12 CFR 403.9 - Fees.

Code of Federal Regulations, 2013 CFR

2013-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

12 CFR 403.9 - Fees.

Code of Federal Regulations, 2014 CFR

2014-01-01

... SECURITY INFORMATION § 403.9 Fees. The following specific fees shall be applicable with respect to services... records, per hour or fraction thereof: (i) Professional $11.00 (ii) Clerical 6.00 (b) Computer service charges per second for actual use of computer central processing unit .25 (c) Copies made by photostat or...

Pitfalls in computer housekeeping by doctors and nurses in KwaZulu-Natal: no malicious intent.

PubMed

Jack, Caron; Singh, Yashik; Mars, Maurice

2013-01-01

Information and communication technologies are becoming an integral part of medical practice, research and administration and their use will grow as telemedicine and electronic medical record use become part of routine practice. Security in maintaining patient data is important and there is a statuary obligation to do so, but few health professionals have been trained on how to achieve this. There is no information on the use of computers and email by doctors and nurses in South Africa in the workplace and at home, and whether their current computer practices meets legal and ethical requirements. The aims of this study were to determine the use of computers by healthcare practitioners in the workplace and home; the use and approach to data storage, encryption and security of patient data and patient email; and the use of informed consent to transmit data by email. A self-administered questionnaire was administered to 400 health care providers from the state and private health care sectors. The questionnaire covered computer use in the workplace and at home, sharing of computers, data encryption and storage, email use, encryption of emails and storage, and the use of informed consent for email communication. 193 doctors and 207 nurses in the private and public sectors completed the questionnaire. Forty (10%) of participants do not use a computer. A third of health professionals were the only users of computers at work or at home. One hundred and ninety-eight respondents (55%) did not know if the data on the computers were encrypted, 132 (36.7%) knew that the data were not encrypted and 30 (8.3%) individuals knew that the data on the computers they were using were encrypted. Few doctors, 58 (16%), received emails from patients, with doctors more likely to receive emails from patients than nurses (p = 0.0025). Thirty-one percent of individuals did not respond to the emails. Emails were saved by 40 (69%) recipients but only 5 (12.5%) doctors encrypted the messages, 19 (47.5%) individuals knowingly did not encrypt and 16 (40.0%) did not know if they encrypted the data. While 20% of health professionals have emailed patient data, but only 41.7% gained consent to do so. Most health professionals as sampled in South Africa are not compliant with the National Health Act or the Electronic Communications Transactions Act of South Africa or guidelines from regulatory bodies when managing patient data on computers. Many appear ignorant or lack the ability to comply with simple data security procedures.

E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks

PubMed Central

Kumar, Pardeep; Lee, Sang-Gon; Lee, Hoon-Jae

2012-01-01

A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs. PMID:22438729

Variety and evolution of American endoscopic image management and recording systems.

PubMed

Korman, L Y

1996-03-01

The rapid evolution of computing technology has and will continue to alter the practice of gastroenterology and gastrointestinal endoscopy. Development of communication standards for text, images, and security systems will be necessary for medicine to take advantage of high-speed computing and communications. Professional societies can have an important role in guiding the development process.

Beyond Firewalls: Professional Certification Ensures Your Staff Will Understand Information Security in Its Proper Context

ERIC Educational Resources Information Center

Svetcov, Eric

2004-01-01

When it comes to security, many people do not know what they do not know. Consider for example, an administrator who leaves her password taped under her keyboard, or a teacher who doesn't change his password (ever!) or can't be bothered to log out or lock the computer, all the firewalls and antivirus programs in the world will not protect a…

Deception Using an SSH Honeypot

DTIC Science & Technology

2017-09-01

the device itself but also the device’s cloud and mobile infrastructure. This increase in unsecured devices connected to the Internet presents...have SSH enabled on their systems without knowledge that this service is running. Computer -security professionals use several techniques to gain...early 2000s. Honeypots are decoy computer systems intended for no other purpose than to collect data on attackers. They gather information about

Privacy Perspectives for Online Searchers: Confidentiality with Confidence?

ERIC Educational Resources Information Center

Duberman, Josh; Beaudet, Michael

2000-01-01

Presents issues and questions involved in online privacy from the information professional's perspective. Topics include consumer concerns; query confidentiality; securing computers from intrusion; electronic mail; search engines; patents and intellectual property searches; government's role; Internet service providers; database mining; user…

Analysis of health professional security behaviors in a real clinical setting: an empirical study.

PubMed

Fernández-Alemán, José Luis; Sánchez-Henarejos, Ana; Toval, Ambrosio; Sánchez-García, Ana Belén; Hernández-Hernández, Isabel; Fernandez-Luque, Luis

2015-06-01

The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=0.085, P=0.254). Age was weakly correlated with good security practices (Pearson's r=-0.169, P=0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (U=2536, P=0.792, n=178). The results of the study suggest that more efforts are required to improve security education for health personnel. It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Self port scanning tool : providing a more secure computing Environment through the use of proactive port scanning

NASA Technical Reports Server (NTRS)

Kocher, Joshua E; Gilliam, David P.

2005-01-01

Secure computing is a necessity in the hostile environment that the internet has become. Protection from nefarious individuals and organizations requires a solution that is more a methodology than a one time fix. One aspect of this methodology is having the knowledge of which network ports a computer has open to the world, These network ports are essentially the doorways from the internet into the computer. An assessment method which uses the nmap software to scan ports has been developed to aid System Administrators (SAs) with analysis of open ports on their system(s). Additionally, baselines for several operating systems have been developed so that SAs can compare their open ports to a baseline for a given operating system. Further, the tool is deployed on a website where SAs and Users can request a port scan of their computer. The results are then emailed to the requestor. This tool aids Users, SAs, and security professionals by providing an overall picture of what services are running, what ports are open, potential trojan programs or backdoors, and what ports can be closed.

Workarounds to computer access in healthcare organizations: you want my password or a dead patient?

PubMed

Koppel, Ross; Smith, Sean; Blythe, Jim; Kothari, Vijay

2015-01-01

Workarounds to computer access in healthcare are sufficiently common that they often go unnoticed. Clinicians focus on patient care, not cybersecurity. We argue and demonstrate that understanding workarounds to healthcare workers' computer access requires not only analyses of computer rules, but also interviews and observations with clinicians. In addition, we illustrate the value of shadowing clinicians and conducing focus groups to understand their motivations and tradeoffs for circumvention. Ethnographic investigation of the medical workplace emerges as a critical method of research because in the inevitable conflict between even well-intended people versus the machines, it's the people who are the more creative, flexible, and motivated. We conducted interviews and observations with hundreds of medical workers and with 19 cybersecurity experts, CIOs, CMIOs, CTO, and IT workers to obtain their perceptions of computer security. We also shadowed clinicians as they worked. We present dozens of ways workers ingeniously circumvent security rules. The clinicians we studied were not "black hat" hackers, but just professionals seeking to accomplish their work despite the security technologies and regulations.

Index of Selected Publications Through December 1983,

DTIC Science & Technology

1984-03-01

substantiating methodology , and is designed mainly for * readers with a professional interest in the subject but do * not have a primary responsibility in that...Navy in postwar American security policy -- computer subroutines - CRC 20 H 1052 experimental design techniques, computer North Atlantic-Norwegian...statistical tion and Congestion, With an Example from Southern experimental design technique aids the analysis California, 27 pp., Jan 1971, AD 719 906 of

Emerging Security Mechanisms for Medical Cyber Physical Systems.

PubMed

Kocabas, Ovunc; Soyata, Tolga; Aktas, Mehmet K

2016-01-01

The following decade will witness a surge in remote health-monitoring systems that are based on body-worn monitoring devices. These Medical Cyber Physical Systems (MCPS) will be capable of transmitting the acquired data to a private or public cloud for storage and processing. Machine learning algorithms running in the cloud and processing this data can provide decision support to healthcare professionals. There is no doubt that the security and privacy of the medical data is one of the most important concerns in designing an MCPS. In this paper, we depict the general architecture of an MCPS consisting of four layers: data acquisition, data aggregation, cloud processing, and action. Due to the differences in hardware and communication capabilities of each layer, different encryption schemes must be used to guarantee data privacy within that layer. We survey conventional and emerging encryption schemes based on their ability to provide secure storage, data sharing, and secure computation. Our detailed experimental evaluation of each scheme shows that while the emerging encryption schemes enable exciting new features such as secure sharing and secure computation, they introduce several orders-of-magnitude computational and storage overhead. We conclude our paper by outlining future research directions to improve the usability of the emerging encryption schemes in an MCPS.

Private Security Contractors in Iraq: Background, Legal Status, and Other Issues

DTIC Science & Technology

2008-08-25

Directorate. 25 Peter Eisler , “Attacks on U.S. Convoys Plummet; Shipments Crucial to Rebuilding Iraq,” USA Today, July 22, 2008, p. A1; August Cole, “U.S...contracts. Named DynCorp since 1987 , it was acquired in 2003 by Computer Sciences Corporation (CSC) and now has nearly 14,000 employees in 30...5,000 security professionals, government officials, and corporate executives and their families worldwide.40 EOD Technologies, Inc., founded in 1987

Distributed Computer Networks in Support of Complex Group Practices

PubMed Central

Wess, Bernard P.

1978-01-01

The economics of medical computer networks are presented in context with the patient care and administrative goals of medical networks. Design alternatives and network topologies are discussed with an emphasis on medical network design requirements in distributed data base design, telecommunications, satellite systems, and software engineering. The success of the medical computer networking technology is predicated on the ability of medical and data processing professionals to design comprehensive, efficient, and virtually impenetrable security systems to protect data bases, network access and services, and patient confidentiality.

77 FR 12635 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

.... Securities Offering. Series 86 Research Analyst--Analysis..... From $160 to $175. Series 87 Research Analyst... Order Processing Assistant Representatives, Research Analysts and Operations Professionals, respectively... examination.\\7\\ \\6\\ PROCTOR is a computer system that is specifically designed for the administration and...

Conception of a course for professional training and education in the field of computer and mobile forensics: Part II: Android Forensics

NASA Astrophysics Data System (ADS)

Kröger, Knut; Creutzburg, Reiner

2013-03-01

The growth of Android in the mobile sector and the interest to investigate these devices from a forensic point of view has rapidly increased. Many companies have security problems with mobile devices in their own IT infrastructure. To respond to these incidents, it is important to have professional trained staff. Furthermore, it is necessary to further train their existing employees in the practical applications of mobile forensics owing to the fact that a lot of companies are trusted with very sensitive data. Inspired by these facts, this paper - a continuation of a paper of January 2012 [1] which showed the conception of a course for professional training and education in the field of computer and mobile forensics - addresses training approaches and practical exercises to investigate Android mobile devices.

SocialRAD: an infrastructure for a secure, cooperative, asynchronous teleradiology system.

PubMed

Figueiredo, João Filho Matos; Motta, Gustavo Henrique Matos Bezerra

2013-01-01

The popularity of teleradiology services has enabled a major advance in the provision of health services to areas with difficult geographical access. However, this potential has also brought with it a number of challenges: the large volume of data, characteristic of imaging tests, and security requirements designed to ensure confidentiality and integrity. Moreover, there is also a number of ethical questions involving the dominant model on the market, whereby this service is outsourced to private companies, and is not directly undertaken by professional radiologists. Therefore, the present paper proposes a cooperative model of teleradiology, where health professionals interact directly with the hospitals providing patient care. This has involved the integration of a wide range of technologies, such as the interconnection models Peer-to-Peer, Cloud Computing, Dynamic DNS, RESTful Web Services, as well as security and interoperability standards, with the aim of promoting a secure, collaborative asynchronous environment. The developed model is currently being used on an experimental basis, providing teleradiology support to cities in the north-eastern hinterland of Brazil, and is fulfilling all expectations.

Information Assurance and Forensic Readiness

NASA Astrophysics Data System (ADS)

Pangalos, Georgios; Katos, Vasilios

Egalitarianism and justice are amongst the core attributes of a democratic regime and should be also secured in an e-democratic setting. As such, the rise of computer related offenses pose a threat to the fundamental aspects of e-democracy and e-governance. Digital forensics are a key component for protecting and enabling the underlying (e-)democratic values and therefore forensic readiness should be considered in an e-democratic setting. This position paper commences from the observation that the density of compliance and potential litigation activities is monotonically increasing in modern organizations, as rules, legislative regulations and policies are being constantly added to the corporate environment. Forensic practices seem to be departing from the niche of law enforcement and are becoming a business function and infrastructural component, posing new challenges to the security professionals. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, we advocate that computer forensics need to be applied to all investigatory, monitoring and auditing activities. This would result into an inflation of the responsibilities of the Information Security Officer. After exploring some commonalities and differences between IS audit and computer forensics, we present a list of strategic challenges the organization and, in effect, the IS security and audit practitioner will face.

A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks.

PubMed

Sittig, Dean F; Singh, Hardeep

2016-01-01

Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user's computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.

A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks

PubMed Central

Singh, Hardeep

2016-01-01

Summary Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user’s computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users. PMID:27437066

reCAPTCHA: human-based character recognition via Web security measures.

PubMed

von Ahn, Luis; Maurer, Benjamin; McMillen, Colin; Abraham, David; Blum, Manuel

2008-09-12

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are widespread security measures on the World Wide Web that prevent automated programs from abusing online services. They do so by asking humans to perform a task that computers cannot yet perform, such as deciphering distorted characters. Our research explored whether such human effort can be channeled into a useful purpose: helping to digitize old printed material by asking users to decipher scanned words from books that computerized optical character recognition failed to recognize. We showed that this method can transcribe text with a word accuracy exceeding 99%, matching the guarantee of professional human transcribers. Our apparatus is deployed in more than 40,000 Web sites and has transcribed over 440 million words.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

Promoting Continuing Computer Science Education through a Massively Open Online Course

ERIC Educational Resources Information Center

Oliver, Kevin

2016-01-01

This paper presents the results of a comparison study between graduate students taking a software security course at an American university and international working professionals taking a version of the same course online through a free massive open online course (MOOC) created in the Google CourseBuilder learning environment. A goal of the study…

Cyber-Security Concerns Mount as Student Hacking Hits Schools: Districts Straining to Safeguard Online Networks

ERIC Educational Resources Information Center

Borja, Rhea R.

2006-01-01

While schools rightly fear break-ins to their computer systems by professional criminals, students are increasingly giving educators almost as much to worry about. Reports of students' gaining access to school networks to change grades, delete teachers' files, or steal data are becoming more common, experts say, and many districts remain highly…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

A biometric method to secure telemedicine systems.

PubMed

Zhang, G H; Poon, Carmen C Y; Li, Ye; Zhang, Y T

2009-01-01

Security and privacy are among the most crucial issues for data transmission in telemedicine systems. This paper proposes a solution for securing wireless data transmission in telemedicine systems, i.e. within a body sensor network (BSN), between the BSN and server as well as between the server and professionals who have assess to the server. A unique feature of this solution is the generation of random keys by physiological data (i.e. a biometric approach) for securing communication at all 3 levels. In the performance analysis, inter-pulse interval of photoplethysmogram is used as an example to generate these biometric keys to protect wireless data transmission. The results of statistical analysis and computational complexity suggest that this type of key is random enough to make telemedicine systems resistant to attacks.

A Methodology for Dynamic Security Risk Quantification and Optimal Resource Allocation of Security Assets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brigantic, Robert T.; Betzsold, Nick J.; Bakker, Craig KR

In this presentation we overview a methodology for dynamic security risk quantification and optimal resource allocation of security assets for high profile venues. This methodology is especially applicable to venues that require security screening operations such as mass transit (e.g., train or airport terminals), critical infrastructure protection (e.g., government buildings), and largescale public events (e.g., concerts or professional sports). The method starts by decomposing the three core components of risk -- threat, vulnerability, and consequence -- into their various subcomponents. For instance, vulnerability can be decomposed into availability, accessibility, organic security, and target hardness and each of these can bemore » evaluated against the potential threats of interest for the given venue. Once evaluated, these subcomponents are rolled back up to compute the specific value for the vulnerability core risk component. Likewise, the same is done for consequence and threat, and then risk is computed as the product of these three components. A key aspect of our methodology is dynamically quantifying risk. That is, we incorporate the ability to uniquely allow the subcomponents and core components, and in turn, risk, to be quantified as a continuous function of time throughout the day, week, month, or year as appropriate.« less

Securing health sensing using integrated circuit metric.

PubMed

Tahir, Ruhma; Tahir, Hasan; McDonald-Maier, Klaus

2015-10-20

Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric) that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware "fingerprints". The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner.

Securing Health Sensing Using Integrated Circuit Metric

PubMed Central

Tahir, Ruhma; Tahir, Hasan; McDonald-Maier, Klaus

2015-01-01

Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric) that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware “fingerprints”. The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner. PMID:26492250

6 CFR 9.15 - Professional and technical services.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Professional and technical services. 9.15 Section 9.15 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY RESTRICTIONS UPON LOBBYING Activities by Own Employees § 9.15 Professional and technical services. (a) The prohibition on the...

6 CFR 9.23 - Professional and technical services.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Professional and technical services. 9.23 Section 9.23 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY RESTRICTIONS UPON LOBBYING Activities by Other than Own Employees § 9.23 Professional and technical services. (a) The...

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals. Job Profiles

DOE Office of Scientific and Technical Information (OSTI.GOV)

O'Neil, Lori Ross; Conway, T. J.; Tobey, D. H.

The Secure Power Systems Professional Phase III final report was released last year which an appendix of Job Profiles. This new report is that appendix broken out as a standalone document to assist utilities in recruiting and developing Secure Power Systems Professionals at their site.

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

The Training Deficiency in Corporate America: Training Security Professionals to Protect Sensitive Information

ERIC Educational Resources Information Center

Johnson, Kenneth T.

2017-01-01

Increased internal and external training approaches are elements senior leaders need to know before creating a training plan for security professionals to protect sensitive information. The purpose of this qualitative case study was to explore training strategies telecommunication industry leaders use to ensure security professionals can protect…

Erosion of Digital Professionalism During Medical Students' Core Clinical Clerkships.

PubMed

Mostaghimi, Arash; Olszewski, Aleksandra E; Bell, Sigall K; Roberts, David H; Crotty, Bradley H

2017-05-03

The increased use of social media, cloud computing, and mobile devices has led to the emergence of guidelines and novel teaching efforts to guide students toward the appropriate use of technology. Despite this, violations of professional conduct are common. We sought to explore professional behaviors specific to appropriate use of technology by looking at changes in third-year medical students' attitudes and behaviors at the beginning and conclusion of their clinical clerkships. After formal teaching about digital professionalism, we administered a survey to medical students that described 35 technology-related behaviors and queried students about professionalism of the behavior (on a 5-point Likert scale), observation of others engaging in the behavior (yes or no), as well as personal participation in the behavior (yes or no). Students were resurveyed at the end of the academic year. Over the year, perceptions of what is considered acceptable behavior regarding privacy, data security, communications, and social media boundaries changed, despite formal teaching sessions to reinforce professional behavior. Furthermore, medical students who observed unprofessional behaviors were more likely to participate in such behaviors. Although technology is a useful tool to enhance teaching and learning, our results reflect an erosion of professionalism related to information security that occurred despite medical school and hospital-based teaching sessions to promote digital professionalism. True alteration of trainee behavior will require a cultural shift that includes continual education, better role models, and frequent reminders for faculty, house staff, students, and staff. ©Arash Mostaghimi, Aleksandra E Olszewski, Sigall K Bell, David H Roberts, Bradley H Crotty. Originally published in JMIR Medical Education (http://mededu.jmir.org), 03.05.2017.

Cyber Security and Reliability in a Digital Cloud

DTIC Science & Technology

2013-01-01

a higher utilization of servers, lower professional support staff needs, economies of scale for the physical facility, and the flexibility to locate...as  a  system,  the  DoD  can  achieve  the  economies  of scale typically associated with large data centers.  Recommendation 3: The DoD CIO and DISA...providers will help set  standards for secure cloud computing across the  economy .  Recommendation 7: The DoD CIO and DISA should participate in the

[Information security in health care].

PubMed

Ködmön, József; Csajbók, Zoltán Ernő

2015-07-05

Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles

DOE Office of Scientific and Technical Information (OSTI.GOV)

O'Neil, Lori Ross; Conway, T. J.; Tobey, D. H.

The Secure Power Systems Professional Phase III final report was released last year which an appendix of Behavioral Interview Guidelines by Job Roles. This new report is that appendix broken out as a standalone document to assist utilities in recruiting and developing Secure Power Systems Professionals at their site.

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals. Individual and Team Performance Guidelines

DOE Office of Scientific and Technical Information (OSTI.GOV)

O'Neil, Lori Ross; Conway, T. J.; Tobey, D. H.

The Secure Power Systems Professional Phase III final report was released last year which an appendix of Individual and Team Performance Guidelines. This new report is that appendix broken out as a standalone document to assist utilities in recruiting and developing Secure Power Systems Professionals at their site.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

PubMed

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

A cloud computing based platform for sleep behavior and chronic diseases collaborative research.

PubMed

Kuo, Mu-Hsing; Borycki, Elizabeth; Kushniruk, Andre; Huang, Yueh-Min; Hung, Shu-Hui

2014-01-01

The objective of this study is to propose a Cloud Computing based platform for sleep behavior and chronic disease collaborative research. The platform consists of two main components: (1) a sensing bed sheet with textile sensors to automatically record patient's sleep behaviors and vital signs, and (2) a service-oriented cloud computing architecture (SOCCA) that provides a data repository and allows for sharing and analysis of collected data. Also, we describe our systematic approach to implementing the SOCCA. We believe that the new cloud-based platform can provide nurse and other health professional researchers located in differing geographic locations with a cost effective, flexible, secure and privacy-preserved research environment.

Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W J; Krystosek, P; Smith, J

2002-11-27

With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does notmore » consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these items do not take a lot of work, but require an awareness of the risks involved in not doing them or doing them incorrectly. The security of home networks and communications with company networks can be significantly improved by adding an appropriate software or hardware firewall to the home network and using a protected protocol such as Secure Sockets Layer (SSL), a Virtual Private Network (VPN), or Secure Shell (SSH) for connecting to the company network.« less

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

An efficient and secure certificateless authentication protocol for healthcare system on wireless medical sensor networks.

PubMed

Guo, Rui; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua

2013-01-01

Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient's condition to health professional's hand-held devices in time. The patient's physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient's privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks.

An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Medical Sensor Networks

PubMed Central

Guo, Rui; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua

2013-01-01

Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient's condition to health professional's hand-held devices in time. The patient's physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient's privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks. PMID:23710147

Supervisory Control and Data Acquisition (SCADA) Security Awareness In a Resource Constrained Learning Environment

DTIC Science & Technology

2014-06-16

SCADA systems. These professionals should be aware of the vulnerabilities so they can take intelligent precautions to mitigate attacks. SCADA...vulnerabilities • Describe mitigation options for protecting a system from SCADA attacks For students that go on to pursue a degree in Computer...from SCADA attacks For students who do not remain in the IT realm, this introduction provides an awareness to help them mitigate threats for their

Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

ERIC Educational Resources Information Center

Kassa, Woldeloul

2016-01-01

Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

Ways to Improve DoD 8570 IY Security Certification

ERIC Educational Resources Information Center

Bates, Justin D.

2017-01-01

The goal of this research was to discover a list of changes that can be applied to IT security certifications to enhance the day-to-day capabilities of IT security professionals. Background: IT security professionals are often required to obtain certifications that do not adequately prepare them for the full scope of work that will be necessary…

2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference

DTIC Science & Technology

2017-11-15

beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and

A Fault Tolerant Self-Routing Computer Network Topology

DTIC Science & Technology

1987-01-01

Herr and Thomas J. Plevyak, *ISDN: The Opportunity Beginso, IEEECommunicationsMaqaz I t, pp. 6-10, November 1986. 5. Mario Gerla and Rodolfo A . Pazos ...WOLAVER a Dean for Research anProfessional Development Air Force Institute Bf Technology Wright-Patterson AFB OH 45433-6583 19. KEY WORDS (Continue...DD I 1473 EDITION OF I NOV 65 IS OBSOLETE UM!C[ASSIFIEy SECURITY CLASSIFICATION OF THIS PAGE (When Data Entered) 41 ,." 5.’ A Fault Tolerant Self

Security Attacks and Solutions in Electronic Health (E-health) Systems.

PubMed

Zeadally, Sherali; Isaac, Jesús Téllez; Baig, Zubair

2016-12-01

For centuries, healthcare has been a basic service provided by many governments to their citizens. Over the past few decades, we have witnessed a significant transformation in the quality of healthcare services provided by healthcare organizations and professionals. Recent advances have led to the emergence of Electronic Health (E-health), largely made possible by the massive deployment and adoption of information and communication technologies (ICTs). However, cybercriminals and attackers are exploiting vulnerabilities associated primarily with ICTs, causing data breaches of patients' confidential digital health information records. Here, we review recent security attacks reported for E-healthcare and discuss the solutions proposed to mitigate them. We also identify security challenges that must be addressed by E-health system designers and implementers in the future, to respond to threats that could arise as E-health systems become integrated with technologies such as cloud computing, the Internet of Things, and smart cities.

A secure EHR system based on hybrid clouds.

PubMed

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

Uncover the Cloud for Geospatial Sciences and Applications to Adopt Cloud Computing

NASA Astrophysics Data System (ADS)

Yang, C.; Huang, Q.; Xia, J.; Liu, K.; Li, J.; Xu, C.; Sun, M.; Bambacus, M.; Xu, Y.; Fay, D.

2012-12-01

Cloud computing is emerging as the future infrastructure for providing computing resources to support and enable scientific research, engineering development, and application construction, as well as work force education. On the other hand, there is a lot of doubt about the readiness of cloud computing to support a variety of scientific research, development and educations. This research is a project funded by NASA SMD to investigate through holistic studies how ready is the cloud computing to support geosciences. Four applications with different computing characteristics including data, computing, concurrent, and spatiotemporal intensities are taken to test the readiness of cloud computing to support geosciences. Three popular and representative cloud platforms including Amazon EC2, Microsoft Azure, and NASA Nebula as well as a traditional cluster are utilized in the study. Results illustrates that cloud is ready to some degree but more research needs to be done to fully implemented the cloud benefit as advertised by many vendors and defined by NIST. Specifically, 1) most cloud platform could help stand up new computing instances, a new computer, in a few minutes as envisioned, therefore, is ready to support most computing needs in an on demand fashion; 2) the load balance and elasticity, a defining characteristic, is ready in some cloud platforms, such as Amazon EC2, to support bigger jobs, e.g., needs response in minutes, while some are not ready to support the elasticity and load balance well. All cloud platform needs further research and development to support real time application at subminute level; 3) the user interface and functionality of cloud platforms vary a lot and some of them are very professional and well supported/documented, such as Amazon EC2, some of them needs significant improvement for the general public to adopt cloud computing without professional training or knowledge about computing infrastructure; 4) the security is a big concern in cloud computing platform, with the sharing spirit of cloud computing, it is very hard to ensure higher level security, except a private cloud is built for a specific organization without public access, public cloud platform does not support FISMA medium level yet and may never be able to support FISMA high level; 5) HPC jobs needs of cloud computing is not well supported and only Amazon EC2 supports this well. The research is being taken by NASA and other agencies to consider cloud computing adoption. We hope the publication of the research would also benefit the public to adopt cloud computing.

Patient and health care professional views and experiences of computer agent-supported health care.

PubMed

Neville, Ron G; Greene, Alexandra C; Lewis, Sue

2006-01-01

To explore patient and health care professional (HCP) views towards the use of multi-agent computer systems in their GP practice. Qualitative analysis of in-depth interviews and analysis of transcriptions. Urban health centre in Dundee, Scotland. Five representative healthcare professionals and 11 patients. Emergent themes from interviews revealed participants' attitudes and beliefs, which were coded and indexed. Patients and HCPs had similar beliefs, attitudes and views towards the implementation of multi-agent systems (MAS). Both felt modern communication methods were useful to supplement, not supplant, face-to-face consultations between doctors and patients. This was based on the immense trust these patients placed in their doctors in this practice, which extended to trust in their choice of communication technology and security. Rapid access to medical information increased patients' sense of shared partnership and self-efficacy. Patients and HCPs expressed respect for each other's time and were keen to embrace technology that made interactions more efficient, including for the altruistic benefit of others less technically competent. Patients and HCPs welcomed the introduction of agent technology to the delivery of health care. Widespread use will depend more on the trust patients place in their own GP than on technological issues.

You Should Be the Specialist! Weak Mental Rotation Performance in Aviation Security Screeners - Reduced Performance Level in Aviation Security with No Gender Effect.

PubMed

Krüger, Jenny K; Suchan, Boris

2016-01-01

Aviation security screeners analyze a large number of X-ray images per day and seem to be experts in mentally rotating diverse kinds of visual objects. A robust gender-effect that men outperform women in the Vandenberg & Kuse mental rotation task has been well documented over the last years. In addition it has been shown that training can positively influence the overall task-performance. Considering this, the aim of the present study was to investigate whether security screeners show better performance in the Mental Rotation Test (MRT) independently of gender. Forty-seven security screeners of both sexes from two German airports were examined with a computer based MRT. Their performance was compared to a large sample of control subjects. The well-known gender-effect favoring men on mental rotation was significant within the control group. However, the security screeners did not show any sex differences suggesting an effect of training and professional performance. Surprisingly this specialized group showed a lower level of overall MRT performance than the control participants. Possible aviation related influences such as secondary effects of work-shift or expertise which can cumulatively cause this result are discussed.

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

Rural New Zealand health professionals' perceived barriers to greater use of the internet for learning.

PubMed

Janes, Ron; Arroll, Bruce; Buetow, Stephen; Coster, Gregor; McCormick, Ross; Hague, Iain

2005-01-01

The purpose of this research was to investigate rural North Island (New Zealand) health professionals' attitudes and perceived barriers to using the internet for ongoing professional learning. A cross-sectional postal survey of all rural North Island GPs, practice nurses and pharmacists was conducted in mid-2003. The questionnaire contained both quantitative and qualitative questions. The transcripts from two open questions requiring written answers were analysed for emergent themes, which are reported here. The first open question asked: 'Do you have any comments on the questionnaire, learning, computers or the Internet?' The second open question asked those who had taken a distance-learning course using the internet to list positive and negative aspects of their course, and suggest improvements. Out of 735 rural North Island health professionals surveyed, 430 returned useable questionnaires (a response rate of 59%). Of these, 137 answered the question asking for comments on learning, computers and the internet. Twenty-eight individuals who had completed a distance-learning course using the internet, provided written responses to the second question. Multiple barriers to greater use of the internet were identified. They included lack of access to computers, poor availability of broadband (fast) internet access, lack of IT skills/knowledge, lack of time, concerns about IT costs and database security, difficulty finding quality information, lack of time, energy or motivation to learn new skills, competing priorities (eg family), and a preference for learning modalities which include more social interaction. Individuals also stated that rural health professionals needed to engage the technology, because it provided rapid, flexible access from home or work to a significant health information resource, and would save money and travelling time to urban-based education. In mid-2003, there were multiple barriers to rural North Island health professionals making greater use of the internet for learning. Now that access to broadband internet is available in all rural towns in New Zealand, there is a clear need to address the other identified barriers, especially the self-reported lack of IT skills, which are preventing many in the rural health workforce from gaining maximum advantage from both computers and the internet.

A pilot study on the views of elderly regional Australians of personally controlled electronic health records.

PubMed

Kerai, Paresh; Wood, Pene; Martin, Mary

2014-03-01

Australia introduced its version of personal health records in July 2012. Success of the personally controlled electronic health record (PCEHR) relies on acceptance during the early stages. The main aim of this study was to investigate the views of a sample of elderly people in a non-metropolitan region in Australia on the PCEHR, and to assess their acceptance levels of this concept. A self-administered questionnaire was distributed to a non-probability convenience sample of respondents recruited from meetings of Probus, a community club for active business and professional retirees. Approximately three-quarters of the respondents had computer and Internet access at home. If not accessed at home a computer at a general practitioner's practice was seen as beneficial in accessing the PCEHR. Respondents felt that access to their health record would help them make decisions about their own health and improve their communication with healthcare providers. The majority of respondents were in favour of the PCEHR although some expressed concerns about the security of their PCEHR. There was mixed opinion surrounding the access by health professionals to an individual's PCEHR. This study has revealed important information about views of the PCEHR. While the respondents were generally in favour of the concept, there were still some concerns about the security of the PCEHR suggesting further reassurance may be required. The study also highlighted some measures, in particular provision of General Practitioner computer access points and print-out facilities that may need to be considered during these initial implementation stages in order to improve adoption rates once the technology is fully available. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

Improving Radiation Awareness and Feeling of Personal Security of Non-Radiological Medical Staff by Implementing a Traffic Light System in Computed Tomography.

PubMed

Heilmaier, C; Mayor, A; Zuber, N; Fodor, P; Weishaupt, D

2016-03-01

Non-radiological medical professionals often need to remain in the scanning room during computed tomography (CT) examinations to supervise patients in critical condition. Independent of protective devices, their position significantly influences the radiation dose they receive. The purpose of this study was to assess if a traffic light system indicating areas of different radiation exposure improves non-radiological medical staff's radiation awareness and feeling of personal security. Phantom measurements were performed to define areas of different dose rates and colored stickers were applied on the floor according to a traffic light system: green = lowest, orange = intermediate, and red = highest possible radiation exposure. Non-radiological medical professionals with different years of working experience evaluated the system using a structured questionnaire. Kruskal-Wallis and Spearman's correlation test were applied for statistical analysis. Fifty-six subjects (30 physicians, 26 nursing staff) took part in this prospective study. Overall rating of the system was very good, and almost all professionals tried to stand in the green stickers during the scan. The system significantly increased radiation awareness and feeling of personal protection particularly in staff with ≤ 5 years of working experience (p < 0.05). The majority of non-radiological medical professionals stated that staying in the green stickers and patient care would be compatible. Knowledge of radiation protection was poor in all groups, especially among entry-level employees (p < 0.05). A traffic light system in the CT scanning room indicating areas with lowest, intermediate, and highest possible radiation exposure is much appreciated. It increases radiation awareness, improves the sense of personal radiation protection, and may support endeavors to lower occupational radiation exposure, although the best radiation protection always is to re-main outside the CT room during the scan. • A traffic light system indicating areas with different radiation exposure within the computed tomography scanner room is much appreciated by non-radiological medical staff. • The traffic light system increases non-radiological medical staff's radiation awareness and feeling of personal protection. • Knowledge on radiation protection was poor in non-radiological medical staff, especially in those with few working experience. © Georg Thieme Verlag KG Stuttgart · New York.

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs—Summary Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

O'Neil, Lori Ross; Assante, Michael; Tobey, D. H.

2013-07-01

This document is a summarization of the report, Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs, the final report for phase 2 of the SPSP (DOE workforce study) project.

Analysis of Security Protocols for Mobile Healthcare.

PubMed

Wazid, Mohammad; Zeadally, Sherali; Das, Ashok Kumar; Odelu, Vanga

2016-11-01

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient's health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

You Should Be the Specialist! Weak Mental Rotation Performance in Aviation Security Screeners – Reduced Performance Level in Aviation Security with No Gender Effect

PubMed Central

Krüger, Jenny K.; Suchan, Boris

2016-01-01

Aviation security screeners analyze a large number of X-ray images per day and seem to be experts in mentally rotating diverse kinds of visual objects. A robust gender-effect that men outperform women in the Vandenberg & Kuse mental rotation task has been well documented over the last years. In addition it has been shown that training can positively influence the overall task-performance. Considering this, the aim of the present study was to investigate whether security screeners show better performance in the Mental Rotation Test (MRT) independently of gender. Forty-seven security screeners of both sexes from two German airports were examined with a computer based MRT. Their performance was compared to a large sample of control subjects. The well-known gender-effect favoring men on mental rotation was significant within the control group. However, the security screeners did not show any sex differences suggesting an effect of training and professional performance. Surprisingly this specialized group showed a lower level of overall MRT performance than the control participants. Possible aviation related influences such as secondary effects of work-shift or expertise which can cumulatively cause this result are discussed. PMID:27014142

Between security and military identities: The case of Israeli security experts.

PubMed

Grassiani, Erella

2018-02-01

The relationship between private security professionals and the military in Israel is complex. While there is growing attention to the fact that security and military actors and their activities are becoming increasingly blurred, the Israeli case shows something different. In this ground-up analysis of the relationship between private security practices and the military, I investigate its constant negotiation by private security professionals through their identification with and differentiation from the military, whereby they reconfigure the meaning of military capital. This identity work should be understood, I propose, within the strongly militarist context of Israeli society, where military capital is highly valued. I argue that actors who exit the military system feel the need to demonstrate the added value of their work in the private sector in order for it to gain value in the light of the symbolic capital given to the military. I analyse these processes as leading to a new kind of militarism, which includes security skills and ideas about professionalism. Such an approach sheds new light on the ways in which security actors can actively reconfigure the workings of military capital in and outside the nation-state and produce a different kind of militarism.

Between security and military identities: The case of Israeli security experts

PubMed Central

Grassiani, Erella

2018-01-01

The relationship between private security professionals and the military in Israel is complex. While there is growing attention to the fact that security and military actors and their activities are becoming increasingly blurred, the Israeli case shows something different. In this ground-up analysis of the relationship between private security practices and the military, I investigate its constant negotiation by private security professionals through their identification with and differentiation from the military, whereby they reconfigure the meaning of military capital. This identity work should be understood, I propose, within the strongly militarist context of Israeli society, where military capital is highly valued. I argue that actors who exit the military system feel the need to demonstrate the added value of their work in the private sector in order for it to gain value in the light of the symbolic capital given to the military. I analyse these processes as leading to a new kind of militarism, which includes security skills and ideas about professionalism. Such an approach sheds new light on the ways in which security actors can actively reconfigure the workings of military capital in and outside the nation-state and produce a different kind of militarism. PMID:29416228

Role of the U.S. Military in the Professionalization of the Armed Forces of Liberia

DTIC Science & Technology

2015-06-12

professionalizing the AFL. The GEF states, “Partner nations provide for their own security, contribute effectively to broader regional or global security...facilitates the development of important professional and personal relationships that effectively strengthen military alliances and the international...Forces of Liberia (AFL) presents a developing opportunity to contribute to the broader U.S. interests. However, in order to ensure stability within

Bringing the medical library to the office desktop.

PubMed

Brown, S R; Decker, G; Pletzke, C J

1991-01-01

This demonstration illustrates LRC Remote Computer Services- a dual operating system, multi-protocol system for delivering medical library services to the medical professional's desktop. A working model draws resources from CD-ROM and magnetic media file services, Novell and AppleTalk network protocol suites and gating, LAN and asynchronous (dial-in) access strategies, commercial applications for MS-DOS and Macintosh workstations and custom user interfaces. The demonstration includes a discussion of issues relevant to the delivery of said services, particularly with respect to maintenance, security, training/support, staffing, software licensing and costs.

Commitment to nursing: results of a qualitative interview study.

PubMed

Gould, Dinah; Fontenla, Marina

2006-04-01

The aims of the study were to explore opportunities to undergo continuing professional education, family friendly policy and holding an innovative or traditional post on nurses' job satisfaction and professional and organizational commitment. Qualified nurses have become a scare resource in the National Health Service. Managers need to be aware of the work-related factors most likely to secure nurses' professional and organizational commitment which will contribute to the retention. Commitment is thought to be increased if opportunities for continuing professional education are good. Family friendly policy is also important. Less is known about the relationship between type of nursing work and commitment. An in-depth, exploratory approach to data collection were taken, employing an interview guide with open-ended questions. Data were collected with 27 nurses in clinical grades in two contrasting trusts. Family friendly policies emerged as most important in securing nursing commitment. Those in innovative posts whose work entailed social hours and greater professional autonomy also displayed greater levels of job satisfaction. Opportunities for continuing professional education had less influence on professional and organizational commitment. Providing flexible or social working hours appears to be more influential than providing opportunities for continuing professional education in securing nursing commitment in this exploratory study.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Is emergency management an integrated element of business continuity management? A case study with security professionals in Western Australia.

PubMed

Frohde, Kenny; Brooks, David J

Emergency management (EM) and business continuity management (BCM) frameworks incorporate various strategic and operational measures. Defined within a number of national and international standards and guidelines, such concepts may be integrated within one another to provide increased resilience to disruptive events. Nevertheless, there is a degree of dispute regarding concept integration among security and EM professionals and bodies of knowledge. In line with cognitive psychology exemplar-based concepts, such disputes may be associated with a lack of precision in communality in the approach to EM and BCM. This paper presents a two-stage study, where stage 1 critiqued national and international literature and stage 2 applied semi-structured interviews with security managers in Western Australia. Findings indicate the existence of contradictory views on EM and its integration within BCM. As such, this study concludes that EM is considered a vital component of BCM by the majority of security managers. However, there is broader dispute regarding its degree of integration. Understanding the underpinnings of such disputes will aid in raising the standards and application of professionalism within security, EM and BCM domains, supporting clarification and definition of professional boundaries.

Security auditing: a prescription for keeping protection programs healthy.

PubMed

Luizzo, Anthony

2010-01-01

The different aspects of security auditing and the role of the security auditor is explained in detail by the author in this primer for security professionals with specific advice on what should be included in a security audit report.

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

2015 Stewardship Science Academic Programs Annual

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stone, Terri; Mischo, Millicent

The Stockpile Stewardship Academic Programs (SSAP) are essential to maintaining a pipeline of professionals to support the technical capabilities that reside at the National Nuclear Security Administration (NNSA) national laboratories, sites, and plants. Since 1992, the United States has observed the moratorium on nuclear testing while significantly decreasing the nuclear arsenal. To accomplish this without nuclear testing, NNSA and its laboratories developed a science-based Stockpile Stewardship Program to maintain and enhance the experimental and computational tools required to ensure the continued safety, security, and reliability of the stockpile. NNSA launched its academic program portfolio more than a decade ago tomore » engage students skilled in specific technical areas of relevance to stockpile stewardship. The success of this program is reflected by the large number of SSAP students choosing to begin their careers at NNSA national laboratories.« less

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Graduate Research Assistant Program for Professional Development at Oak Ridge National Laboratory (ORNL) Global Nuclear Security Technology Division (GNSTD)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eipeldauer, Mary D; Shelander Jr, Bruce R

2012-01-01

The southeast is a highly suitable environment for establishing a series of nuclear safety, security and safeguards 'professional development' courses. Oak Ridge National Laboratory (ORNL) provides expertise in the research component of these subjects while the Y-12 Nuclear Security Complex handles safeguards/security and safety applications. Several universities (i.e., University of Tennessee, Knoxville (UTK), North Carolina State University, University of Michigan, and Georgia Technology Institute) in the region, which offer nuclear engineering and public policy administration programs, and the Howard Baker Center for Public Policy make this an ideal environment for learning. More recently, the Institute for Nuclear Security (INS) wasmore » established between ORNL, Y-12, UTK and Oak Ridge Associate Universities (ORAU), with a focus on five principal areas. These areas include policy, law, and diplomacy; education and training; science and technology; operational and intelligence capability building; and real-world missions and applications. This is a new approach that includes professional development within the graduate research assistant program addressing global needs in nuclear security, safety and safeguards.« less

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Computation Directorate Annual Report 2003

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crawford, D L; McGraw, J R; Ashby, S F

Big computers are icons: symbols of the culture, and of the larger computing infrastructure that exists at Lawrence Livermore. Through the collective effort of Laboratory personnel, they enable scientific discovery and engineering development on an unprecedented scale. For more than three decades, the Computation Directorate has supplied the big computers that enable the science necessary for Laboratory missions and programs. Livermore supercomputing is uniquely mission driven. The high-fidelity weapon simulation capabilities essential to the Stockpile Stewardship Program compel major advances in weapons codes and science, compute power, and computational infrastructure. Computation's activities align with this vital mission of the Departmentmore » of Energy. Increasingly, non-weapons Laboratory programs also rely on computer simulation. World-class achievements have been accomplished by LLNL specialists working in multi-disciplinary research and development teams. In these teams, Computation personnel employ a wide array of skills, from desktop support expertise, to complex applications development, to advanced research. Computation's skilled professionals make the Directorate the success that it has become. These individuals know the importance of the work they do and the many ways it contributes to Laboratory missions. They make appropriate and timely decisions that move the entire organization forward. They make Computation a leader in helping LLNL achieve its programmatic milestones. I dedicate this inaugural Annual Report to the people of Computation in recognition of their continuing contributions. I am proud that we perform our work securely and safely. Despite increased cyber attacks on our computing infrastructure from the Internet, advanced cyber security practices ensure that our computing environment remains secure. Through Integrated Safety Management (ISM) and diligent oversight, we address safety issues promptly and aggressively. The safety of our employees, whether at work or at home, is a paramount concern. Even as the Directorate meets today's supercomputing requirements, we are preparing for the future. We are investigating open-source cluster technology, the basis of our highly successful Mulitprogrammatic Capability Resource (MCR). Several breakthrough discoveries have resulted from MCR calculations coupled with theory and experiment, prompting Laboratory scientists to demand ever-greater capacity and capability. This demand is being met by a new 23-TF system, Thunder, with architecture modeled on MCR. In preparation for the ''after-next'' computer, we are researching technology even farther out on the horizon--cell-based computers. Assuming that the funding and the technology hold, we will acquire the cell-based machine BlueGene/L within the next 12 months.« less

[Early prenatal interview: implementation of a sheet link "carried" by patient. The Aurore perinatal network experience].

PubMed

Dupont, C; Gonnaud, F; Touzet, S; Luciani, F; Perié, M-A; Molenat, F; Evrard, A; Fernandez, M-P; Roy, J; Rudigoz, R-C

2008-11-01

Early prenatal interview has needed the implementation of a new communication tool between follow-up pregnancy professionals: a link sheet filled and carried by patients. To assess the utilization of link sheet by trained professionals, the contribution of the interview and the patient acceptation of the link sheet. Descriptive survey from the database of link sheets returned by professionals to Aurore perinatal network and semi-guided interviews with 100 randomized patients. One thousand one hundred and nineteen link sheets were sent to Aurore perinatal network by 55 professionals out of 78 trained. For primipare, precocious prenatal interview contribution has concerned health care security (60%) and emotional security (56%). For multipare, this contribution has concerned mainly emotional security (80%). No interviewed patient has refused link sheet principle. Link sheet principle, like implemented by Aurore perinatal network, seems pertinent to professionals and patients but it constitutes only one of the elements of network elaboration of personalized care.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Secure Multiparty Quantum Computation for Summation and Multiplication.

PubMed

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Secure Multiparty Quantum Computation for Summation and Multiplication

PubMed Central

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-01

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics. PMID:26792197

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

Ethical Hacking in Information Security Curricula

ERIC Educational Resources Information Center

Trabelsi, Zouheir; McCoey, Margaret

2016-01-01

Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

SEED: A Suite of Instructional Laboratories for Computer Security Education

ERIC Educational Resources Information Center

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

48 CFR 952.204-77 - Computer security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

Fiscal Year 2014 Annual Report on BNLs Next Generation Safeguards Initiative Human Capital Development Activities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pepper, Susan E.

2014-10-10

Brookhaven National Laboratory’s (BNL’s) Nonproliferation and National Security Department contributes to the National Nuclear Security Administration Office of Nonproliferation and International Security Next Generation Safeguards Initiative (NGSI) through university engagement, safeguards internships, safeguards courses, professional development, recruitment, and other activities aimed at ensuring the next generation of international safeguards professionals is adequately prepared to support the U.S. safeguards mission. This report is a summary of BNL s work under the NGSI program in Fiscal Year 2014.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanquist, Thomas F.; Mahy, Heidi A.; Morris, Fred A.

Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used to measure attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis yielded a two factor solution, with the rating scale loading pattern suggesting factors of Perceived Effectiveness and Perceived Intrusiveness. These factors also showed an inverse relationship.more » The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors, which were used to rank the systems in terms of overall acceptability. Difference scores for the rating scales and PCA factors were used to compute a single acceptability value reflecting the relative weight of risks and benefits. Of the 12 systems studied, airport screening, canine detectors and radiation monitoring at borders were found to be relatively acceptable, i.e., the perceived benefits for homeland security outweighed the perceived risks to civil liberties. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies, and can be used to anticipate potentially significant public acceptance issues.« less

Mobile computing acceptance factors in the healthcare industry: a structural equation model.

PubMed

Wu, Jen-Her; Wang, Shu-Ching; Lin, Li-Min

2007-01-01

This paper presents a revised technology acceptance model to examine what determines mobile healthcare systems (MHS) acceptance by healthcare professionals. Conformation factor analysis was performed to test the reliability and validity of the measurement model. The structural equation modeling technique was used to evaluate the causal model. The results indicated that compatibility, perceived usefulness and perceived ease of use significantly affected healthcare professional behavioral intent. MHS self-efficacy had strong indirect impact on healthcare professional behavioral intent through the mediators of perceived usefulness and perceived ease of use. Yet, the hypotheses for technical support and training effects on the perceived usefulness and perceived ease of use were not supported. This paper provides initial insights into factors that are likely to be significant antecedents of planning and implementing mobile healthcare to enhance professionals' MHS acceptance. The proposed model variables explained 70% of the variance in behavioral intention to use MHS; further study is needed to explore extra significant antecedents of new IT/IS acceptance for mobile healthcare. Such as privacy and security issue, system and information quality, limitations of mobile devices; the above may be other interesting factors for implementing mobile healthcare and could be conducted by qualitative research.

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

DTIC Science & Technology

2016-07-14

of the important properties of secure computation . In particular, it is known that full fairness cannot be achieved in the case of two-party com...Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation . In ACM Workshop on Cloud Computing Security (CCSW), pages...Function Evaluation with Applications to Genomic Computation Abstract: Computation based on genomic data is becoming increasingly popular today, be it

Method for transferring data from an unsecured computer to a secured computer

DOEpatents

Nilsen, Curt A.

1997-01-01

A method is described for transferring data from an unsecured computer to a secured computer. The method includes transmitting the data and then receiving the data. Next, the data is retransmitted and rereceived. Then, it is determined if errors were introduced when the data was transmitted by the unsecured computer or received by the secured computer. Similarly, it is determined if errors were introduced when the data was retransmitted by the unsecured computer or rereceived by the secured computer. A warning signal is emitted from a warning device coupled to the secured computer if (i) an error was introduced when the data was transmitted or received, and (ii) an error was introduced when the data was retransmitted or rereceived.

Computer Security Models

DTIC Science & Technology

1984-09-01

Verification Technique for a Class of Security Kernels," International Symposium on Programming , Lecture Notes in Computer Science 137, Springer-Verlag, New York...September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...ABSTRACT The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development

Home Computer and Internet User Security

DTIC Science & Technology

2005-01-01

Information Security Model © 2005 Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security...Carnegie Mellon University (Lawrence R. Rogers, Author) Home Computer and Internet User Security Version 1.0.4 – slide 50 Contact Information Lawrence R. Rogers • Email: cert@cert.org CERT website: http://www.cert.org/ ...U.S. Patent and Trademark Office Home Computer and Internet User Security Report Documentation Page Form ApprovedOMB

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization.

PubMed

He, Ying; Johnson, Chris

2017-12-01

Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Practice improvement, part II: update on patient communication technologies.

PubMed

Roett, Michelle A; Coleman, Mary Thoesen

2013-11-01

Patient portals (ie, secure web-based services for patient health record access) and secure messaging to health care professionals are gaining popularity slowly. Advantages of web portals include timely communication and instruction, access to appointments and other services, and high patient satisfaction. Limitations include inappropriate use, security considerations, organizational costs, and exclusion of patients who are uncomfortable with or unable to use computers. Attention to the organization's strategic plan and office policies, patient and staff expectations, workflow and communication integration, training, marketing, and enrollment can facilitate optimal use of this technology. Other communication technologies that can enhance patient care include automated voice or text reminders and brief electronic communications. Social media provide another method of patient outreach, but privacy and access are concerns. Incorporating telehealthcare (health care provided via telephone or Internet), providing health coaching, and using interactive health communication applications can improve patient knowledge and clinical outcomes and provide social support. Written permission from the American Academy of Family Physicians is required for reproduction of this material in whole or in part in any form or medium.

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Cardiology office computer use: primer, pointers, pitfalls.

PubMed

Shepard, R B; Blum, R I

1986-10-01

An office computer is a utility, like an automobile, with benefits and costs that are both direct and hidden and potential for disaster. For the cardiologist or cardiovascular surgeon, the increasing power and decreasing costs of computer hardware and the availability of software make use of an office computer system an increasingly attractive possibility. Management of office business functions is common; handling and scientific analysis of practice medical information are less common. The cardiologist can also access national medical information systems for literature searches and for interactive further education. Selection and testing of programs and the entire computer system before purchase of computer hardware will reduce the chances of disappointment or serious problems. Personnel pretraining and planning for office information flow and medical information security are necessary. Some cardiologists design their own office systems, buy hardware and software as needed, write programs for themselves and carry out the implementation themselves. For most cardiologists, the better course will be to take advantage of the professional experience of expert advisors. This article provides a starting point from which the practicing cardiologist can approach considering, specifying or implementing an office computer system for business functions and for scientific analysis of practice results.

Storing and using health data in a virtual private cloud.

PubMed

Regola, Nathan; Chawla, Nitesh V

2013-03-13

Electronic health records are being adopted at a rapid rate due to increased funding from the US federal government. Health data provide the opportunity to identify possible improvements in health care delivery by applying data mining and statistical methods to the data and will also enable a wide variety of new applications that will be meaningful to patients and medical professionals. Researchers are often granted access to health care data to assist in the data mining process, but HIPAA regulations mandate comprehensive safeguards to protect the data. Often universities (and presumably other research organizations) have an enterprise information technology infrastructure and a research infrastructure. Unfortunately, both of these infrastructures are generally not appropriate for sensitive research data such as HIPAA, as they require special accommodations on the part of the enterprise information technology (or increased security on the part of the research computing environment). Cloud computing, which is a concept that allows organizations to build complex infrastructures on leased resources, is rapidly evolving to the point that it is possible to build sophisticated network architectures with advanced security capabilities. We present a prototype infrastructure in Amazon's Virtual Private Cloud to allow researchers and practitioners to utilize the data in a HIPAA-compliant environment.

Making Technology Work for Campus Security

ERIC Educational Resources Information Center

Floreno, Jeff; Keil, Brad

2010-01-01

The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Analyzing commercial flight crewmember perceptions' regarding airline security effectiveness, morale, and professionalism

NASA Astrophysics Data System (ADS)

Belanger, James Durham

Since the formation of the Transportation Security Administration (TSA) following the September 11, 2001 terrorist's attacks few studies involving commercial flight crewmember perceptions' of the organization's efficacy have been conducted, nor has there been any research into the effects on crewmember morale and professionalism resulting from their interactions with the TSA. This researcher surveyed 624 flight crewmembers, using a multiple-choice instrument to ascertain both their perceptions of TSA effectiveness involving an array of security issues, in addition to how crewmember interactions with the TSA may have affected their morale and professionalism. A 2-sample t-test measured the difference in the means of pilots and flight attendants regarding the study's scope, as did 2-way ANOVA and Tukey HSD comparisons, which factored in gender. The study found that crewmembers indicated some confidence in the areas of passenger and baggage screening and the Armed Pilot Program, with less confidence regarding ancillary personnel screening, airport perimeter security, and in both crewmember anti-terrorist training and human error issues. Statistical testing indicated varying differences in sample means concerning all study related issues. Finally, crewmembers indicated some effects on morale and professionalism, with a majority indicating a negative effect on both.

Mobile healthcare applications: system design review, critical issues and challenges.

PubMed

Baig, Mirza Mansoor; GholamHosseini, Hamid; Connolly, Martin J

2015-03-01

Mobile phones are becoming increasingly important in monitoring and delivery of healthcare interventions. They are often considered as pocket computers, due to their advanced computing features, enhanced preferences and diverse capabilities. Their sophisticated sensors and complex software applications make the mobile healthcare (m-health) based applications more feasible and innovative. In a number of scenarios user-friendliness, convenience and effectiveness of these systems have been acknowledged by both patients as well as healthcare providers. M-health technology employs advanced concepts and techniques from multidisciplinary fields of electrical engineering, computer science, biomedical engineering and medicine which benefit the innovations of these fields towards healthcare systems. This paper deals with two important aspects of current mobile phone based sensor applications in healthcare. Firstly, critical review of advanced applications such as; vital sign monitoring, blood glucose monitoring and in-built camera based smartphone sensor applications. Secondly, investigating challenges and critical issues related to the use of smartphones in healthcare including; reliability, efficiency, mobile phone platform variability, cost effectiveness, energy usage, user interface, quality of medical data, and security and privacy. It was found that the mobile based applications have been widely developed in recent years with fast growing deployment by healthcare professionals and patients. However, despite the advantages of smartphones in patient monitoring, education, and management there are some critical issues and challenges related to security and privacy of data, acceptability, reliability and cost that need to be addressed.

A Unified Approach to Information Security Compliance

ERIC Educational Resources Information Center

Adler, M. Peter

2006-01-01

The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the…

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

[A guide to good practice for information security in the handling of personal health data by health personnel in ambulatory care facilities].

PubMed

Sánchez-Henarejos, Ana; Fernández-Alemán, José Luis; Toval, Ambrosio; Hernández-Hernández, Isabel; Sánchez-García, Ana Belén; Carrillo de Gea, Juan Manuel

2014-04-01

The appearance of electronic health records has led to the need to strengthen the security of personal health data in order to ensure privacy. Despite the large number of technical security measures and recommendations that exist to protect the security of health data, there is an increase in violations of the privacy of patients' personal data in healthcare organizations, which is in many cases caused by the mistakes or oversights of healthcare professionals. In this paper, we present a guide to good practice for information security in the handling of personal health data by health personnel, drawn from recommendations, regulations and national and international standards. The material presented in this paper can be used in the security audit of health professionals, or as a part of continuing education programs in ambulatory care facilities. Copyright © 2013 Elsevier España, S.L. All rights reserved.

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

7 CFR 1940.336 - Contracting for professional services.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 13 2010-01-01 2009-01-01 true Contracting for professional services. 1940.336... Contracting for professional services. (a) Assistance from outside experts and professionals can be secured... conflict of interest, contractors competing for the work will be required to execute a disclosure statement...

Evolving the Role of Campus Security

ERIC Educational Resources Information Center

May, Vern

2008-01-01

One of the problems security professionals see in security is that there are few benchmarks to quantify the effectiveness of proactive security initiatives. This hurts them with funding support and also with ensuring community buy-in outside of crisis situations. The reactive nature of many institutions makes it difficult to move forward with…

Exploring the Educational Needs of the Homeland Security Community

ERIC Educational Resources Information Center

France, Paul

2012-01-01

This study involved an evaluation of the subjective perspectives held by a panel of 16 homeland security subject matter experts to determine what the needs of the homeland security professional community are for educational programs. The researcher examined the knowledge, skills, and abilities deemed important in homeland security to determine…

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

DTIC Science & Technology

2017-03-02

AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security: Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security: Experimental quantum computation with quantum-encrypted data

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will... conditions under which SSA will disclose Social Security benefit data to OPM via direct computer link. OPM...

Towards Trustable Digital Evidence with PKIDEV: PKI Based Digital Evidence Verification Model

NASA Astrophysics Data System (ADS)

Uzunay, Yusuf; Incebacak, Davut; Bicakci, Kemal

How to Capture and Preserve Digital Evidence Securely? For the investigation and prosecution of criminal activities that involve computers, digital evidence collected in the crime scene has a vital importance. On one side, it is a very challenging task for forensics professionals to collect them without any loss or damage. On the other, there is the second problem of providing the integrity and authenticity in order to achieve legal acceptance in a court of law. By conceiving digital evidence simply as one instance of digital data, it is evident that modern cryptography offers elegant solutions for this second problem. However, to our knowledge, there is not any previous work proposing a systematic model having a holistic view to address all the related security problems in this particular case of digital evidence verification. In this paper, we present PKIDEV (Public Key Infrastructure based Digital Evidence Verification model) as an integrated solution to provide security for the process of capturing and preserving digital evidence. PKIDEV employs, inter alia, cryptographic techniques like digital signatures and secure time-stamping as well as latest technologies such as GPS and EDGE. In our study, we also identify the problems public-key cryptography brings when it is applied to the verification of digital evidence.

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

FAA computer security : recommendations to address continuing weaknesses

DOT National Transportation Integrated Search

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

Implementing an electronic medication overview in Belgium.

PubMed

Storms, Hannelore; Marquet, Kristel; Nelissen, Katherine; Hulshagen, Leen; Lenie, Jan; Remmen, Roy; Claes, Neree

2014-12-16

An accurate medication overview is essential to reduce medication errors. Therefore, it is essential to keep the medication overview up-to-date and to exchange healthcare information between healthcare professionals and patients. Digitally shared information yields possibilities to improve communication. However, implementing a digitally shared medication overview is challenging. This articles describes the development process of a secured, electronic platform designed for exchanging medication information as executed in a pilot study in Belgium, called "Vitalink". The goal of "Vitalink" is to improve the exchange of medication information between professionals working in healthcare and patients in order to achieve a more efficient cooperation and better quality of care. Healthcare professionals of primary and secondary health care and patients of four Belgian regions participated in the project. In each region project groups coordinated implementation and reported back to the steering committee supervising the pilot study. The electronic medication overview was developed based on consensus in the project groups. The steering committee agreed to establish secured and authorized access through the use of electronic identity documents (eID) and a secured, eHealth-platform conform prior governmental regulations regarding privacy and security of healthcare information. A successful implementation of an electronic medication overview strongly depends on the accessibility and usability of the tool for healthcare professionals. Coordinating teams of the project groups concluded, based on their own observations and on problems reported to them, that secured and quick access to medical data needed to be pursued. According to their observations, the identification process using the eHealth platform, crucial to ensure secured data, was very time consuming. Secondly, software packages should meet the needs of their users, thus be adapted to daily activities of healthcare professionals. Moreover, software should be easy to install and run properly. The project would have benefited from a cost analysis executed by the national bodies prior to implementation.

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

Guidelines for Working with Law Enforcement Agencies

ERIC Educational Resources Information Center

Corn, Michael

2007-01-01

Many security professionals choose the career because of an interest in the technology of security. Few realize the degree to which a contemporary security office interacts with law enforcement agencies (LEAs) such as the FBI and state, local, and campus police. As the field of information security has matured, the language of risk management is…

Determination of ISRA Framework Using Delphi Methodology for Small and Midsized Enterprises

ERIC Educational Resources Information Center

Shah, Ashish

2017-01-01

Unfathomable a few decades ago, the velocity of revolution in information technology (IT) security is accelerating. Small and midsized enterprises (SMEs) continue to make IT security a highest priority and foster security controls to safeguard their environments from adverse effects. Information technology security professionals must rely on one…

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

6 CFR 13.27 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Computation of time. 13.27 Section 13.27 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.27 Computation of time. (a) In computing any period of time under this part or in an order issued...

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

The Knowledge Work of Professional Associations: Approaches to Standardisation and Forms of Legitimisation

ERIC Educational Resources Information Center

Nerland, Monika; Karseth, Berit

2015-01-01

This paper examines how professional associations engage themselves in efforts to develop, regulate and secure knowledge in their respective domains, with special emphasis on standardisation. The general emphasis on science in society brings renewed attention to the knowledge base of professionals, and positions professional bodies as key…

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

Job security at isfahan university of medical sciences: implications on employees and types of contracts.

PubMed

Alavi, Seyyed Salman; Alaghemandan, Hamed; Jannatifard, Fereshte

2013-01-01

Medical universities are of those organizations that serve many individuals. As a result, the employees who work at medical universities should have adequate job qualifications and requisite conditions for work. Job security is one of these needed conditions. The current study aims to determine the main components of job security among the employees of Isfahan University of Medical Sciences (IUMS). The study had a cross-sectional design. The sample included 300 employees which were selected from the faculties of IUMS. The sample was recruited using quota sampling. First, demographic and Job security questionnaires were completed by each employee. Then, data was analyzed by descriptive methods and ANOVA in SPSS16. The study results showed that there was no significant difference among five subscales of Job security questionnaire and as a result, job security among the employees of IUMS but there was a significant difference in job security among male and female employees and a significant difference in job security based on type of job contract. Lower rate of job security among female employees with temporary job contracts has professional and psychological implication for both females and IUMS which should be considered in designing professional programs of IUMS.

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

An Innovative Model for Professional Development

ERIC Educational Resources Information Center

McMurray, Sharon; O'Neill, Susan; Thompson, Ross

2016-01-01

This paper considers an innovative model of continuing professional development in addressing the needs of children with literacy difficulties, namely the Special Educational Needs Continuing Professional Development Literacy Project. Stranmillis University College, in partnership with St Mary's University College, Belfast secured £4.06 million…

It takes a village: supporting inquiry- and equity-oriented computer science pedagogy through a professional learning community

NASA Astrophysics Data System (ADS)

Ryoo, Jean; Goode, Joanna; Margolis, Jane

2015-10-01

This article describes the importance that high school computer science teachers place on a teachers' professional learning community designed around an inquiry- and equity-oriented approach for broadening participation in computing. Using grounded theory to analyze four years of teacher surveys and interviews from the Exploring Computer Science (ECS) program in the Los Angeles Unified School District, this article describes how participating in professional development activities purposefully aimed at fostering a teachers' professional learning community helps ECS teachers make the transition to an inquiry-based classroom culture and break professional isolation. This professional learning community also provides experiences that challenge prevalent deficit notions and stereotypes about which students can or cannot excel in computer science.

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

Visualization Tools for Teaching Computer Security

ERIC Educational Resources Information Center

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Professional Computer Education Organizations--A Resource for Administrators.

ERIC Educational Resources Information Center

Ricketts, Dick

Professional computer education organizations serve a valuable function by generating, collecting, and disseminating information concerning the role of the computer in education. This report touches briefly on the reasons for the rapid and successful development of professional computer education organizations. A number of attributes of effective…

New security and privacy laws require basic changes in professional practice

NASA Astrophysics Data System (ADS)

Sykes, David M.

2005-09-01

Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

29 CFR 541.705 - Trainees.

Code of Federal Regulations, 2010 CFR

2010-07-01

... DELIMITING THE EXEMPTIONS FOR EXECUTIVE, ADMINISTRATIVE, PROFESSIONAL, COMPUTER AND OUTSIDE SALES EMPLOYEES... executive, administrative, professional, outside sales or computer employee capacity who are not actually performing the duties of an executive, administrative, professional, outside sales or computer employee. ...

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

Online trust, trustworthiness, or assurance?

PubMed

Cheshire, Coye

2011-01-01

Every day, individuals around the world retrieve, share, and exchange information on the Internet. We interact online to share personal information, find answers to questions, make financial transactions, play social games, and maintain professional and personal relationships. Sometimes our online interactions take place between two or more humans. In other cases, we rely on computers to manage information on our behalf. In each scenario, risk and uncertainty are essential for determining possible actions and outcomes. This essay highlights common deficiencies in our understanding of key concepts such as trust, trustworthiness, cooperation, and assurance in online environments. Empirical evidence from experimental work in computer-mediated environments underscores the promises and perils of overreliance on security and assurance structures as replacements for interpersonal trust. These conceptual distinctions are critical because the future shape of the Internet will depend on whether we build assurance structures to limit and control ambiguity or allow trust to emerge in the presence of risk and uncertainty.

Storing and Using Health Data in a Virtual Private Cloud

PubMed Central

Regola, Nathan

2013-01-01

Electronic health records are being adopted at a rapid rate due to increased funding from the US federal government. Health data provide the opportunity to identify possible improvements in health care delivery by applying data mining and statistical methods to the data and will also enable a wide variety of new applications that will be meaningful to patients and medical professionals. Researchers are often granted access to health care data to assist in the data mining process, but HIPAA regulations mandate comprehensive safeguards to protect the data. Often universities (and presumably other research organizations) have an enterprise information technology infrastructure and a research infrastructure. Unfortunately, both of these infrastructures are generally not appropriate for sensitive research data such as HIPAA, as they require special accommodations on the part of the enterprise information technology (or increased security on the part of the research computing environment). Cloud computing, which is a concept that allows organizations to build complex infrastructures on leased resources, is rapidly evolving to the point that it is possible to build sophisticated network architectures with advanced security capabilities. We present a prototype infrastructure in Amazon’s Virtual Private Cloud to allow researchers and practitioners to utilize the data in a HIPAA-compliant environment. PMID:23485880

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

32 CFR 806b.44 - Personal information that requires protection.

Code of Federal Regulations, 2014 CFR

2014-07-01

... study (unless the request for the information relates to the professional qualifications for Federal... relates to the professional qualifications for Federal employment). (l) Social Security Number. ...

32 CFR 806b.44 - Personal information that requires protection.

Code of Federal Regulations, 2010 CFR

2010-07-01

... study (unless the request for the information relates to the professional qualifications for Federal... relates to the professional qualifications for Federal employment). (l) Social Security Number. ...

32 CFR 806b.44 - Personal information that requires protection.

Code of Federal Regulations, 2013 CFR

2013-07-01

... study (unless the request for the information relates to the professional qualifications for Federal... relates to the professional qualifications for Federal employment). (l) Social Security Number. ...

32 CFR 806b.44 - Personal information that requires protection.

Code of Federal Regulations, 2012 CFR

2012-07-01

... study (unless the request for the information relates to the professional qualifications for Federal... relates to the professional qualifications for Federal employment). (l) Social Security Number. ...

32 CFR 806b.44 - Personal information that requires protection.

Code of Federal Regulations, 2011 CFR

2011-07-01

... study (unless the request for the information relates to the professional qualifications for Federal... relates to the professional qualifications for Federal employment). (l) Social Security Number. ...

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0006] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

Challenges and Security in Cloud Computing

NASA Astrophysics Data System (ADS)

Chang, Hyokyung; Choi, Euiin

People who live in this world want to solve any problems as they happen then. An IT technology called Ubiquitous computing should help the situations easier and we call a technology which makes it even better and powerful cloud computing. Cloud computing, however, is at the stage of the beginning to implement and use and it faces a lot of challenges in technical matters and security issues. This paper looks at the cloud computing security.

Old-and With Severe Heart Failure: Telemonitoring by Using Digital Pen Technology in Specialized Homecare: System Description, Implementation, and Early Results.

PubMed

Lind, Leili; Carlgren, Gunnar; Karlsson, Daniel

2016-08-01

Telehealth programs for heart failure have been studied using a variety of techniques. Because currently a majority of the elderly are nonusers of computers and Internet, we developed a home telehealth system based on digital pen technology. Fourteen patients (mean age, 84 years [median, 83 years]) with severe heart failure participated in a 13-month pilot study in specialized homecare. Participants communicated patient-reported outcome measures daily using the digital pen and health diary forms, submitting a total of 3 520 reports. The reports generated a total of 632 notifications when reports indicated worsening health. Healthcare professionals reviewed reports frequently, more than 4700 times throughout the study, and acted on the information provided. Patients answered questionnaires and were observed in their home environment when using the system. Results showed that the technology was accepted by participants: patients experienced an improved contact with clinicians; they felt more compliant with healthcare professionals' advice, and they felt more secure and more involved in their own care. Via the system, the healthcare professionals detected heart failure-related deteriorations at an earlier stage, and as a consequence, none of the patients were admitted into hospital care during the study.

Quality in Australian after-hours doctor home visits: exploring the clinical, professional and security supports available to involved practitioners.

PubMed

Ifediora, Chris Onyebuchi

2017-04-01

The after-hours house call (AHHC) services in Australia has gained huge popularity in recent years, but it is not clear how well supported the involved doctors feel regarding the clinical, professional and security aspects of their work. It is important that this knowledge gap is filled given that appropriate support helps engender quality in health service delivery. This is a questionnaire-based electronic survey involving a sample frame of all 300 doctors participating in AHHC through the National Home Doctor Service. National Home Doctor Service is Australia's largest AHHC service provider. A total of 168 valid responses (56.0%) were received. Overall, the mean support levels were mild to moderate, ranging from 2.4 to 2.8 out of 4.0 for all three parameters. Specifically, 65.3% of the respondents felt well-supported on clinical issues, 64.7% on professional issues and 43.2% on security issues. Australian-trained doctors were less likely to feel well supported on all aspects [Clinical: odds ratio (OR) 0.38, confidence interval (CI) 0.16 to 0.90; Professional: OR 0.30, CI 0.13 to 0.72; and Security: OR 0.22; CI 0.09 to 0.53] compared with overseas-trained ones. Unsurprisingly, doctors who adopted protective measures felt significantly better supported regarding security (OR 2.75; CI 1.31 to 5.78). There is room for improvement regarding support on AHHC in Australia, and concerned Surgeries should ensure that where available these supports are appropriately utilized. © 2016 John Wiley & Sons, Ltd.

Differences in multiple-target visual search performance between non-professional and professional searchers due to decision-making criteria.

PubMed

Biggs, Adam T; Mitroff, Stephen R

2015-11-01

Professional visual searches, such as those conducted by airport security personnel, often demand highly accurate performance. As many factors can hinder accuracy, it is critical to understand the potential influences. Here, we examined how explicit decision-making criteria might affect multiple-target search performance. Non-professional searchers (college undergraduates) and professional searchers (airport security officers) classified trials as 'safe' or 'dangerous', in one of two conditions. Those in the 'one = dangerous' condition classified trials as dangerous if they found one or two targets, and those in the 'one = safe' condition only classified trials as dangerous if they found two targets. The data suggest an important role of context that may be mediated by experience; non-professional searchers were more likely to miss a second target in the one = dangerous condition (i.e., when finding a second found target did not change the classification), whereas professional searchers were more likely to miss a second in the one = safe condition. © 2014 The British Psychological Society.

Becoming an Approved Mental Health Professional: an analysis of the factors that influence individuals to become Approved Mental Health Professionals.

PubMed

Watson, David

2016-08-01

In England and Wales, the Approved Mental Health Professional (AMHP) has final responsibility for applying under the Mental Health Act 1983 to admit an individual compulsorily and convey them to psychiatric hospital. The AMHP role is challenging and legally accountable and unique to the UK context. To analyse the motivation of individuals to become AMHPs, and identify factors which may affect motivation. Semi-structured interviews were conducted with 12 AMHPs from local authorities across Southern England. Ten participants were social workers, one was qualified as both a nurse and social worker, and one was a mental health nurse. Participants identify career progression and professional development as significant as well as the status and independence of the role and enhanced job security. Social work participants value the Mental Health Act assessment as a contained piece of work, with a high degree of professional discretion. AMHPs are motivated by an increase in professional status and job security, but also exercising independent judgment and authority in a time-limited intervention is emotionally and professionally rewarding.

2011 Defense Industrial Base Critical Infrastructure Protection Conference (DIBCIP)

DTIC Science & Technology

2011-08-25

Office of the Program Manager, Information Sharing Environment u Mr. Vince Jarvie , Vice President, Corporate Security, L-3 Communications...National Defense University IRM College and in 2008 he obtained the Certified Information System Security Professional certificate. MR. VINCE JARVIE ...Vice President, Corporate Security, L-3 Communciations Corporation Mr. Vincent (Vince) Jarvie is the Vice President, Corporate Security for L-3

Mobile Device Security: Perspectives of Future Healthcare Workers

PubMed Central

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority. PMID:28566992

Mobile Device Security: Perspectives of Future Healthcare Workers.

PubMed

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

20 CFR 229.65 - Initial reduction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... wage (see § 225.2 of this chapter) used to compute the DIB O/M under the Social Security Act rules... that exceed the maximum used in computing social security benefits) for the 5 consecutive years after... earnings that exceed the maximum used in computing social security benefits) for the year of highest...

A Computational Model and Multi-Agent Simulation for Information Assurance

DTIC Science & Technology

2002-06-01

Podell , Information Security: an Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, 1994. Brinkley, D. L. and Schell, R...R., “What is There to Worry About? An Introduction to the Computer Security Problem,” ed. Abrams and Jajodia and Podell , Information Security: an

Distributed intrusion detection system based on grid security model

NASA Astrophysics Data System (ADS)

Su, Jie; Liu, Yahui

2008-03-01

Grid computing has developed rapidly with the development of network technology and it can solve the problem of large-scale complex computing by sharing large-scale computing resource. In grid environment, we can realize a distributed and load balance intrusion detection system. This paper first discusses the security mechanism in grid computing and the function of PKI/CA in the grid security system, then gives the application of grid computing character in the distributed intrusion detection system (IDS) based on Artificial Immune System. Finally, it gives a distributed intrusion detection system based on grid security system that can reduce the processing delay and assure the detection rates.

Data Privacy and Security in Higher Education

ERIC Educational Resources Information Center

Williams, Tracy

2003-01-01

As institutions review and strengthen their plans to secure confidential data, what proactive role does the human resource professional play as a strategic partner? Why are employees a critical part of the solution? And how are they educated regarding their responsibilities with data security? Datatel's HR product manager shares some…

SOCIAL MEDIA SECURITY

Science.gov Websites

, exciting, entertaining, and useful for maintaining relationships. Professionally, people can use social HomeVISITORS AND PERSONNELSOCIAL MEDIA SECURITY FAQ on Security for Social Media Due to the widespread use of world. CENTCOM Personnel are reminded to use common sense when using social media. What are social media

75 FR 30095 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-28

... Organizations; International Securities Exchange, LLC; Notice of Filing and Immediate Effectiveness of Proposed... on May 5, 2010, the International Securities Exchange, LLC (the ``Exchange'' or the ``ISE'') filed.... Specifically, the Exchange proposes to adopt a $0.18 per contract execution fee for ``professional customers...

A National Partnership for Careers in Public Safety and Security

ERIC Educational Resources Information Center

Coffee, Joseph

2007-01-01

A partnership of state, local and federal public safety agencies, secondary and postsecondary educational institutions, and professional and educational associations, the National Partnership for Careers in Law, Public Safety, Corrections and Security also serves as the lead organization for the Law, Public Safety, Corrections and Security Career…

Information Security in Higher Education. Professional Paper Series, #5.

ERIC Educational Resources Information Center

Elliott, Raymond; And Others

Intended to generate discussion and motivate proactive intervention in matters of information security, this paper defines and discusses some of the key issues relating to information security on college and university campuses based on in-depth interviews conducted at eight selected higher education institutions of varying size and composition in…

A Lightweight Protocol for Secure Video Streaming

PubMed Central

Morkevicius, Nerijus; Bagdonas, Kazimieras

2018-01-01

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing “Fog Node-End Device” layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard. PMID:29757988

A Lightweight Protocol for Secure Video Streaming.

PubMed

Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

2018-05-14

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Fires. A Joint Professional Bulletin for U.S. Field and Air Defense Artillerymen. September-October 2011

DTIC Science & Technology

2011-10-01

said that security of the LOCs was a constant challenge facing the Soviet forces in Afghanistan. Security of the LOCs determined the amount of forces...resistance forces. The Afghan terrain was not ideal for a mechanized force dependent on fire power, secure LOCs and high-technology. Although the popular...Secure logistics and secure LOCs are essential for the both the guerrilla and non-guerrilla force. Security missions, however, can tie up most

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

77 FR 30032 - Self-Regulatory Organizations; Fixed Income Clearing Corporation; Order Approving Proposed Rule...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-21

... Professionals'' May 15, 2012. I. Introduction On March 20, 2012, the Fixed Income Clearing Corporation (``FICC... Members and NYPC Clearing Members for certain ``market professionals.'' \\6\\ \\5\\ See Securities Exchange... professional'' cross-margining program aims to closely replicate the Options Clearing Corporation (``OCC...

Job Security at Isfahan University of Medical Sciences: Implications on Employees and Types of Contracts

PubMed Central

Alavi, Seyyed Salman; Alaghemandan, Hamed; Jannatifard, Fereshte

2013-01-01

Introduction: Medical universities are of those organizations that serve many individuals. As a result, the employees who work at medical universities should have adequate job qualifications and requisite conditions for work. Job security is one of these needed conditions. The current study aims to determine the main components of job security among the employees of Isfahan University of Medical Sciences (IUMS). Method and materials: The study had a cross-sectional design. The sample included 300 employees which were selected from the faculties of IUMS. The sample was recruited using quota sampling. First, demographic and Job security questionnaires were completed by each employee. Then, data was analyzed by descriptive methods and ANOVA in SPSS16. Results: The study results showed that there was no significant difference among five subscales of Job security questionnaire and as a result, job security among the employees of IUMS but there was a significant difference in job security among male and female employees and a significant difference in job security based on type of job contract. Discussion: Lower rate of job security among female employees with temporary job contracts has professional and psychological implication for both females and IUMS which should be considered in designing professional programs of IUMS. PMID:23687464

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

A Semantic Based Policy Management Framework for Cloud Computing Environments

ERIC Educational Resources Information Center

Takabi, Hassan

2013-01-01

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access…

Computer Security: the Achilles’ Heel of the Electronic Air Force?

DTIC Science & Technology

2013-02-01

commercials not enough. In the Pentagon a General Electric system called “GCOS” provided classified (secret) com- putation for the Air Staff and others...necessary computer function. January–February 2013 Air & Space Power Journal | 169 Historical Highlight Government designers not perfect. After the Pentagon ...laboratory computer to evaluate Multics as a potential multilevel secure computer for the Pentagon . Although it had the best security design of any system

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

Computer Security: The Human Element.

ERIC Educational Resources Information Center

Guynes, Carl S.; Vanacek, Michael T.

1981-01-01

The security and effectiveness of a computer system are dependent on the personnel involved. Improved personnel and organizational procedures can significantly reduce the potential for computer fraud. (Author/MLF)

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

.../index.html/ . Agenda: --Cloud Computing Implementations --Health IT --OpenID --Pending Cyber Security... will be available for the public and media. --OpenID --Cloud Computing Implementations --Security...

Embedding Secure Coding Instruction into the IDE: Complementing Early and Intermediate CS Courses with ESIDE

ERIC Educational Resources Information Center

Whitney, Michael; Lipford, Heather Richter; Chu, Bill; Thomas, Tyler

2018-01-01

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2010 CFR

2010-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2014 CFR

2014-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2012 CFR

2012-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2013 CFR

2013-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2011 CFR

2011-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Cognitive Computing for Security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Debenedictis, Erik; Rothganger, Fredrick; Aimone, James Bradley

Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

Teaching Information Security with Workflow Technology--A Case Study Approach

ERIC Educational Resources Information Center

He, Wu; Kshirsagar, Ashish; Nwala, Alexander; Li, Yaohang

2014-01-01

In recent years, there has been a significant increase in the demand from professionals in different areas for improving the curricula regarding information security. The use of authentic case studies in teaching information security offers the potential to effectively engage students in active learning. In this paper, the authors introduce the…

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Knowledge of computer among healthcare professionals of India: a key toward e-health.

PubMed

Gour, Neeraj; Srivastava, Dhiraj

2010-11-01

Information technology has radically changed the way that many people work and think. Over the years, technology has touched a new acme and now it is not confined to developed countries. Developing countries such as India have kept pace with the world in modern technology. Healthcare professionals can no longer ignore the application of information technology to healthcare because they are key to e-health. This study was conducted to enlighten the perspective and implications of computers among healthcare professionals, with the objective to assess the knowledge, use, and need of computers among healthcare professionals. A cross-sectional study of 240 healthcare professionals, including doctors, nurses, lab technicians, and pharmacists, was conducted. Each participant was interviewed using a pretested, semistructured format. Of 240 healthcare professionals, 57.91% were knowledgeable about computers. Of them, 22.08% had extensive knowledge and 35.83% had partial knowledge. Computer knowledge was greater among the age group 20-25 years (high knowledge-43.33% and partial knowledge-46.66%). Of 99 males, 21.21% were found to have good knowledge and 42.42% had partial knowledge. A majority of doctors and nurses used computer for study purposes. The remaining healthcare professionals used it basically for the sake of entertainment, Internet, and e-mail. A majority of all healthcare professionals (95.41%) requested computer training, which according to them would definitely help to make their future more bright and nurtured as well as to enhance their knowledge regarding computers.

Protecting the Privacy and Security of Your Health Information

MedlinePlus

... Access to Medical Records Privacy, Security, and HIPAA Laws, Regulation, and Policy Scientific Initiatives Standards & Technology Usability ... care providers and professionals, and the government. Federal laws require many of the key persons and organizations ...

Enhancing Security by System-Level Virtualization in Cloud Computing Environments

NASA Astrophysics Data System (ADS)

Sun, Dawei; Chang, Guiran; Tan, Chunguang; Wang, Xingwei

Many trends are opening up the era of cloud computing, which will reshape the IT industry. Virtualization techniques have become an indispensable ingredient for almost all cloud computing system. By the virtual environments, cloud provider is able to run varieties of operating systems as needed by each cloud user. Virtualization can improve reliability, security, and availability of applications by using consolidation, isolation, and fault tolerance. In addition, it is possible to balance the workloads by using live migration techniques. In this paper, the definition of cloud computing is given; and then the service and deployment models are introduced. An analysis of security issues and challenges in implementation of cloud computing is identified. Moreover, a system-level virtualization case is established to enhance the security of cloud computing environments.

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

Role of Outsourcing in Stress and Job Satisfaction of Information Technology Professionals

ERIC Educational Resources Information Center

Robinson, Janell R.

2016-01-01

Information technology (IT) outsourcing poses a potential job loss threat to IT professionals, which can decrease job security, job satisfaction, and organizational commitment. The problem that this study addressed was the perceived role of IT outsourcing in the job stress, job dissatisfaction, and turnover intention of IT professionals. The…

Beyond Performativity: A Pragmatic Model of Teacher Professional Learning

ERIC Educational Resources Information Center

Lloyd, Margaret; Davis, James P.

2018-01-01

The intent and content of teacher professional learning has changed in recent times to meet the demands of performativity. In this article, we offer and demonstrate a pragmatic way to map teacher professional learning that both meets current demands and secures a place for teacher-led catalytic learning. To achieve this, we position identified…

Redefining Professional Knowledge in Athletic Training: Whose Knowledge Is It Anyway?

ERIC Educational Resources Information Center

McKeon, Patrick O.; Medina McKeon, Jennifer M.; Geisler, Paul R.

2017-01-01

Context: As athletic training continues to evolve as a profession, several epistemological considerations must be considered. These include how we generate professional knowledge and how we secure and legitimize it in both professional and public spheres. Objective: The purpose of this commentary is to provide an overview of how athletic training…

Promoting Inter-Professional Teamwork and Learning--The Case of a Surgical Operating Theatre

ERIC Educational Resources Information Center

Collin, Kaija; Paloniemi, Susanna; Mecklin, Jukka-Pekka

2010-01-01

Hospitals, and surgical operating theatres (OTs) in particular, are environments in which inter-professional teamwork and learning are essential to secure patient safety and effective practice. However, it has been revealed in many studies that inter-professional collaborative work in hospital organisations faces many challenges and constraints.…

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

The Naval Postgraduate School SECURE ARCHIVAL STORAGE SYSTEM. Part II. Segment and Process Management Implementation.

DTIC Science & Technology

1981-03-01

Research Instructor of Computer Scienr-. Reviewed by: Released by: WILLIAM M. TOLLES Department puter Science Dean of Research 4c t SECURITY...Lyle A. Cox, Roger R. Schell, and Sonja L. Perdue 9. PERFORMING ORGANIZATION NAME ANO ADDRESS 10. PROGRAM ELEMENT. PROJECT. TASK AREA A WORK UNIT... Computer Networks, Operating Systems, Computer Security 20. AftUrCT (Cnthm, w v re eae old* It n..*p and idm 0 F W blk ..m.m.o’) ",A_;he security

The SQL Server Database for Non Computer Professional Teaching Reform

ERIC Educational Resources Information Center

Liu, Xiangwei

2012-01-01

A summary of the teaching methods of the non-computer professional SQL Server database, analyzes the current situation of the teaching course. According to non computer professional curriculum teaching characteristic, put forward some teaching reform methods, and put it into practice, improve the students' analysis ability, practice ability and…

Private quantum computation: an introduction to blind quantum computing and related protocols

NASA Astrophysics Data System (ADS)

Fitzsimons, Joseph F.

2017-06-01

Quantum technologies hold the promise of not only faster algorithmic processing of data, via quantum computation, but also of more secure communications, in the form of quantum cryptography. In recent years, a number of protocols have emerged which seek to marry these concepts for the purpose of securing computation rather than communication. These protocols address the task of securely delegating quantum computation to an untrusted device while maintaining the privacy, and in some instances the integrity, of the computation. We present a review of the progress to date in this emerging area.

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

77 FR 65215 - In the Matter of Licensee Identified in Attachment 1 and all Other Persons Who Obtain Safeguards...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-25

... a computing environment that has adequate computer security controls in place to prevent... NRC intends to issue a security Order to this Licensee in the near future. The Order will require compliance with specific Additional Security Measures to enhance the security for certain radioactive...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Computer applications for the hospital security department--buying or developing a shift log reporting system.

PubMed

Gruber, T

1996-01-01

The author presents guidelines to help a security department select a computer system to track security activities--whether it's a commercial software product, an in-house developed program, or a do-it-yourself designed system. Computerized security activity reporting, he believes, is effective and beneficial.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

DOT National Transportation Integrated Search

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

Motivating Contributions for Home Computer Security

ERIC Educational Resources Information Center

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

Proposal for founding mistrustful quantum cryptography on coin tossing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian; Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZ,

2003-07-01

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process, or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multiparty computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signaling constraints into account. The best that can be hoped for, in general, aremore » quantum protocols which are computationally secure against quantum attack. Here a method is described for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin-tossing protocol. No security proof is attempted, but reasons are sketched why these protocols might resist quantum computational attack.« less

The personal health record paradox: health care professionals' perspectives and the information ecology of personal health record systems in organizational and clinical settings.

PubMed

Nazi, Kim M

2013-04-04

Despite significant consumer interest and anticipated benefits, overall adoption of personal health records (PHRs) remains relatively low. Understanding the consumer perspective is necessary, but insufficient by itself. Consumer PHR use also has broad implications for health care professionals and organizational delivery systems; however, these have received less attention. An exclusive focus on the PHR as a tool for consumer empowerment does not adequately take into account the social and organizational context of health care delivery, and the reciprocal nature of patient engagement. The purpose of this study was to examine the experiences of physicians, nurses, and pharmacists at the Department of Veterans Affairs (VA) using an organizationally sponsored PHR to develop insights into the interaction of technology and processes of health care delivery. The conceptual framework for the study draws on an information ecology perspective, which recognizes that a vibrant dynamic exists among technologies, people, practices, and values, accounting for both the values and norms of the participants and the practices of the local setting. The study explores the experiences and perspectives of VA health care professionals related to patient use of the My HealtheVet PHR portal and secure messaging systems. In-depth interviews were conducted with 30 VA health care professionals engaged in providing direct patient care who self-reported that they had experiences with at least 1 of 4 PHR features. Interviews were transcribed, coded, and analyzed to identify inductive themes. Organizational documents and artifacts were reviewed and analyzed to trace the trajectory of secure messaging implementation as part of the VA Patient Aligned Care Team (PACT) model. Study findings revealed a variety of factors that have facilitated or inhibited PHR adoption, use, and endorsement of patient use by health care professionals. Health care professionals' accounts and analysis of organizational documents revealed a multidimensional dynamic between the trajectory of secure messaging implementation and its impact on organizational actors and their use of technology, influencing workflow, practices, and the flow of information. In effect, secure messaging was the missing element of complex information ecology and its implementation acted as a catalyst for change. Secure messaging was found to have important consequences for access, communication, patient self-report, and patient/provider relationships. Study findings have direct implications for the development and implementation of PHR systems to ensure adequate training and support for health care professionals, alignment with clinical workflow, and features that enable information sharing and communication. Study findings highlight the importance of clinician endorsement and engagement, and the need to further examine both intended and unintended consequences of use. This research provides an integral step toward better understanding the social and organizational context and impact of PHR and secure messaging use in clinical practice settings.

Transportation Security Institute : recruiting next generation professionals.

DOT National Transportation Integrated Search

2013-08-01

The Center for Transportation Training and Research (CTTR), as part of Texas Southern University : (TSU), served as host for the 2013 Transportation Security Institute (TSI) in Houston and : surrounding area. The 2013 Houston TSI focuses on the missi...

Social Security for Composers and Free Lances.

ERIC Educational Resources Information Center

Rossel-Majdan, Karl

1982-01-01

Internationally, cultural policies are tending toward increased socioeconomic and legal support for creative artists. Austrian cultural policies which encourage art and cultural professional organizations, increased copyright protection, and greater social security for free-lance artists are discussed. (AM)

Transportation Security Institute: recruiting next generation professionals.

DOT National Transportation Integrated Search

2012-08-01

"The Center for Transportation Training and Research (CTTR), as part of Texas Southern University (TSU), served as host for the 2012 Transportation Security Institute (TSI) in Houston and surrounding area. The 2012 Houston TSI focuses on the mission ...

Network gateway security method for enterprise Grid: a literature review

NASA Astrophysics Data System (ADS)

Sujarwo, A.; Tan, J.

2017-03-01

The computational Grid has brought big computational resources closer to scientists. It enables people to do a large computational job anytime and anywhere without any physical border anymore. However, the massive and spread of computer participants either as user or computational provider arise problems in security. The challenge is on how the security system, especially the one which filters data in the gateway could works in flexibility depends on the registered Grid participants. This paper surveys what people have done to approach this challenge, in order to find the better and new method for enterprise Grid. The findings of this paper is the dynamically controlled enterprise firewall to secure the Grid resources from unwanted connections with a new firewall controlling method and components.

Critical thinking traits of top-tier experts and implications for computer science education

NASA Astrophysics Data System (ADS)

Bushey, Dean E.

A documented shortage of technical leadership and top-tier performers in computer science jeopardizes the technological edge, security, and economic well-being of the nation. The 2005 President's Information and Technology Advisory Committee (PITAC) Report on competitiveness in computational sciences highlights the major impact of science, technology, and innovation in keeping America competitive in the global marketplace. It stresses the fact that the supply of science, technology, and engineering experts is at the core of America's technological edge, national competitiveness and security. However, recent data shows that both undergraduate and postgraduate production of computer scientists is falling. The decline is "a quiet crisis building in the United States," a crisis that, if allowed to continue unchecked, could endanger America's well-being and preeminence among the world's nations. Past research on expert performance has shown that the cognitive traits of critical thinking, creativity, and problem solving possessed by top-tier performers can be identified, observed and measured. The studies show that the identified attributes are applicable across many domains and disciplines. Companies have begun to realize that cognitive skills are important for high-level performance and are reevaluating the traditional academic standards they have used to predict success for their top-tier performers in computer science. Previous research in the computer science field has focused either on programming skills of its experts or has attempted to predict the academic success of students at the undergraduate level. This study, on the other hand, examines the critical-thinking skills found among experts in the computer science field in order to explore the questions, "What cognitive skills do outstanding performers possess that make them successful?" and "How do currently used measures of academic performance correlate to critical-thinking skills among students?" The results of this study suggest a need to examine how critical-thinking abilities are learned in the undergraduate computer science curriculum and the need to foster these abilities in order to produce the high-level, critical-thinking professionals necessary to fill the growing need for these experts. Due to the fact that current measures of academic performance do not adequately depict students' cognitive abilities, assessment of these skills must be incorporated into existing curricula.

A Test-Bed of Secure Mobile Cloud Computing for Military Applications

DTIC Science & Technology

2016-09-13

searching databases. This kind of applications is a typical example of mobile cloud computing (MCC). MCC has lots of applications in the military...Release; Distribution Unlimited UU UU UU UU 13-09-2016 1-Aug-2014 31-Jul-2016 Final Report: A Test-bed of Secure Mobile Cloud Computing for Military...Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-2211 Test-bed, Mobile Cloud Computing , Security, Military Applications REPORT

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

Case Study: Creation of a Degree Program in Computer Security. White Paper.

ERIC Educational Resources Information Center

Belon, Barbara; Wright, Marie

This paper reports on research into the field of computer security, and undergraduate degrees offered in that field. Research described in the paper reveals only one computer security program at the associate's degree level in the entire country. That program, at Texas State Technical College in Waco, is a 71-credit-hour program leading to an…

College students and computers: assessment of usage patterns and musculoskeletal discomfort.

PubMed

Noack-Cooper, Karen L; Sommerich, Carolyn M; Mirka, Gary A

2009-01-01

A limited number of studies have focused on computer-use-related MSDs in college students, though risk factor exposure may be similar to that of workers who use computers. This study examined computer use patterns of college students, and made comparisons to a group of previously studied computer-using professionals. 234 students completed a web-based questionnaire concerning computer use habits and physical discomfort respondents specifically associated with computer use. As a group, students reported their computer use to be at least 'Somewhat likely' 18 out of 24 h/day, compared to 12 h for the professionals. Students reported more uninterrupted work behaviours than the professionals. Younger graduate students reported 33.7 average weekly computing hours, similar to hours reported by younger professionals. Students generally reported more frequent upper extremity discomfort than the professionals. Frequent assumption of awkward postures was associated with frequent discomfort. The findings signal a need for intervention, including, training and education, prior to entry into the workforce. Students are future workers, and so it is important to determine whether their increasing exposure to computers, prior to entering the workforce, may make it so they enter already injured or do not enter their chosen profession due to upper extremity MSDs.

Computer usage among nurses in rural health-care facilities in South Africa: obstacles and challenges.

PubMed

Asah, Flora

2013-04-01

This study discusses factors inhibiting computer usage for work-related tasks among computer-literate professional nurses within rural healthcare facilities in South Africa. In the past two decades computer literacy courses have not been part of the nursing curricula. Computer courses are offered by the State Information Technology Agency. Despite this, there seems to be limited use of computers by professional nurses in the rural context. Focus group interviews held with 40 professional nurses from three government hospitals in northern KwaZulu-Natal. Contributing factors were found to be lack of information technology infrastructure, restricted access to computers and deficits in regard to the technical and nursing management support. The physical location of computers within the health-care facilities and lack of relevant software emerged as specific obstacles to usage. Provision of continuous and active support from nursing management could positively influence computer usage among professional nurses. A closer integration of information technology and computer literacy skills into existing nursing curricula would foster a positive attitude towards computer usage through early exposure. Responses indicated that change of mindset may be needed on the part of nursing management so that they begin to actively promote ready access to computers as a means of creating greater professionalism and collegiality. © 2011 Blackwell Publishing Ltd.

Understanding Mobile Apps

MedlinePlus

... share personal information let your kids spend real money — even if the app is free include ads link to social media What’s more, ... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making ... Security "Free" Security Scans Computer Security Disposing of Old Computers ...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

17 CFR 230.167 - Communications in connection with certain registered offerings of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... § 230.415, ABS informational and computational material regarding such securities used after the... informational and computational material used in reliance on Securities Act Rule 167 (§ 230.167); and (iv) A...

A Trusted Portable Computing Device

NASA Astrophysics Data System (ADS)

Ming-wei, Fang; Jun-jun, Wu; Peng-fei, Yu; Xin-fang, Zhang

A trusted portable computing device and its security mechanism were presented to solve the security issues, such as the attack of virus and Trojan horse, the lost and stolen of storage device, in mobile office. It used smart card to build a trusted portable security base, virtualization to create a secure virtual execution environment, two-factor authentication mechanism to identify legitimate users, and dynamic encryption to protect data privacy. The security environment described in this paper is characteristic of portability, security and reliability. It can meet the security requirement of mobile office.

75 FR 66410 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-28

... Effectiveness of Proposed Rule Change Relating to the Sales Value Fee October 22, 2010. Pursuant to Section 19(b... Terms of Substance of the Proposed Rule Change The Exchange proposes to adopt ISE Rule 212 (Sales Value... supervision and regulation of the securities markets and securities professionals. To offset this obligation...

75 FR 5360 - Self-Regulatory Organizations; NASDAQ OMX PHLX, Inc.; Notice of Filing of Proposed Rule Change...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-02

... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-61426; File No. SR-Phlx-2010-05] Self... Professional Orders January 26, 2010. Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934... PHLX, Inc. (``Phlx'' or ``Exchange'') filed with the Securities and Exchange Commission (``SEC'' or...

2008 Stability, Security, Transition and Reconstruction Operations Conference

DTIC Science & Technology

2008-09-04

Facilitator Power of Public-Private Partnerships • Health Professional Education • Greater Access to Care China Diabetes Education Program Dominican Republic...Argentina Canada Chile Colombia Ecuador Peru Uruguay Interagency, multinational, inter-institutional partnerships State Department Homeland Security...Disaster Preparedness Disaster Response Regional Response Capacity OFDA-LAC / MDROs Regional Security System (RSS) UNCLASSIFIED ECUADOR / KY PERU / WV

Different predictors of multiple-target search accuracy between nonprofessional and professional visual searchers.

PubMed

Biggs, Adam T; Mitroff, Stephen R

2014-01-01

Visual search, locating target items among distractors, underlies daily activities ranging from critical tasks (e.g., looking for dangerous objects during security screening) to commonplace ones (e.g., finding your friends in a crowded bar). Both professional and nonprofessional individuals conduct visual searches, and the present investigation is aimed at understanding how they perform similarly and differently. We administered a multiple-target visual search task to both professional (airport security officers) and nonprofessional participants (members of the Duke University community) to determine how search abilities differ between these populations and what factors might predict accuracy. There were minimal overall accuracy differences, although the professionals were generally slower to respond. However, the factors that predicted accuracy varied drastically between groups; variability in search consistency-how similarly an individual searched from trial to trial in terms of speed-best explained accuracy for professional searchers (more consistent professionals were more accurate), whereas search speed-how long an individual took to complete a search when no targets were present-best explained accuracy for nonprofessional searchers (slower nonprofessionals were more accurate). These findings suggest that professional searchers may utilize different search strategies from those of nonprofessionals, and that search consistency, in particular, may provide a valuable tool for enhancing professional search accuracy.

Usage of insecure E-mail services among researchers with different scientific background.

PubMed

Solić, Kresimir; Grgić, Krešimir; Ilakovac, Vesna; Zagar, Drago

2011-08-01

Free web‑based e-mail services are considered to have more security flaws than institutional ones, but they are frequently used among scientific researchers for professional communication. The aim of this study was to analyze frequency of usage of the insecure free e-mail services for professional communication among biomedical, economical and technical researchers, who published papers in one of three different journals: Croatian Medical Journal, Automatika and Economic Research. Contact details of the authors who provided their e‑mail address from the papers published in those three journals during one year period were collected. These e‑mail addresses were collected from the electronic archive of the journals in question. The domains of all e‑mail addresses were assessed and contacts were categorized into three groups according to the following types: world-wide known free web‑based e‑mail services, national Internet Service Provider (ISP) e-mail services, and institutional or corporate e-mail addresses. The proportion of authors using free web-based e-mail services, the least secure group type, was highest among biomedical researchers (17.8%) while every e‑mail address collected from the technical journal belonged to the secured institutional e‑mail group type. It seems that all researchers from the technical scientific field and most of the researchers from the economical field value good security practice and use more secure systems for professional communication. High percentage of the biomedical researchers who use insecure e‑mail services may mean that they need to be warned of the possible security disadvantages of those kinds of e‑mail addresses.

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

ERIC Educational Resources Information Center

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

MediLink: a wearable telemedicine system for emergency and mobile applications.

PubMed

Koval, T; Dudziak, M

1999-01-01

The practical needs of the medical professional faced with critical care or emergency situations differ from those working in many environments where telemedicine and mobile computing have been introduced and tested. One constructive criticism of the telemedicine initiative has been to question what positive benefits are gained from videoconferencing, paperless transactions, and online access to patient record. With a goal of producing a positive answer to such questions an architecture for multipurpose mobile telemedicine applications has been developed. The core technology is based upon a wearable personal computer with a smart-card interface coupled with speech, pen, video input and wireless intranet connectivity. The TransPAC system with the MedLink software system is designed to provide an integrated solution for a broad range of health care functions where mobile and hands-free or limited-access systems are preferred or necessary and where the capabilities of other mobile devices are insufficient or inappropriate. Structured and noise-resistant speech-to-text interfacing plus the use of a web browser-like display, accessible through either a flatpanel, standard, or headset monitor, gives the beltpack TransPAC computer the functions of a complete desktop including PCMCIA card interfaces for internet connectivity and a secure smartcard with 16-bit microprocessor and upwards of 64K memory. The card acts to provide user access control for security, user custom configuration of applications and display and vocabulary, and memory to diminish the need for PC-server communications while in an active session. TransPAC is being implemented for EMT and ER staff usage.

Food security practice in Kansas schools and health care facilities.

PubMed

Yoon, Eunju; Shanklin, Carol W

2007-02-01

This pilot study investigated perceived importance and frequency of specific preventive measures, and food and nutrition professionals' and foodservice directors' willingness to develop a food defense management plan. A mail questionnaire was developed based on the US Department of Agriculture document, Biosecurity Checklist for School Foodservice Programs--Developing a Biosecurity Management Plan. The survey was sent to food and nutrition professionals and foodservice operators in 151 acute care hospitals, 181 long-term-care facilities, and 450 school foodservice operations. Chemical use and storage was perceived as the most important practice to protect an operation and was the practice implemented most frequently. Results of the study indicate training programs on food security are needed to increase food and nutrition professionals' motivation to implement preventive measures.

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of Standards and Technology, Computer Security Division, Information Technology Laboratory, National... standards are available from the National Institute of Standards and Technology, Computer Security Division... 140-2, Security Requirements for Cryptographic Modules, May 25, 2001, as amended by Change Notices 2...

Defining the Role of the Professional Security Consultant.

ERIC Educational Resources Information Center

Webster, Jim

2002-01-01

Discusses the skill set that should be available in security consultants to higher education, including the ability to work with mechanical, architectural, electrical, landscaping, and telecommunications systems. Addresses the need to bring consultants into the building design phase. (EV)

77 FR 20445 - Self-Regulatory Organizations; Fixed Income Clearing Corporation; Notice of Filing of Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-04

... Professionals'' March 29, 2012. Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (``Act'') \\1... positions held by GSD Netting Members and NYPC Clearing Members for certain ``market professionals.'' \\5\\ \\4...\\ The NYPC-FICC ``market professional'' cross-margining program aims to closely replicate the Options...

76 FR 48197 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-08

... assessable professional reported or required to be reported by a municipal advisor to the MSRB on Form A-11... Assessment and Form A-11- Interim. For purposes of the interim assessment, an assessable professional of a...-Interim as an assessable professional any associated person (i) Who otherwise qualifies as an assessable...

Enhancing the NFLs Counter-Terrorism Efforts: Is the Leagues Security Scheme Able to Effectively Thwart Terrorist Attacks

DTIC Science & Technology

2016-09-01

League (EPL), football, mass gatherings, National Football League (NFL), safety manuals, soccer , sports security, soccer , terrorism, terrorist...fulfillment of the requirements for the degree of MASTER OF ARTS IN SECURITY STUDIES (HOMELAND SECURITY AND DEFENSE) from the NAVAL...kurtbadenhausen/2015/07/15/the-worlds-50-most-valuable-sports- teams-2015/. 3 professional league, the English Premier soccer league, earns $2.7 billion.6 In

Interactive Synthesis of Code Level Security Rules

DTIC Science & Technology

2017-04-01

Interactive Synthesis of Code-Level Security Rules A Thesis Presented by Leo St. Amour to The Department of Computer Science in partial fulfillment...of the requirements for the degree of Master of Science in Computer Science Northeastern University Boston, Massachusetts April 2017 DISTRIBUTION...Abstract of the Thesis Interactive Synthesis of Code-Level Security Rules by Leo St. Amour Master of Science in Computer Science Northeastern University

Computer use and needs of internists: a survey of members of the American College of Physicians-American Society of Internal Medicine.

PubMed Central

Lacher, D.; Nelson, E.; Bylsma, W.; Spena, R.

2000-01-01

The American College of Physicians-American Society of Internal Medicine conducted a membership survey in late 1998 to assess their activities, needs, and attitudes. A total of 9,466 members (20.9% response rate) reported on 198 items related to computer use and needs of internists. Eighty-two percent of the respondents reported that they use computers for personal or professional reasons. Physicians younger than 50 years old who had full- or part-time academic affiliation reported using computers more frequently for medical applications. About two thirds of respondents who had access to computers connected to the Internet at least weekly, with most using the Internet from home for e-mail and nonmedical uses. Physicians expressed concerns about Internet security, confidentiality, and accuracy, and the lack of time to browse the Internet. In practice settings, internists used computers for administrative and financial functions. Less than 19% of respondents had partial or complete electronic clinical functions in their offices. Less than 7% of respondents exchanged e-mail with their patients on a weekly or daily basis. Also, less than 15% of respondents used computers for continuing medical education (CME). Respondents reported they wanted to increase their general computer skills and enhance their knowledge of computer-based information sources for patient care, electronic medical record systems, computer-based CME, and telemedicine While most respondents used computers and connected to the Internet, few physicians utilized computers for clinical management. Medical organizations face the challenge of increasing physician use of clinical systems and electronic CME. PMID:11079924

Computer use and needs of internists: a survey of members of the American College of Physicians-American Society of Internal Medicine.

PubMed

Lacher, D; Nelson, E; Bylsma, W; Spena, R

2000-01-01

The American College of Physicians-American Society of Internal Medicine conducted a membership survey in late 1998 to assess their activities, needs, and attitudes. A total of 9,466 members (20.9% response rate) reported on 198 items related to computer use and needs of internists. Eighty-two percent of the respondents reported that they use computers for personal or professional reasons. Physicians younger than 50 years old who had full- or part-time academic affiliation reported using computers more frequently for medical applications. About two thirds of respondents who had access to computers connected to the Internet at least weekly, with most using the Internet from home for e-mail and nonmedical uses. Physicians expressed concerns about Internet security, confidentiality, and accuracy, and the lack of time to browse the Internet. In practice settings, internists used computers for administrative and financial functions. Less than 19% of respondents had partial or complete electronic clinical functions in their offices. Less than 7% of respondents exchanged e-mail with their patients on a weekly or daily basis. Also, less than 15% of respondents used computers for continuing medical education (CME). Respondents reported they wanted to increase their general computer skills and enhance their knowledge of computer-based information sources for patient care, electronic medical record systems, computer-based CME, and telemedicine While most respondents used computers and connected to the Internet, few physicians utilized computers for clinical management. Medical organizations face the challenge of increasing physician use of clinical systems and electronic CME.

Influence of Recent Developments in Computer Technology on Professional Development in Vocational Education. Final Report.

ERIC Educational Resources Information Center

Passmore, David Lynn

Intended for developers of vocational education professionals and for educators making decisions about the usefulness of personal computers in education, this report deals with the effects of the personal computing revolution on professional development of vocational educators. The two major papers and published opinion pieces that make up this…

Secure distributed genome analysis for GWAS and sequence comparison computation.

PubMed

Zhang, Yihua; Blanton, Marina; Almashaqbeh, Ghada

2015-01-01

The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice.

Secure distributed genome analysis for GWAS and sequence comparison computation

PubMed Central

2015-01-01

Background The rapid increase in the availability and volume of genomic data makes significant advances in biomedical research possible, but sharing of genomic data poses challenges due to the highly sensitive nature of such data. To address the challenges, a competition for secure distributed processing of genomic data was organized by the iDASH research center. Methods In this work we propose techniques for securing computation with real-life genomic data for minor allele frequency and chi-squared statistics computation, as well as distance computation between two genomic sequences, as specified by the iDASH competition tasks. We put forward novel optimizations, including a generalization of a version of mergesort, which might be of independent interest. Results We provide implementation results of our techniques based on secret sharing that demonstrate practicality of the suggested protocols and also report on performance improvements due to our optimization techniques. Conclusions This work describes our techniques, findings, and experimental results developed and obtained as part of iDASH 2015 research competition to secure real-life genomic computations and shows feasibility of securely computing with genomic data in practice. PMID:26733307

Non-developmental item computer systems and the malicious software threat

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

Securing the Data Storage and Processing in Cloud Computing Environment

ERIC Educational Resources Information Center

Owens, Rodney

2013-01-01

Organizations increasingly utilize cloud computing architectures to reduce costs and energy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth…

Computer Virus Bibliography, 1988-1989.

ERIC Educational Resources Information Center

Bologna, Jack, Comp.

This bibliography lists 14 books, 154 journal articles, 34 newspaper articles, and 3 research papers published during 1988-1989 on the subject of computer viruses, software protection and 'cures', virus hackers, and other related issues. Some of the sources listed include Computers and Security, Computer Security Digest, PC Week, Time, the New…

One health security: an important component of the global health security agenda.

PubMed

Gronvall, Gigi; Boddie, Crystal; Knutsson, Rickard; Colby, Michelle

2014-01-01

The objectives of the Global Health Security Agenda (GHSA) will require not only a "One Health" approach to counter natural disease threats against humans, animals, and the environment, but also a security focus to counter deliberate threats to human, animal, and agricultural health and to nations' economies. We have termed this merged approach "One Health Security." It will require the integration of professionals with expertise in security, law enforcement, and intelligence to join the veterinary, agricultural, environmental, and human health experts essential to One Health and the GHSA. Working across such different professions, which occasionally have conflicting aims and different professional cultures, poses multiple challenges, but a multidisciplinary and multisectoral approach is necessary to prevent disease threats; detect them as early as possible (when responses are likely to be most effective); and, in the case of deliberate threats, find who may be responsible. This article describes 2 project areas that exemplify One Health Security that were presented at a workshop in January 2014: the US government and private industry efforts to reduce vulnerabilities to foreign animal diseases, especially foot-and-mouth disease; and AniBioThreat, an EU project to counter deliberate threats to agriculture by raising awareness and implementing prevention and response policies and practices.

[Security agents on the front line against Ebola: roles, perceptions and knowledge in Fann Teaching Hospital, Dakar, Senegal].

PubMed

Lanièce, C; Sow, K; Desclaux, A

2016-10-01

Security agents are on the front line when patients arrive at health facilities, giving them a potential role to play in an Ebola virus disease (EVD) outbreak. The position of security agents within health services is poorly documented. A survey was conducted to clarify their understanding of Ebola pathology, to assess their need for information and to determine their role in patient management. The survey included both qualitative and quantitative aspects. 80 security agents of the Fann teaching hospital (Dakar) completed questionnaires, and 11 were interviewed. Qualitative analysis was performed with Dedoose and the quantitative analysis using Excel. The results show that security agents' activities go beyond their mission of security and control. They are involved in informing, orienting and assisting patients and those accompanying them in the hospital. The security agents have basic knowledge of EVD, but overestimate the risk of transmission. They want to be more informed and to have access to protective material. These results suggest that these professionals should be taken into account when developing response strategies to Ebola outbreaks. Their knowledge of and protection against the disease must be strengthened. Non-health professionals working in health facilities should be trained in order to be able to relay information to the public.

Cheyney University Curriculum and Infrastructure Enhamcement in STEM

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eva, Sakkar Ara

Cheyney University is the oldest historically Black educational institution in America. Initially established as a “normal” school emphasizing the matriculation of educators, Cheyney has become a comprehensive university, one of 14 state universities comprising the Pennsylvania State System of Higher Education (PASSHE). Cheyney University graduates still become teachers, but they also enter such fields as journalism, medicine, science, mathematics, law, communication and government. Cheyney University is a small state owned HBCU with very limited resource. At present the university has about a thousand students with 15% in STEM. The CUCIES II grant made significant contribution in saving the computer sciencemore » program from being a discontinued program in the university. The grant enabled the university to hire a temporary faculty to teach in and update the computer science program. The program is enhanced with three tracks; cyber security, human computer interaction and general. The updated and enhanced computer science program will prepare professionals in the area of computer science with the knowledge, skills, and professional ethic needed for the current market. The new curriculum was developed for a professional profile that would focus on the technologies and techniques currently used in the industry. With faculty on board, the university worked with the department to bring back the computer science program from moratorium. Once in the path of being discontinued and loosing students, the program is now growing. Currently the student number has increased from 12 to 30. University is currently in the process of hiring a tenure track faculty in the computer science program. Another product of the grant is the proposal for introductory course in nanotechnology. The course is intended to generate interest in the nanotechnology field. The Natural and Applied Science department that houses all of the STEM programs in Cheyney University, is currently working to bring back environmental science program from moratorium. The university has been working to improve minority participation in STEM and made significant stride in terms of progressing students toward graduate programs and into professoriate track. This success is due to faculty mentors who work closely with students to guiding them through the application processes for research internship and graduate programs; it is also due to the university forming collaborative agreements with research intensive institutions, federal and state agencies and industry. The grant assisted in recruiting and retaining students in STEM by offering tuition scholarship, research scholarship and travel awards. Faculty professional development was supported by the grant by funding travel to conferences, meetings and webinar. As many HBCU Cheyney University is also trying to do more with less. As the STEM programs are inherently expensive, these are the ones that suffer more when resources are scarce. One of the goals of Cheyney University strategic plan is to strengthen STEM programs that is coherent with the critical skill need of Department of Energy. All of the Cheyney University STEM programs are now located in the new science building funded by Pennsylvania state.« less

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

Design Principles and Guidelines for Security

DTIC Science & Technology

2007-11-21

Padula , Secure Computer Systems: Unified Exposition and Multics Interpretation. Electronic Systems Division, USAF. ESD-TR-75-306, MTR-2997 Rev.1...Hanscom AFB, MA. March 1976 [7] David Elliott Bell. “Looking Back at the Bell-La Padula Model,” Proc. Annual Computer Security Applications Conference

20 CFR 225.15 - Overall Minimum PIA.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security Act based on combined railroad and social security earnings. The Overall Minimum PIA is used in computing the social security overall minimum guaranty amount. The overall minimum guaranty rate annuity... INSURANCE AMOUNT DETERMINATIONS PIA's Used in Computing Employee, Spouse and Divorced Spouse Annuities § 225...

National Computer Security Conference Proceedings (11th): A Postscript: Computer Security--Into the Future, 17-20 October 1988

DTIC Science & Technology

1988-10-20

The LOCK project , from its very beginnings as an implementation study for the Provably Secure Operating System in 1979...to the security field, can study to gain insight into the evaluation process. The project has developed an innovative format for the DTLS and FTLS...management tern becomes available, the Al Secure DBMS will be system (DBMS) that is currently being developed un- ported to it . der the Advanced

20 CFR 401.25 - Terms defined.

Code of Federal Regulations, 2012 CFR

2012-04-01

..., partnerships, and unincorporated business or professional groups of two or more persons. Information means... physical characteristics; earnings information; professional fees paid to an individual and other financial... Bureau of the Census, the General Accounting Office, or to Congress. Social Security Administration (SSA...

20 CFR 401.25 - Terms defined.

Code of Federal Regulations, 2014 CFR

2014-04-01

..., partnerships, and unincorporated business or professional groups of two or more persons. Information means... physical characteristics; earnings information; professional fees paid to an individual and other financial... Bureau of the Census, the General Accounting Office, or to Congress. Social Security Administration (SSA...

Fires. A Joint Publication for U.S. Artillery Professionals. September - October 2011

DTIC Science & Technology

2011-01-01

the LOCs was a constant challenge facing the Soviet forces in Afghanistan. Security of the LOCs determined the amount of forces which the Soviet...Afghan terrain was not ideal for a mechanized force dependent on fire power, secure LOCs and high-technology. Although the popular image of a...and secure LOCs are essential for the both the guerrilla and non-guerrilla force. Security missions, however, can tie up most of a conventional

The internet

PubMed Central

Al-Shahi, R; Sadler, M; Rees, G; Bateman, D

2002-01-01

The growing use of email and the world wide web (WWW), by the public, academics, and clinicians—as well as the increasing availability of high quality information on the WWW—make a working knowledge of the internet important. Although this article aims to enhance readers' existing use of the internet and medical resources on the WWW, it is also intelligible to someone unfamiliar with the internet. A web browser is one of the central pieces of software in modern computing: it is a window on the WWW, file transfer protocol sites, networked newsgroups, and your own computer's files. Effective use of the internet for professional purposes requires an understanding of the best strategies to search the WWW and the mechanisms for ensuring secure data transfer, as well as a compendium of online resources including journals, textbooks, medical portals, and sites providing high quality patient information. This article summarises these resources, available to incorporate into your web browser as downloadable "Favorites" or "Bookmarks" from www.jnnp.com, where there are also freely accessible hypertext links to the recommended sites. PMID:12438460

Predicting Airport Screening Officers' Visual Search Competency With a Rapid Assessment.

PubMed

Mitroff, Stephen R; Ericson, Justin M; Sharpe, Benjamin

2018-03-01

Objective The study's objective was to assess a new personnel selection and assessment tool for aviation security screeners. A mobile app was modified to create a tool, and the question was whether it could predict professional screeners' on-job performance. Background A variety of professions (airport security, radiology, the military, etc.) rely on visual search performance-being able to detect targets. Given the importance of such professions, it is necessary to maximize performance, and one means to do so is to select individuals who excel at visual search. A critical question is whether it is possible to predict search competency within a professional search environment. Method Professional searchers from the USA Transportation Security Administration (TSA) completed a rapid assessment on a tablet-based X-ray simulator (XRAY Screener, derived from the mobile technology app Airport Scanner; Kedlin Company). The assessment contained 72 trials that were simulated X-ray images of bags. Participants searched for prohibited items and tapped on them with their finger. Results Performance on the assessment significantly related to on-job performance measures for the TSA officers such that those who were better XRAY Screener performers were both more accurate and faster at the actual airport checkpoint. Conclusion XRAY Screener successfully predicted on-job performance for professional aviation security officers. While questions remain about the underlying cognitive mechanisms, this quick assessment was found to significantly predict on-job success for a task that relies on visual search performance. Application It may be possible to quickly assess an individual's visual search competency, which could help organizations select new hires and assess their current workforce.

77 FR 2108 - Self-Regulatory Organizations; BATS Exchange, Inc.; Notice of Filing and Immediate Effectiveness...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-13

... Professional,\\9\\ Firm and Market Maker \\10\\ orders that remove liquidity from the BATS Options order book. The Exchange proposes to raise the fee to $0.44 per contract for Professional, Firm and Market Maker orders... ``Professional'' means any person or entity that (i) is not a broker or dealer in securities, and (ii) places...

Report: EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0847, September 21, 2012.Our review of the security posture and in-place environmental controls of EPA’s Radiation and Indoor Environments National Laboratory computer room disclosed an array of security and environmental control deficiencies.

Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and securitymore » vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.« less

Blind Quantum Signature with Blind Quantum Computation

NASA Astrophysics Data System (ADS)

Li, Wei; Shi, Ronghua; Guo, Ying

2017-04-01

Blind quantum computation allows a client without quantum abilities to interact with a quantum server to perform a unconditional secure computing protocol, while protecting client's privacy. Motivated by confidentiality of blind quantum computation, a blind quantum signature scheme is designed with laconic structure. Different from the traditional signature schemes, the signing and verifying operations are performed through measurement-based quantum computation. Inputs of blind quantum computation are securely controlled with multi-qubit entangled states. The unique signature of the transmitted message is generated by the signer without leaking information in imperfect channels. Whereas, the receiver can verify the validity of the signature using the quantum matching algorithm. The security is guaranteed by entanglement of quantum system for blind quantum computation. It provides a potential practical application for e-commerce in the cloud computing and first-generation quantum computation.

Opening a new office: the dentist's personal frontier.

PubMed

Crafton, B Casey; Lofft, Alexander H

2006-01-01

The purpose of this article is to assist the dental practitioner by providing insight into commercial real estate and a framework for identifying and securing new office space, as well as by addressing concerns about the physical space of a dental practice. In the process of identifying and securing new office space, the dental practitioner can maximize efficiency and minimize risk by assembling a team of professionals to assist him or her. This team should be composed of an accountant and an attorney, as well as a dental equipment/design specialist and a commercial real estate professional. The professional team will provide invaluable assistance to the dentist, enabling him or her to avoid major financial, legal, logistic and real estate-related pitfalls inherent in establishing or moving a dental practice.

Computers Launch Faster, Better Job Matching

ERIC Educational Resources Information Center

Stevenson, Gloria

1976-01-01

Employment Security Automation Project (ESAP), a five-year program sponsored by the Employment and Training Administration, features an innovative computer-assisted job matching system and instantaneous computer-assisted service for unemployment insurance claimants. ESAP will also consolidate existing automated employment security systems to…

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption

PubMed Central

2015-01-01

Background The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. Methods We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. Results The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Conclusions Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics. PMID:26733391

FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption.

PubMed

Zhang, Yuchen; Dai, Wenrui; Jiang, Xiaoqian; Xiong, Hongkai; Wang, Shuang

2015-01-01

The increasing availability of genome data motivates massive research studies in personalized treatment and precision medicine. Public cloud services provide a flexible way to mitigate the storage and computation burden in conducting genome-wide association studies (GWAS). However, data privacy has been widely concerned when sharing the sensitive information in a cloud environment. We presented a novel framework (FORESEE: Fully Outsourced secuRe gEnome Study basEd on homomorphic Encryption) to fully outsource GWAS (i.e., chi-square statistic computation) using homomorphic encryption. The proposed framework enables secure divisions over encrypted data. We introduced two division protocols (i.e., secure errorless division and secure approximation division) with a trade-off between complexity and accuracy in computing chi-square statistics. The proposed framework was evaluated for the task of chi-square statistic computation with two case-control datasets from the 2015 iDASH genome privacy protection challenge. Experimental results show that the performance of FORESEE can be significantly improved through algorithmic optimization and parallel computation. Remarkably, the secure approximation division provides significant performance gain, but without missing any significance SNPs in the chi-square association test using the aforementioned datasets. Unlike many existing HME based studies, in which final results need to be computed by the data owner due to the lack of the secure division operation, the proposed FORESEE framework support complete outsourcing to the cloud and output the final encrypted chi-square statistics.

Portable appliance security apparatus

NASA Technical Reports Server (NTRS)

Kerley, J. J. (Inventor)

1981-01-01

An apparatus for securing a small computer, or other portable appliance, against theft is described. It is comprised of a case having an open back through which the computer is installed or removed. Guide members in the form of slots are formed in a rear portion of opposite walls of the case for receiving a back plate to cover the opening and thereby secure the computer within the case. An opening formed in the top wall of the case exposes the keyboard and display of the computer. The back plate is locked in the closed position by a key-operated plug type lock. The lock is attached to one end of a hold down cable, the opposite end thereof being secured to a desk top or other stationary object. Thus, the lock simultaneously secures the back plate to the case and retains the case to the stationary object.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

76 FR 5973 - Privacy Act of 1974; Notice; Publication of the Systems of Records Managed by the Commodity...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-02

...: Paper records are stored in file folders, binders, computer files (eLaw) and computer disks. Electronic records, including computer files, are stored on the Commission's network and other electronic media as... physical security measures. Technical security measures within CFTC include restrictions on computer access...

75 FR 53005 - Privacy Act of 1974, as amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-30

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as amended; Notice of Computer Matching Program...

78 FR 34678 - Privacy Act of 1974, as Amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer Matching Program...

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

Investigating the Relationship between Need for Cognition and Skill in Ethical Hackers

DOE Office of Scientific and Technical Information (OSTI.GOV)

Le Blanc, Katya; Freeman, Sarah

As technology gets more complex and increasingly connected, there is an increasing concern with cyber security. There is also a growing demand for cyber security professionals. Unfortunately there currently are not enough skilled professionals to meet that demand. In order to prepare the next generation of cyber security professionals to meet this demand, we need to understand what characteristics make skilled cyber security professionals. For this work, we focus on professionals who take an offensive approach to cyber security, so called ethical hackers. These hackers utilize many of the same skills that the adversaries that we defend against would use,more » with the goal of identifying vulnerabilities and address them before they are exploited by adversaries. A commonly held belief among ethical hackers is that hackers must possess exceptional curiosity and problem solving skills in order to be successful. Curiosity is has been studied extensively in psychology, but there is no consensus on what it is and how to measure it. Further, many existing inventories for assessing curiosity are targeted at measuring curiosity in children. Although there isn’t an accepted standard to assess curiosity in adults, a related construct, called Need for Cognition (may capture what is meant when people speak of curiosity. The Need for Cognition scale also captures the tendency toward preferring complex problems (which correlates with good problem solving skills), which may provide insight into what make skilled hackers. In addition to the Need for Cognition, we used a structured interview to assess hacker skill. Hackers rated their own skill on a scale from one to ten on a predefined list of hacker skills. They were then asked to rate a peer who they felt was most skilled in each of the skills. They were asked to rate two peers for each skill, one that they worked with directly and one person that was the most skilled in the field (these could be known by reputation only). The hypothesis is that hackers have a higher than average (i.e., compared to non-hackers) Need for cognition and that Need for Cognition will be positively correlated with self-reported and peer reported skill. We interviewed 20 cyber security researchers who specialize in offensive approaches. Based on the responses to the hacker skill inventory, we generated a self-reported skill score for each participant. We also developed a peer-rating for each participant based on the number of times each individual that was interviewed was named as the most skilled in a particular area. The results indicate that the sample of ethical hackers has a high Need for Cognition and that Need for cognition was related to both self-reported skill and peer-reported skill. The results are discussed in the context of training and recruitment of cyber security professionals.« less

New security infrastructure model for distributed computing systems

NASA Astrophysics Data System (ADS)

Dubenskaya, J.; Kryukov, A.; Demichev, A.; Prikhodko, N.

2016-02-01

At the paper we propose a new approach to setting up a user-friendly and yet secure authentication and authorization procedure in a distributed computing system. The security concept of the most heterogeneous distributed computing systems is based on the public key infrastructure along with proxy certificates which are used for rights delegation. In practice a contradiction between the limited lifetime of the proxy certificates and the unpredictable time of the request processing is a big issue for the end users of the system. We propose to use unlimited in time hashes which are individual for each request instead of proxy certificate. Our approach allows to avoid using of the proxy certificates. Thus the security infrastructure of distributed computing system becomes easier for development, support and use.

The dual use of research ethics committees: why professional self-governance falls short in preserving biosecurity.

PubMed

Salloch, Sabine

2018-06-05

Dual Use Research of Concern (DURC) constitutes a major challenge for research practice and oversight on the local, national and international level. The situation in Germany is shaped by two partly competing suggestions of how to regulate security-related research: The German Ethics Council, as an independent political advisory body, recommended a series of measures, including national legislation on DURC. Competing with that, the German National Academy of Sciences and the German Research Foundation, as two major professional bodies, presented a strategy which draws on the self-control of science and, inter alia, suggests expanding the scope of research ethics committees (RECs) to an evaluation of DURC. This situation is taken as an occasion to further discuss the scope and limits of professional self-control with respect to security-related research. The role of RECs as professional bodies of science is particularly analyzed, referring to the theoretical backgrounds of professionalism. Two key sociological features of professionalism - ethical orientation and professional self-control - are discussed with respect to the practice of biomedical science. Both attributes are then analyzed with respect to the assessment of DURC by RECs. In conclusion, it is stated that issues of biosecurity transcend the boundaries of the scientific community and that a more comprehensive strategy should be implemented encompassing both professional self-control and legal oversight.

Poland since Martial Law

DTIC Science & Technology

1988-12-01

medical services, professional mobility , job security, and education. These were among the "human rights" on which the socialist system was said to be...economic reform is to mean anything, job uncertainty will supersede full employment. Professional mobility , once an important safety valve against worker

12 CFR 263.402 - Removal, suspension, or debarment.

Code of Federal Regulations, 2011 CFR

2011-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in... violation of applicable professional standards in circumstances in which an accountant knows, or should know...

12 CFR 19.243 - Removal, suspension, or debarment.

Code of Federal Regulations, 2014 CFR

2014-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Public Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged... results in a violation of applicable professional standards in circumstances in which an accountant knows...

12 CFR 308.602 - Removal, suspension, or debarment.

Code of Federal Regulations, 2014 CFR

2014-01-01

... in conduct that results in a violation of applicable professional standards, including those... Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in negligent conduct... applicable professional standards in circumstances in which an accountant knows, or should know, that...

12 CFR 263.402 - Removal, suspension, or debarment.

Code of Federal Regulations, 2014 CFR

2014-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in... violation of applicable professional standards in circumstances in which an accountant knows, or should know...

12 CFR 308.602 - Removal, suspension, or debarment.

Code of Federal Regulations, 2013 CFR

2013-01-01

... in conduct that results in a violation of applicable professional standards, including those... Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in negligent conduct... applicable professional standards in circumstances in which an accountant knows, or should know, that...

12 CFR 19.243 - Removal, suspension, or debarment.

Code of Federal Regulations, 2013 CFR

2013-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Public Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged... results in a violation of applicable professional standards in circumstances in which an accountant knows...

12 CFR 308.602 - Removal, suspension, or debarment.

Code of Federal Regulations, 2012 CFR

2012-01-01

... in conduct that results in a violation of applicable professional standards, including those... Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in negligent conduct... applicable professional standards in circumstances in which an accountant knows, or should know, that...

12 CFR 263.402 - Removal, suspension, or debarment.

Code of Federal Regulations, 2012 CFR

2012-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in... violation of applicable professional standards in circumstances in which an accountant knows, or should know...

12 CFR 19.243 - Removal, suspension, or debarment.

Code of Federal Regulations, 2011 CFR

2011-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Public Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged... results in a violation of applicable professional standards in circumstances in which an accountant knows...

12 CFR 19.243 - Removal, suspension, or debarment.

Code of Federal Regulations, 2012 CFR

2012-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Public Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged... results in a violation of applicable professional standards in circumstances in which an accountant knows...

77 FR 61659 - Proposed Information Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-10

... professional education programs and the renewal of the enrollment status for those individuals admitted... years. For additional information on renewals, see Circular 230 or visit the Office of Professional... Accounting Method for Dealers in Securities. OMB Number: 1545-1558. Revenue Procedure Number: Revenue...

12 CFR 308.602 - Removal, suspension, or debarment.

Code of Federal Regulations, 2011 CFR

2011-01-01

... in conduct that results in a violation of applicable professional standards, including those... Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in negligent conduct... applicable professional standards in circumstances in which an accountant knows, or should know, that...

12 CFR 263.402 - Removal, suspension, or debarment.

Code of Federal Regulations, 2013 CFR

2013-01-01

... recklessly engaged in conduct that results in a violation of applicable professional standards, including... Company Accounting Oversight Board and the Securities and Exchange Commission; (iii) Has engaged in... violation of applicable professional standards in circumstances in which an accountant knows, or should know...

Professional Development Needs as Perceived by Minnesota Industrial Arts/Technology Teachers.

ERIC Educational Resources Information Center

Johnson, Scott D.; Summers, Keith

1984-01-01

Describes a profile of professional development needs that was developed through a survey of 150 industrial arts/technology teachers in Minnesota. The greatest need was in the area of job environment: salary, job security, facilities and equipment, and discipline. (SK)

33 CFR 137.25 - Qualifications of the environmental professional.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Qualifications of the environmental professional. 137.25 Section 137.25 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL...

33 CFR 137.25 - Qualifications of the environmental professional.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Qualifications of the environmental professional. 137.25 Section 137.25 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL...

33 CFR 137.25 - Qualifications of the environmental professional.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Qualifications of the environmental professional. 137.25 Section 137.25 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL...

33 CFR 137.25 - Qualifications of the environmental professional.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Qualifications of the environmental professional. 137.25 Section 137.25 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL...

33 CFR 137.25 - Qualifications of the environmental professional.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Qualifications of the environmental professional. 137.25 Section 137.25 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL...

Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines

ERIC Educational Resources Information Center

Waguespack, Leslie J.

2014-01-01

With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…

76 FR 30150 - Establishment of a New System of Records for Personal Information Collected by the Environmental...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... the entire information system with respect to computer security, prohibition and detection of any.... Safeguards: --Computer-stored information is protected in accordance with the Agency's security requirements..., loaner car agreement, cash incentives agreement (includes social security number for mandatory tax...

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

MIT Lincoln Laboratory Annual Report 2007: Technology in Support of National Security

DTIC Science & Technology

2007-01-01

technical innovation and scientific discoveries. MISSION: TechnoLogy In SupporT of naTIonaL SecurITy 2007 Dr. Claude R. Canizares Vice president for...problems. The Lincoln Laboratory New Technology Initiatives Program is one of several internal technology innovation mechanisms. Technologies emerging...externships. LIFT2, an innovative professional learning program for science, technology , and math teachers, serves Massachusetts metro south/west region

Comparative Analysis of Curricula for Bachelor's Degree in Cyber Security in the USA and Ukraine

ERIC Educational Resources Information Center

Bystrova, Bogdana

2017-01-01

At the present stage of science and technology development the need to strengthen cyber security in every developed country and transform it into one of the most important sectors of society is growing. The peculiarities of the professional training of cyber security bachelors in the U.S. higher education system have been defined. The relevance of…

From Communities of Interest to Communities of Practice: The Role and Impact of Professional Development in Nuclear Security Education

ERIC Educational Resources Information Center

Moran, Matthew; Hobbs, Christopher

2018-01-01

In recent years, nuclear security has gained prominence on the international security agenda. Driven by post 9/11 anxieties and the politicization of fears regarding nuclear terrorism, concerns in this area have spawned a wealth of initiatives, which seek to counter this threat. Principal among these have been efforts to promote nuclear security…

Secure public cloud platform for medical images sharing.

PubMed

Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

2015-01-01

Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

76 FR 70207 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-10

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of Proposed Rule Change Regarding Professional Qualifications and Information Concerning Associated Persons November 3... information concerning associated persons. The proposed rule change was published for comment in the Federal...

Computer simulation of functioning of elements of security systems

NASA Astrophysics Data System (ADS)

Godovykh, A. V.; Stepanov, B. P.; Sheveleva, A. A.

2017-01-01

The article is devoted to issues of development of the informational complex for simulation of functioning of the security system elements. The complex is described from the point of view of main objectives, a design concept and an interrelation of main elements. The proposed conception of the computer simulation provides an opportunity to simulate processes of security system work for training security staff during normal and emergency operation.

Position statement. Restructuring, work redesign, and the job and career security of registered nurses. American Nurses Association.

PubMed

1996-01-01

The American Nurses Association (ANA) is committed to safeguarding the public, protecting and advancing the careers of professional nurses, supporting individual and collective efforts by registered nurses to protect their clients and enhancing the professional development and job security of registered nurses. As the nation's health care system is restructured, ANA is actively engaged in initiatives to strengthen the economic and general welfare of registered nurses, the safety and care for the public, and, in partnership with the state nurses associations (SNAs), oppose efforts to replace registered nurses with inappropriate substitutes.

A secure file manager for UNIX

DOE Office of Scientific and Technical Information (OSTI.GOV)

DeVries, R.G.

1990-12-31

The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure filemore » manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.« less

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

A Dedicated Computational Platform for Cellular Monte Carlo T-CAD Software Tools

DTIC Science & Technology

2015-07-14

computer that establishes an encrypted Virtual Private Network ( OpenVPN [44]) based on the Secure Socket Layer (SSL) paradigm. Each user is given a...security certificate for each device used to connect to the computing nodes. Stable OpenVPN clients are available for Linux, Microsoft Windows, Apple OSX...platform is granted by an encrypted connection base on the Secure Socket Layer (SSL) protocol, and implemented in the OpenVPN Virtual Personal Network

Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication

DTIC Science & Technology

2017-05-22

Proceedings of the International Conference on Security and Management (SAM 󈧇) In Proceedings of the 2014 ACM SIGSAC Conference on Computer and...Communications Security (CCS ’14) In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’10) In Proceedings of the 3rd Symposium...on Usable Privacy and Security (SOUPS ’07) In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’12) In Proceedings of

The hack attack - Increasing computer system awareness of vulnerability threats

NASA Technical Reports Server (NTRS)

Quann, John; Belford, Peter

1987-01-01

The paper discusses the issue of electronic vulnerability of computer based systems supporting NASA Goddard Space Flight Center (GSFC) by unauthorized users. To test the security of the system and increase security awareness, NYMA, Inc. employed computer 'hackers' to attempt to infiltrate the system(s) under controlled conditions. Penetration procedures, methods, and descriptions are detailed in the paper. The procedure increased the security consciousness of GSFC management to the electronic vulnerability of the system(s).

33 CFR 137.35 - Inquiries by an environmental professional.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Inquiries by an environmental professional. 137.35 Section 137.35 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL LIABILITY...

33 CFR 137.35 - Inquiries by an environmental professional.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Inquiries by an environmental professional. 137.35 Section 137.35 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE POLLUTION FINANCIAL RESPONSIBILITY AND COMPENSATION OIL SPILL LIABILITY...

Professional Development: Catalyst for Change?

ERIC Educational Resources Information Center

Niederhauser, Dale; Wessling, Sarah

2011-01-01

Difficulty securing adequate professional development (PD) has long been a barrier to the effective implementation of educational technology. Concerns about the dearth of PD for helping teachers integrate technology into their instructional practices raised nearly 25 years ago appear to still hold true despite repeated calls for increased…

Professional Development Seen as Employment Capital

ERIC Educational Resources Information Center

Mackay, Margaret

2017-01-01

Practitioners need to invest in professional development to enhance credibility, job security and employment prospects. Employer expectations of continuing development as a performance measure link to the notion of career capital; namely that knowledge competence influences job advancement. This study uses an interpretivist approach to explore…

Flying Solo: Librarian, Manage Thyself.

ERIC Educational Resources Information Center

Siess, Judith A.

1999-01-01

Discusses solo librarians, or one-person librarians, and the benefits and disadvantages of being the only professional in a library. Topics include independence, variety, enhanced feelings of self-worth, professional isolation, lack of clerical support, lack of job security, low pay, and a list of pertinent resources. (LRW)

76 FR 52353 - Assumption Buster Workshop: “Current Implementations of Cloud Computing Indicate a New Approach...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-22

... explored in this series is cloud computing. The workshop on this topic will be held in Gaithersburg, MD on October 21, 2011. Assertion: ``Current implementations of cloud computing indicate a new approach to security'' Implementations of cloud computing have provided new ways of thinking about how to secure data...

76 FR 43278 - Privacy Act; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-20

... computer (PC). The Security Management Officer's office remains locked when not in use. RETENTION AND... records to include names, addresses, social security numbers, service computation dates, leave usage data... that resides on a desktop computer. RETRIEVABILITY: Records maintained in file folders are indexed and...

78 FR 15730 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... 1974; Computer Matching Program AGENCY: U.S. Citizenship and Immigration Services, Department of... Matching Program between the Department of Homeland Security, U.S. Citizenship and Immigration Services and... computer matching program between the Department of Homeland Security, U.S. Citizenship and Immigration...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2012 CFR

2012-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2010 CFR

2010-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2013 CFR

2013-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2011 CFR

2011-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

28 CFR 25.8 - System safeguards.

Code of Federal Regulations, 2014 CFR

2014-07-01

... justice agency computer site must have adequate physical security to protect against any unauthorized... Index is stored electronically for use in an FBI computer environment. The NICS central computer will... authorized personnel who have identified themselves and their need for access to a system security officer...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0007] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Discussing sexual and relationship health with young people in a children's hospital: evaluation of a computer-based resource.

PubMed

Bray, Lucy; Sanders, Caroline; McKenna, Jacqueline

2013-12-01

To investigate health professionals' evaluation of a computer-based resource designed to improve discussions about sexual and relationship health with young people. Evidence suggests that some health professionals can experience discomfort discussing sexual health and relationship issues with young people. Professionals within hospital settings should have the knowledge, competencies and skills to be able to ask young people sexual health questions and provide accurate sexual health education. Despite some educational material being available for community and adult services, there are no resources available, which are directly relevant to holding opportunistic discussions with young people within an acute children's hospital. A descriptive survey design. One hundred and fourteen health professionals from a children's hospital in the UK were involved in evaluating a computer-based resource. All completed an online questionnaire survey comprising of closed and open questions. The health professionals reported that the computer-based resource had a positive influence on their knowledge and clinical practice. The videos as well as the concise nature of the resource were evaluated highly. Learning was facilitated by professionals being able to control their learning through rerunning and accessing the resource on numerous occasions. An engaging, accessible computer-based resource has the capability to positively impact on health professionals' knowledge of, and skills in, starting and holding sexual health conversations with young people accessing a children's hospital. Health professionals working with children and young people value accessible, relevant and short computer-based training. This can facilitate knowledge and skill acquisition despite variation in working patterns. Improving the knowledge and skills of professionals working with young people to facilitate appropriate yet opportunistic sexual health discussions is important within the public health agenda. © 2013 John Wiley & Sons Ltd.

The strategic security officer.

PubMed

Hodges, Charles

2014-01-01

This article discusses the concept of the strategic security officer, and the potential that it brings to the healthcare security operational environment. The author believes that training and development, along with strict hiring practices, can enable a security department to reach a new level of professionalism, proficiency and efficiency. The strategic officer for healthcare security is adapted from the "strategic corporal" concept of US Marine Corps General Charles C. Krulak which focuses on understanding the total force implications of the decisions made by the lowest level leaders within the Corps (Krulak, 1999). This article focuses on the strategic organizational implications of every security officer's decisions in the constantly changing and increasingly volatile operational environment of healthcare security.

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

Department of Defense High Performance Computing Modernization Program. 2008 Annual Report

DTIC Science & Technology

2009-04-01

place to another on the network. Without it, a computer could only talk to itself - no email, no web browsing, and no iTunes . Most of the Internet...Your SecurID Card ), Ken Renard Secure Wireless, Rob Scott and Stephen Bowman Securing Today’s Networks, Rich Whittney, Juniper Networks, Federal

Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

ERIC Educational Resources Information Center

Telecommunications Policy Research Conference, Inc., Washington, DC.

In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

ERIC Educational Resources Information Center

Foltz, C. Bryan; Renwick, Janet S.

2011-01-01

The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Tools for Administration of a UNIX-Based Network

NASA Technical Reports Server (NTRS)

LeClaire, Stephen; Farrar, Edward

2004-01-01

Several computer programs have been developed to enable efficient administration of a large, heterogeneous, UNIX-based computing and communication network that includes a variety of computers connected to a variety of subnetworks. One program provides secure software tools for administrators to create, modify, lock, and delete accounts of specific users. This program also provides tools for users to change their UNIX passwords and log-in shells. These tools check for errors. Another program comprises a client and a server component that, together, provide a secure mechanism to create, modify, and query quota levels on a network file system (NFS) mounted by use of the VERITAS File SystemJ software. The client software resides on an internal secure computer with a secure Web interface; one can gain access to the client software from any authorized computer capable of running web-browser software. The server software resides on a UNIX computer configured with the VERITAS software system. Directories where VERITAS quotas are applied are NFS-mounted. Another program is a Web-based, client/server Internet Protocol (IP) address tool that facilitates maintenance lookup of information about IP addresses for a network of computers.

Training in the Post-Terrorism Era.

ERIC Educational Resources Information Center

Caudron, Shari

2002-01-01

A survey of training professionals revealed how the terrorist attacks of September 11, 2001 changed employee attitudes toward training. Decreased travel, increased use of distance technologies, development of security and evacuation plans, and emphasis on such topics as diversity, stress management, and security are some of the changes. (JOW)

Former Nonproliferation Graduate Fellow Served at U.S. Mission

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brim, Cornelia P.

2014-10-01

Because of her training and professional experiences, Rosalyn Leitch, a Security Specialist at Pacific Northwest National Laboratory and former Nonproliferation Graduate Fellow with NIS (2012-2013) was able to transition into temporary assignment as UNVIE Acting Nuclear Security Attaché from November 2013 through February 2014.

Exploring Experienced Professionals' Reflections on Computing Education

ERIC Educational Resources Information Center

Exter, Marisa; Turnage, Nichole

2012-01-01

This exploratory qualitative study examines computing professional's memories of their own formal and non-formal educational experiences, their reflections on how these have prepared them for their professional roles, and their recommendations for an "ideal" undergraduate degree program. Data was collected through semi-structured interviews of…

Professionalism in Computer Forensics

NASA Astrophysics Data System (ADS)

Irons, Alastair D.; Konstadopoulou, Anastasia

The paper seeks to address the need to consider issues regarding professionalism in computer forensics in order to allow the discipline to develop and to ensure the credibility of the discipline from the differing perspectives of practitioners, the criminal justice system and in the eyes of the public. There is a need to examine and develop professionalism in computer forensics in order to promote the discipline and maintain the credibility of the discipline.

Integrating Laptop Computers into Classroom: Attitudes, Needs, and Professional Development of Science Teachers—A Case Study

NASA Astrophysics Data System (ADS)

Klieger, Aviva; Ben-Hur, Yehuda; Bar-Yossef, Nurit

2010-04-01

The study examines the professional development of junior-high-school teachers participating in the Israeli "Katom" (Computer for Every Class, Student and Teacher) Program, begun in 2004. A three-circle support and training model was developed for teachers' professional development. The first circle applies to all teachers in the program; the second, to all teachers at individual schools; the third to teachers of specific disciplines. The study reveals and describes the attitudes of science teachers to the integration of laptop computers and to the accompanying professional development model. Semi-structured interviews were conducted with eight science teachers from the four schools participating in the program. The interviews were analyzed according to the internal relational framework taken from the information that arose from the interviews. Two factors influenced science teachers' professional development: (1) Introduction of laptops to the teachers and students. (2) The support and training system. Interview analysis shows that the disciplinary training is most relevant to teachers and they are very interested in belonging to the professional science teachers' community. They also prefer face-to-face meetings in their school. Among the difficulties they noted were the new learning environment, including control of student computers, computer integration in laboratory work and technical problems. Laptop computers contributed significantly to teachers' professional and personal development and to a shift from teacher-centered to student-centered teaching. One-to-One laptops also changed the schools' digital culture. The findings are important for designing concepts and models for professional development when introducing technological innovation into the educational system.

A New Approach to Understanding Information Assurance

NASA Astrophysics Data System (ADS)

Blyth, Andrew; Williams, Colin; Bryant, Ian; Mattinson, Harvey

The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include Non-Repudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modern use of computing has generated. Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Professional's Attitudes Do Not Influence Screening and Brief Interventions Rates for Hazardous and Harmful Drinkers: Results from ODHIN Study.

PubMed

Bendtsen, Preben; Anderson, Peter; Wojnar, Marcin; Newbury-Birch, Dorothy; Müssener, Ulrika; Colom, Joan; Karlsson, Nadine; Brzózka, Krzysztof; Spak, Fredrik; Deluca, Paolo; Drummond, Colin; Kaner, Eileen; Kłoda, Karolina; Mierzecki, Artur; Okulicz-Kozaryn, Katarzyna; Parkinson, Kathryn; Reynolds, Jillian; Ronda, Gaby; Segura, Lidia; Palacio, Jorge; Baena, Begoña; Slodownik, Luiza; van Steenkiste, Ben; Wolstenholme, Amy; Wallace, Paul; Keurhorst, Myrna N; Laurant, Miranda G H; Gual, Antoni

2015-07-01

To determine the relation between existing levels of alcohol screening and brief intervention rates in five European jurisdictions and role security and therapeutic commitment by the participating primary healthcare professionals. Health care professionals consisting of, 409 GPs, 282 nurses and 55 other staff including psychologists, social workers and nurse aids from 120 primary health care centres participated in a cross-sectional 4-week survey. The participants registered all screening and brief intervention activities as part of their normal routine. The participants also completed the Shortened Alcohol and Alcohol Problems Perception Questionnaire (SAAPPQ), which measure role security and therapeutic commitment. The only significant but small relationship was found between role security and screening rate in a multilevel logistic regression analysis adjusted for occupation of the provider, number of eligible patients and the random effects of jurisdictions and primary health care units (PHCU). No significant relationship was found between role security and brief intervention rate nor between therapeutic commitment and screening rate/brief intervention rate. The proportion of patients screened varied across jurisdictions between 2 and 10%. The findings show that the studied factors (role security and therapeutic commitment) are not of great importance for alcohol screening and BI rates. Given the fact that screening and brief intervention implementation rate has not changed much in the last decade in spite of increased policy emphasis, training initiatives and more research being published, this raises a question about what else is needed to enhance implementation. © The Author 2015. Medical Council on Alcohol and Oxford University Press. All rights reserved.

Security Cooperation and Professional Military Education: Developing Better Theater Campaign Planners

DTIC Science & Technology

2012-05-22

publication of the Security Cooperation Guidance ( SCG ), 32 U.S. Joint Chiefs of Staff, Joint Operation...format and content of the plans themselves. 2 The 2003 release of the classified SCG , which replaced TEPs with TSCPs, rendered CJCSM 3113.01 obsolete...interests while providing the SecDef increased visibility on and control over security cooperation activities, but the SCG was not as explicit in its

Theoretical Interpretation of the Fluorescence Spectra of Toluene and P- Cresol

DTIC Science & Technology

1994-07-01

NUMBER OF PAGES Toluene Geometrica 25 p-Cresol Fluorescence Is. PRICE CODE Spectra 17. SECURITY CLASSIFICATION 13. SECURITY CLASSIFICATION 19...State Frequencies of Toluene ................ 19 6 Computed and exp" Ground State Frequencies of p-Cresol ............... 20 7 Correction Factors for...Computed Ground State Vibrational Frequencies ....... 21 8 Computed and Corrected Excited State Frequencies of Toluene ............. 22 9 Computed and

An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

ERIC Educational Resources Information Center

Bergart, Jeffrey G.; And Others

This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

Explicating Development of Personal Professional Theories from Higher Vocational Education to Beginning a Professional Career through Computer-Supported Drawing of Concept Maps

ERIC Educational Resources Information Center

van den Bogaart, Antoine C. M.; Hummel, Hans G. K.; Kirschner, Paul A.

2018-01-01

This article explores how personal professional theories (PPTs) develop. PPT development of nine junior accountants and nine novice teachers was monitored by repeated measurements over a period of 1.5 years, from the last year of vocational education until the second year of their professional careers. Computer-supported construction of PPT…

How Do We Really Compute with Units?

ERIC Educational Resources Information Center

Fiedler, B. H.

2010-01-01

The methods that we teach students for computing with units of measurement are often not consistent with the practice of professionals. For professionals, the vast majority of computations with quantities of measure are performed within programs on electronic computers, for which an accounting for the units occurs only once, in the design of the…

17 CFR 171.4 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 171.4 Section 171.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... computing any period of time prescribed by these rules or allowed by the Commission, the day of the act...

17 CFR 12.5 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 12.5 Section 12.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES RELATING TO... general. In computing any period of time prescribed by these rules or allowed by the Commission, the...

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

75 FR 68396 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

78 FR 16564 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0073] Privacy Act of 1974, as Amended...

78 FR 12127 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... 1310 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0007] Privacy Act of 1974, as Amended...

75 FR 51154 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... 1310 AGENCY: Social Security Administration (SSA) ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0035] Privacy Act of 1974, as Amended...

78 FR 69926 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0059] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

76 FR 21091 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0022] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

78 FR 16726 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Price, Managing Director, Securities Industry and Financial Markets Association, dated October 4, 2012... other industry professionals will have difficulty pricing options during Limit States and Straddle... conditions have changed and (ii) gaming the obvious error rule to retroactively adjust market maker quotes by...

76 FR 60953 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-30

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of Proposed Rule Change Regarding Professional Qualifications and Information Concerning Associated Persons September 26, 2011... Organization's Statement of the Terms of Substance of the Proposed Rule Change The MSRB is filing with the SEC...

Report of the Public Cryptography Study Group.

ERIC Educational Resources Information Center

American Council on Education, Washington, DC.

Concerns of the National Security Agency (NSA) that information contained in some articles about cryptography in learned and professional journals and in monographs might be inimical to the national security are addressed. The Public Cryptography Study Group, with one dissenting opinion, recommends that a voluntary system of prior review of…

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Securing Secrets and Managing Trust in Modern Computing Applications

ERIC Educational Resources Information Center

Sayler, Andy

2016-01-01

The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control…

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

Security Meets Real-World Computing. Building Digital Libraries

ERIC Educational Resources Information Center

Huwe, Terence K.

2005-01-01

The author of this column describes several instances in which secure data on computers were compromised. In each of these instances, a different route was involved in gaining access to the secure data--one by office-based theft, one by hacking, and one by burglary. Is is proposed that the most difficult factor to guarantee in the protection of…

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

ERIC Educational Resources Information Center

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

Database Design Methodology and Database Management System for Computer-Aided Structural Design Optimization.

DTIC Science & Technology

1984-12-01

52242 Prepared for the AIR FORCE OFFICE OF SCIENTIFIC RESEARCH Under Grant No. AFOSR 82-0322 December 1984 ~ " ’w Unclassified SECURITY CLASSIFICATION4...OF THIS PAGE REPORT DOCUMENTATION PAGE is REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS Unclassified None 20 SECURITY CLASSIFICATION...designer .and computer- are 20 DIiRIBUTION/AVAILABI LIT Y 0P ABSTR4ACT 21 ABSTRACT SECURITY CLASSIFICA1ONr UNCLASSIFIED/UNLIMITED SAME AS APT OTIC USERS

76 FR 29014 - Self-Regulatory Organizations; NASDAQ Stock Market, LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-19

... those who meet the Professional definition have certain technological and informational advantages over... Chapter I, Section I (Definitions). See also Securities Exchange Act Release Nos. 63028 (October 1, 2010... Professionals have the same technological and informational advantages as broker-dealers trading for their own...

Professional Challenges in School Counseling: Organizational, Institutional and Political

ERIC Educational Resources Information Center

Hatch, Trish A.

2008-01-01

The school counseling profession has struggled throughout history to secure a legitimate integral position in the educational mission of school. The profession is more likely to gain acceptance and be seen as a legitimate profession if we understand three theories that form the foundation of professional legitimacy: Organizational Theory,…

20 CFR 438.205 - Professional and technical services.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Section 438.205 Employees' Benefits SOCIAL SECURITY ADMINISTRATION RESTRICTIONS ON LOBBYING Activities by... influence made by a professional (such as a licensed lawyer) or a technical person (such as a licensed..., communications with the intent to influence made by a lawyer that do not provide legal advice or analysis...

20 CFR 438.205 - Professional and technical services.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Section 438.205 Employees' Benefits SOCIAL SECURITY ADMINISTRATION RESTRICTIONS ON LOBBYING Activities by... influence made by a professional (such as a licensed lawyer) or a technical person (such as a licensed..., communications with the intent to influence made by a lawyer that do not provide legal advice or analysis...

29 CFR 541.708 - Combination exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... DELIMITING THE EXEMPTIONS FOR EXECUTIVE, ADMINISTRATIVE, PROFESSIONAL, COMPUTER AND OUTSIDE SALES EMPLOYEES..., professional, outside sales and computer employees may qualify for exemption. Thus, for example, an employee...

Joint the Center for Applied Scientific Computing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gamblin, Todd; Bremer, Timo; Van Essen, Brian

The Center for Applied Scientific Computing serves as Livermore Lab’s window to the broader computer science, computational physics, applied mathematics, and data science research communities. In collaboration with academic, industrial, and other government laboratory partners, we conduct world-class scientific research and development on problems critical to national security. CASC applies the power of high-performance computing and the efficiency of modern computational methods to the realms of stockpile stewardship, cyber and energy security, and knowledge discovery for intelligence applications.

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-04-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-01-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

Protecting genomic data analytics in the cloud: state of the art and opportunities.

PubMed

Tang, Haixu; Jiang, Xiaoqian; Wang, Xiaofeng; Wang, Shuang; Sofia, Heidi; Fox, Dov; Lauter, Kristin; Malin, Bradley; Telenti, Amalio; Xiong, Li; Ohno-Machado, Lucila

2016-10-13

The outsourcing of genomic data into public cloud computing settings raises concerns over privacy and security. Significant advancements in secure computation methods have emerged over the past several years, but such techniques need to be rigorously evaluated for their ability to support the analysis of human genomic data in an efficient and cost-effective manner. With respect to public cloud environments, there are concerns about the inadvertent exposure of human genomic data to unauthorized users. In analyses involving multiple institutions, there is additional concern about data being used beyond agreed research scope and being prcoessed in untrused computational environments, which may not satisfy institutional policies. To systematically investigate these issues, the NIH-funded National Center for Biomedical Computing iDASH (integrating Data for Analysis, 'anonymization' and SHaring) hosted the second Critical Assessment of Data Privacy and Protection competition to assess the capacity of cryptographic technologies for protecting computation over human genomes in the cloud and promoting cross-institutional collaboration. Data scientists were challenged to design and engineer practical algorithms for secure outsourcing of genome computation tasks in working software, whereby analyses are performed only on encrypted data. They were also challenged to develop approaches to enable secure collaboration on data from genomic studies generated by multiple organizations (e.g., medical centers) to jointly compute aggregate statistics without sharing individual-level records. The results of the competition indicated that secure computation techniques can enable comparative analysis of human genomes, but greater efficiency (in terms of compute time and memory utilization) are needed before they are sufficiently practical for real world environments.

Secure Cloud Computing Implementation Study For Singapore Military Operations

DTIC Science & Technology

2016-09-01

COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS by Lai Guoquan September 2016 Thesis Advisor: John D. Fulp Co-Advisor...DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SECURE CLOUD COMPUTING IMPLEMENTATION STUDY FOR SINGAPORE MILITARY OPERATIONS 5. FUNDING NUMBERS...addition, from the military perspective, the benefits of cloud computing were analyzed from a study of the U.S. Department of Defense. Then, using

A security mechanism based on evolutionary game in fog computing.

PubMed

Sun, Yan; Lin, Fuhong; Zhang, Nan

2018-02-01

Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

Computers and School Nurses in a Financially Stressed School System: The Case of St. Louis

ERIC Educational Resources Information Center

Cummings, Scott

2013-01-01

This article describes the incorporation of computer technology into the professional lives of school nurses. St. Louis, Missouri, a major urban school system, is the site of the study. The research describes several major impacts computer technology has on the professional responsibilities of school nurses. Computer technology not only affects…

It Takes a Village: Supporting Inquiry- and Equity-Oriented Computer Science Pedagogy through a Professional Learning Community

ERIC Educational Resources Information Center

Ryoo, Jean; Goode, Joanna; Margolis, Jane

2015-01-01

This article describes the importance that high school computer science teachers place on a teachers' professional learning community designed around an inquiry- and equity-oriented approach for broadening participation in computing. Using grounded theory to analyze four years of teacher surveys and interviews from the Exploring Computer Science…

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental...

Information Security in the Age of Cloud Computing

ERIC Educational Resources Information Center

Sims, J. Eric

2012-01-01

Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

77 FR 33547 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare and Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare and Medicaid Services (CMS))--Match Number 1094 AGENCY: Social Security Administration (SSA). ACTION: Notice of a new computer matching program that will expire...

Business Administration and Computer Science Degrees: Earnings, Job Security, and Job Satisfaction

ERIC Educational Resources Information Center

Mehta, Kamlesh; Uhlig, Ronald

2017-01-01

This paper examines the potential of business administration vs. computer science degrees in terms of earnings, job security, and job satisfaction. The paper focuses on earnings potential five years and ten years after the completion of business administration and computer science degrees. Moreover, the paper presents the income changes with…

77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-11

... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...

20 CFR 225.24 - SS Earnings PIA used in survivor annuities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security Earnings PIA (SS Earnings PIA) used in survivor annuities may be used in computing the tier II... the Social Security Act as in effect on December 31, 1974. It is computed using the deceased employee... RETIREMENT ACT PRIMARY INSURANCE AMOUNT DETERMINATIONS PIA's Used in Computing Survivor Annuities and the...

Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria. Version 1.

DTIC Science & Technology

1987-07-01

for Secure Computer Systema, MTR-3153, The MITRE Corporation, Bedford, MA, June 1975. 1 See, for example, M. D. Abrams and H. J. Podell , Tutorial...References References Abrams, M. D. and H. J. Podell , Tutorial: Computer and Network Security, IEEE Com- puter Society Press, 1987. Addendum to the

17 CFR 10.5 - Computation of time.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Computation of time. 10.5 Section 10.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION RULES OF PRACTICE... computed is to be included unless it is a Saturday, a Sunday, or a legal holiday; in which event the period...

77 FR 49849 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-17

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer-matching... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0021] Privacy Act of 1974, as Amended...

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

hPIN/hTAN: Low-Cost e-Banking Secure against Untrusted Computers

NASA Astrophysics Data System (ADS)

Li, Shujun; Sadeghi, Ahmad-Reza; Schmitz, Roland

We propose hPIN/hTAN, a low-cost token-based e-banking protection scheme when the adversary has full control over the user's computer. Compared with existing hardware-based solutions, hPIN/hTAN depends on neither second trusted channel, nor secure keypad, nor computationally expensive encryption module.

77 FR 38880 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-29

... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0002] Privacy Act of 1974, as Amended...

77 FR 27108 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-08

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching... protections for such persons. The Privacy Act, as amended, regulates the use of computer matching by Federal... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0010] Privacy Act of 1974, as Amended...

78 FR 37647 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0010] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing computer matching program that will expire on...

78 FR 51264 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-20

... 1016 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0022] Privacy Act of 1974, as Amended...

77 FR 24756 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0084] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988...

77 FR 6620 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/the States); Match 6000 and 6003

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-08

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0102] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ the States); Match 6000 and 6003 AGENCY: Social Security Administration..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

75 FR 18251 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0066] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match 1305 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

76 FR 12398 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0034] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1304 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

77 FR 24757 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0083] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1015 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 62623 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match Number 1016 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 59780 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-28

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0040] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security...: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L.) 100-503), amended the...

Research and realization implementation of monitor technology on illegal external link of classified computer

NASA Astrophysics Data System (ADS)

Zhang, Hong

2017-06-01

In recent years, with the continuous development and application of network technology, network security has gradually entered people's field of vision. The host computer network external network of violations is an important reason for the threat of network security. At present, most of the work units have a certain degree of attention to network security, has taken a lot of means and methods to prevent network security problems such as the physical isolation of the internal network, install the firewall at the exit. However, these measures and methods to improve network security are often not comply with the safety rules of human behavior damage. For example, the host to wireless Internet access and dual-network card to access the Internet, inadvertently formed a two-way network of external networks and computer connections [1]. As a result, it is possible to cause some important documents and confidentiality leak even in the the circumstances of user unaware completely. Secrecy Computer Violation Out-of-band monitoring technology can largely prevent the violation by monitoring the behavior of the offending connection. In this paper, we mainly research and discuss the technology of secret computer monitoring.

The method of a joint intraday security check system based on cloud computing

NASA Astrophysics Data System (ADS)

Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

2017-01-01

The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

PubMed

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

A System Architecture to Support a Verifiably Secure Multilevel Security System.

DTIC Science & Technology

1980-06-01

4] Newmann, P.G., R. Fabry, K. Levitt, L. Robin - provide a tradeoff between cost and system secur- son, J. Wensley , "On the Design of a Provably ity...ICS-80/05 NL 112. 11W1 --1.25 1111 6 Mli,’O~ll Rl OIIION W AII .q3 0 School of Information and Computer Science S =GEORGIA INSTITUTE OF TECHNOLOGY 808...Multilevel Security Systemt (Extended Abstract) George I. Davida Department of Electical Engineering and Computer Science University of Wisconsin

Recommended Methodology for Inter-Service/Agency Automated Message Processing Exchange (I-S/A AMPE). Cost and Schedule Analysis of Security Alternatives.

DTIC Science & Technology

1982-02-23

segregate the computer and storage from the outside world 2. Administrative security to control access to secure computer facilities 3. Network security to...Classification Alternative A- 8 NETWORK KG GENSER DSSCS AMPE TERMINALS TP No. 022-4668-A Figure A-2. Dedicated Switching Architecture Alternative A- 9...communications protocol with the network and GENSER message transmission to the - I-S/A AMPE processor. 7. DSSCS TPU - Handles communications protocol with

75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-01

... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...

Complete Insecurity of Quantum Protocols for Classical Two-Party Computation

NASA Astrophysics Data System (ADS)

Buhrman, Harry; Christandl, Matthias; Schaffner, Christian

2012-10-01

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other’s input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.

Complete insecurity of quantum protocols for classical two-party computation.

PubMed

Buhrman, Harry; Christandl, Matthias; Schaffner, Christian

2012-10-19

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other's input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.

Secure environment for real-time tele-collaboration on virtual simulation of radiation treatment planning.

PubMed

Ntasis, Efthymios; Maniatis, Theofanis A; Nikita, Konstantina S

2003-01-01

A secure framework is described for real-time tele-collaboration on Virtual Simulation procedure of Radiation Treatment Planning. An integrated approach is followed clustering the security issues faced by the system into organizational issues, security issues over the LAN and security issues over the LAN-to-LAN connection. The design and the implementation of the security services are performed according to the identified security requirements, along with the need for real time communication between the collaborating health care professionals. A detailed description of the implementation is given, presenting a solution, which can directly be tailored to other tele-collaboration services in the field of health care. The pilot study of the proposed security components proves the feasibility of the secure environment, and the consistency with the high performance demands of the application.

Physicians' Self-Conceptions of Their Expertise in Statutory Health Insurance and Social Security Systems.

PubMed

Seger, Wolfgang; Nüchtern, Elisabeth

2015-07-01

Medical experts who practice social medicine have a strong ethical approach for their professional positions. Their reports must reflect an objective, independent, high-quality assessment of interactions between health status and the disability of individuals. However, they must simultaneously consider the societal involvement of these individuals when determining the framework of the Statutory Health Insurance and Social Security Systems. Their task is to recommend sociomedical benefits that are tailored to suit personal needs and that respect the individual life situations of the persons involved, thus complementing the efforts of healthcare professionals in clinical settings. The editorial describes the self-conception of this medical specialty on behalf of the German Society of Social Medicine and Prevention (DGSMP). Policy makers in social insurances and social security systems generally must respect independent sociomedical recommendations as a crucial point for further realistic development activities.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

PubMed

Busdicker, Mike; Upendra, Priyanka

2017-09-02

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.

Professional convergence in forensic practice.

PubMed

Mercer, D; Mason, T; Richman, J

2001-06-01

This paper outlines the development and convergence of forensic science and secure psychiatric services in the UK, locating the professionalization of forensic nursing within a complex web of political, economic, and ideological structures. It is suggested that a stagnation of the therapeutic enterprise in high and medium security provision has witnessed an intrusion of medical power into the societal body. Expanding technologies of control and surveillance are discussed in relation to the move from modernity to postmodernity and the ongoing dynamic of medicalized offending. Four aspects of globalization are identified as impacting upon the organization and application of forensic practice: (i) organized capitalism and the exhaustion of the welfare state; (ii) security versus danger and trust versus risk; (iii) science as a meta-language; and (iv) foreclosure as a mechanism of censorship. Finally, as a challenge for the profession, some predictions are offered about the future directions or demise of forensic nursing.

A Computer-Supported Method to Reveal and Assess Personal Professional Theories in Vocational Education

ERIC Educational Resources Information Center

van den Bogaart, Antoine C. M.; Bilderbeek, Richel J. C.; Schaap, Harmen; Hummel, Hans G. K.; Kirschner, Paul A.

2016-01-01

This article introduces a dedicated, computer-supported method to construct and formatively assess open, annotated concept maps of Personal Professional Theories (PPTs). These theories are internalised, personal bodies of formal and practical knowledge, values, norms and convictions that professionals use as a reference to interpret and acquire…

Wireless communication in health care: who will win the right to send data boldly where no data has gone before?

PubMed

Campbell, Robert J; Durigon, Louis

2003-01-01

Increasingly, health care professionals will need to retrieve, store, share, and send data using several types of wireless devices. These devices include personal digital assistants, laptops, Web tablets, cell phones, and clothing that monitor heart rate and blood pressure. Regardless of the device, several standards will vie for the right to provide the wireless communications link between the health care professional and the wired data resources located within a health care organization. This article identifies the top three technologies in the wireless communications field: Wireless Fidelity (WiFi), Mobile Communications, and Bluetooth; breaks down each according to its strengths and weaknesses; and makes recommendations for their use by health care professionals located inside and outside a health care facility. Where appropriate the discussion includes an explication of how a specific technology can be made secure from hackers and other security breeches.

Hybrid cloud: bridging of private and public cloud computing

NASA Astrophysics Data System (ADS)

Aryotejo, Guruh; Kristiyanto, Daniel Y.; Mufadhol

2018-05-01

Cloud Computing is quickly emerging as a promising paradigm in the recent years especially for the business sector. In addition, through cloud service providers, cloud computing is widely used by Information Technology (IT) based startup company to grow their business. However, the level of most businesses awareness on data security issues is low, since some Cloud Service Provider (CSP) could decrypt their data. Hybrid Cloud Deployment Model (HCDM) has characteristic as open source, which is one of secure cloud computing model, thus HCDM may solve data security issues. The objective of this study is to design, deploy and evaluate a HCDM as Infrastructure as a Service (IaaS). In the implementation process, Metal as a Service (MAAS) engine was used as a base to build an actual server and node. Followed by installing the vsftpd application, which serves as FTP server. In comparison with HCDM, public cloud was adopted through public cloud interface. As a result, the design and deployment of HCDM was conducted successfully, instead of having good security, HCDM able to transfer data faster than public cloud significantly. To the best of our knowledge, Hybrid Cloud Deployment model is one of secure cloud computing model due to its characteristic as open source. Furthermore, this study will serve as a base for future studies about Hybrid Cloud Deployment model which may relevant for solving big security issues of IT-based startup companies especially in Indonesia.

Multi-Party Privacy-Preserving Set Intersection with Quasi-Linear Complexity

NASA Astrophysics Data System (ADS)

Cheon, Jung Hee; Jarecki, Stanislaw; Seo, Jae Hong

Secure computation of the set intersection functionality allows n parties to find the intersection between their datasets without revealing anything else about them. An efficient protocol for such a task could have multiple potential applications in commerce, health care, and security. However, all currently known secure set intersection protocols for n>2 parties have computational costs that are quadratic in the (maximum) number of entries in the dataset contributed by each party, making secure computation of the set intersection only practical for small datasets. In this paper, we describe the first multi-party protocol for securely computing the set intersection functionality with both the communication and the computation costs that are quasi-linear in the size of the datasets. For a fixed security parameter, our protocols require O(n2k) bits of communication and Õ(n2k) group multiplications per player in the malicious adversary setting, where k is the size of each dataset. Our protocol follows the basic idea of the protocol proposed by Kissner and Song, but we gain efficiency by using different representations of the polynomials associated with users' datasets and careful employment of algorithms that interpolate or evaluate polynomials on multiple points more efficiently. Moreover, the proposed protocol is robust. This means that the protocol outputs the desired result even if some corrupted players leave during the execution of the protocol.

Technology Leadership and Supervision: An Analysis Based on Turkish Computer Teachers' Professional Memories

ERIC Educational Resources Information Center

Deryakulu, Deniz; Olkun, Sinan

2009-01-01

This study examined Turkish computer teachers' professional memories telling of their experiences with school administrators and supervisors. Seventy-four computer teachers participated in the study. Content analysis of the memories revealed that the most frequently mentioned themes concerning school administrators were "unsupportive…

State of the Art of Network Security Perspectives in Cloud Computing

NASA Astrophysics Data System (ADS)

Oh, Tae Hwan; Lim, Shinyoung; Choi, Young B.; Park, Kwang-Roh; Lee, Heejo; Choi, Hyunsang

Cloud computing is now regarded as one of social phenomenon that satisfy customers' needs. It is possible that the customers' needs and the primary principle of economy - gain maximum benefits from minimum investment - reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user's environment based on the customer's needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments.

Database Systems and Oracle: Experiences and Lessons Learned

ERIC Educational Resources Information Center

Dunn, Deborah

2005-01-01

In a tight job market, IT professionals with database experience are likely to be in great demand. Companies need database personnel who can help improve access to and security of data. The events of September 11 have increased business' awareness of the need for database security, backup, and recovery procedures. It is our responsibility to…

Bigdata Driven Cloud Security: A Survey

NASA Astrophysics Data System (ADS)

Raja, K.; Hanifa, Sabibullah Mohamed

2017-08-01

Cloud Computing (CC) is a fast-growing technology to perform massive-scale and complex computing. It eliminates the need to maintain expensive computing hardware, dedicated space, and software. Recently, it has been observed that massive growth in the scale of data or big data generated through cloud computing. CC consists of a front-end, includes the users’ computers and software required to access the cloud network, and back-end consists of various computers, servers and database systems that create the cloud. In SaaS (Software as-a-Service - end users to utilize outsourced software), PaaS (Platform as-a-Service-platform is provided) and IaaS (Infrastructure as-a-Service-physical environment is outsourced), and DaaS (Database as-a-Service-data can be housed within a cloud), where leading / traditional cloud ecosystem delivers the cloud services become a powerful and popular architecture. Many challenges and issues are in security or threats, most vital barrier for cloud computing environment. The main barrier to the adoption of CC in health care relates to Data security. When placing and transmitting data using public networks, cyber attacks in any form are anticipated in CC. Hence, cloud service users need to understand the risk of data breaches and adoption of service delivery model during deployment. This survey deeply covers the CC security issues (covering Data Security in Health care) so as to researchers can develop the robust security application models using Big Data (BD) on CC (can be created / deployed easily). Since, BD evaluation is driven by fast-growing cloud-based applications developed using virtualized technologies. In this purview, MapReduce [12] is a good example of big data processing in a cloud environment, and a model for Cloud providers.

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

NASA Astrophysics Data System (ADS)

Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible.

Public security female workers at the coast of Paraná, Brazil: intersections of gender, work, violence(s), and health.

PubMed

Schneider, Daniele; Signorelli, Marcos Claudio; Pereira, Pedro Paulo Gomes

2017-09-01

This study aimed to promote visibility of women working in public security along the Parana coast, articulating issues of gender, violence(s), and the health-disease process. The methodology was qualitative, through an ethnographic research which included 50 women (civilians, military policewomen, and prison officers) from municipalities along the Parana coast, between March 2014 and March 2015. Results revealed: 1) the dilemmas that these women are subjected to, facing the seasonal dynamics in the field of public security in the region; 2) exposure to violence (mainly institutional and gender-based) and its impact on these women's health; 3) power relations, marked by corporations' hierarchies and gender asymmetries between men and women in professional settings. In summary, this research highlighted the need to promote visibility of women working in public security institutions, considering the impact of violence and gender inequalities in their personal and professional lives, including the resistance and rearrangements promoted by these women in the institutions in response to their presence in a hegemonic and traditionally male environment.

Summary and conclusions from the SIWI Seminar for Young Water Professionals Drainage basin security--implications of virtual water trade and agricultural subsidies at regional, national and local levels.

PubMed

Johannessen, A

2004-01-01

This is a summary of the Young Water Professionals Seminar involving more than 50 young people from all over the world working with water. The presentations and following discussion were very lively and were about how subsidies and trade barriers imposed by the developed countries are influencing the income-generating capacity of millions of people in the developing world. Even though this is a very complex issue not easily resolved during the seminar it was also clear that there are some fundamental problems that need to be addressed. The importance of looking for solutions at different levels (i.e. local, regional, national) was highlighted as well as the policy of double standards, preaching free trade but only for the benefit of overdeveloped countries themselves. Further it was discussed how to achieve basin security through food security, and managing water for food security. The conclusion was that win-win solutions would be made if agricultural subsidies were to be completely removed.

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing.

PubMed

Kumar, Vinod; Jangirala, Srinivas; Ahmad, Musheer

2018-06-28

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.'s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.

Security and privacy issues in implantable medical devices: A comprehensive survey.

PubMed

Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

2015-06-01

Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. Copyright © 2015 Elsevier Inc. All rights reserved.

Bootstrapping and Maintaining Trust in the Cloud

DTIC Science & Technology

2016-12-01

proliferation and popularity of infrastructure-as-a- service (IaaS) cloud computing services such as Amazon Web Services and Google Compute Engine means...IaaS trusted computing system: • Secure Bootstrapping – the system should enable the tenant to securely install an initial root secret into each cloud ...elastically instantiated and terminated. Prior cloud trusted computing solutions address a subset of these features, but none achieve all. Excalibur [31] sup

78 FR 40541 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA)-Match Number 1014

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0019] Privacy Act of 1974, as Amended; Computer Matching Program (SSA)--Match Number 1014 AGENCY: Social Security Administration (SSA). [[Page 40542

Trusted computing strengthens cloud authentication.

PubMed

Ghazizadeh, Eghbal; Zamani, Mazdak; Ab Manan, Jamalul-lail; Alizadeh, Mojtaba

2014-01-01

Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model.

Trusted Computing Strengthens Cloud Authentication

PubMed Central

2014-01-01

Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model. PMID:24701149

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

A security vulnerabilities assessment tool for interim storage facilities of low-level radioactive wastes.

PubMed

Bible, J; Emery, R J; Williams, T; Wang, S

2006-11-01

Limited permanent low-level radioactive waste (LLRW) disposal capacity and correspondingly high disposal costs have resulted in the creation of numerous interim storage facilities for either decay-in-storage operations or longer term accumulation efforts. These facilities, which may be near the site of waste generation or in distal locations, often were not originally designed for the purpose of LLRW storage, particularly with regard to security. Facility security has become particularly important in light of the domestic terrorist acts of 2001, wherein LLRW, along with many other sources of radioactivity, became recognized commodities to those wishing to create disruption through the purposeful dissemination of radioactive materials. Since some LLRW materials may be in facilities that may exhibit varying degrees of security control sophistication, a security vulnerabilities assessment tool grounded in accepted criminal justice theory and security practice has been developed. The tool, which includes dedicated sections on general security, target hardening, criminalization benefits, and the presence of guardians, can be used by those not formally schooled in the security profession to assess the level of protection afforded to their respective facilities. The tool equips radiation safety practitioners with the ability to methodically and systematically assess the presence or relative status of various facility security aspects, many of which may not be considered by individuals from outside the security profession. For example, radiation safety professionals might not ordinarily consider facility lighting aspects, which is a staple for the security profession since it is widely known that crime disproportionately occurs more frequently at night or in poorly lit circumstances. Likewise, the means and associated time dimensions for detecting inventory discrepancies may not be commonly considered. The tool provides a simple means for radiation safety professionals to assess, and perhaps enhance in a reasonable fashion, the security of their interim storage operations. Aspects of the assessment tool can also be applied to other activities involving the protection of sources of radiation as well.