164.316 Section 164.316 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of...

22 CFR 9a.2 - General policy.

Code of Federal Regulations, 2010 CFR

2010-04-01

... important element of our national security. The effectiveness of the Agreement depends significantly upon... 22 Foreign Relations 1 2010-04-01 2010-04-01 false General policy. 9a.2 Section 9a.2 Foreign Relations DEPARTMENT OF STATE GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL...

17 CFR 210.2-07 - Communication with audit committees.

Code of Federal Regulations, 2011 CFR

2011-04-01

... FORM AND CONTENT OF AND REQUIREMENTS FOR FINANCIAL STATEMENTS, SECURITIES ACT OF 1933, SECURITIES..., INVESTMENT ADVISERS ACT OF 1940, AND ENERGY POLICY AND CONSERVATION ACT OF 1975 Qualifications and Reports of... critical accounting policies and practices to be used; (2) All alternative treatments within Generally...

77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-26

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records....m. to 12:00 noon. ADDRESSES: National Archives and Records Administration, 700 Pennsylvania Avenue...

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

NASA Astrophysics Data System (ADS)

Fleischmann, Kenneth R.

The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

Graduate Research Assistant Program for Professional Development at Oak Ridge National Laboratory (ORNL) Global Nuclear Security Technology Division (GNSTD)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eipeldauer, Mary D; Shelander Jr, Bruce R

2012-01-01

The southeast is a highly suitable environment for establishing a series of nuclear safety, security and safeguards 'professional development' courses. Oak Ridge National Laboratory (ORNL) provides expertise in the research component of these subjects while the Y-12 Nuclear Security Complex handles safeguards/security and safety applications. Several universities (i.e., University of Tennessee, Knoxville (UTK), North Carolina State University, University of Michigan, and Georgia Technology Institute) in the region, which offer nuclear engineering and public policy administration programs, and the Howard Baker Center for Public Policy make this an ideal environment for learning. More recently, the Institute for Nuclear Security (INS) wasmore » established between ORNL, Y-12, UTK and Oak Ridge Associate Universities (ORAU), with a focus on five principal areas. These areas include policy, law, and diplomacy; education and training; science and technology; operational and intelligence capability building; and real-world missions and applications. This is a new approach that includes professional development within the graduate research assistant program addressing global needs in nuclear security, safety and safeguards.« less