Comparing 2 Adhesive Methods on Skin Integrity in the High-Risk Neonate.

PubMed

Boswell, Nicole; Waker, Cheryl L

2016-12-01

Nurses have a primary role in promoting neonatal skin integrity and skin care management of the critically ill neonate. Adhesive products are essential to secure needed medical devices but can be a significant factor contributing to skin breakdown. Current literature does not offer a definitive answer regarding which products most safely and effectively work to secure needed devices in the high-risk neonatal population. To determine which adhesive method is best practice to safely and effectively secure lines/tubes in the high-risk neonate population. The only main effect that was significant was age group with mean skin scores. Subjects in the younger group (24-28 weeks) had higher skin scores than in the older group (28-34 weeks), validating that younger gestations are at higher risk of breakdown with the use of adhesives. The findings did not clearly identify which product was superior to secure tubes and lines, or was the least injurious to skin of the high-risk neonate. Neither a transparent dressing only or transparent dressing over hydrocolloid method clearly demonstrated an advantage in the high-risk, preterm neonate. Anecdotal comments suggested staff preferred the transparent dressing over hydrocolloid method as providing better adhesive while protecting skin integrity. The findings validated that younger gestations are at higher risk of breakdown with the use of adhesives and therefore require close vigilance to maintain skin integrity.

SMART Security Cooperation Objectives: Improving DoD Planning and Guidance

DTIC Science & Technology

2016-01-01

integrate them into a system for assessing, monitoring, and evaluating security cooperation programs and activities. This report evaluates DoD’s...effectiveness in developing SMART security coopera- tion objectives that facilitate assessment, monitoring, and evaluation . It also proposes a systematic...Cooperation Ends, Ways, and Means . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 RAND Evaluation and Revision of Selected

The Market Value of Information System (IS) Security: An Event Study of E-Banking Service Providers

ERIC Educational Resources Information Center

Brock, Linda

2012-01-01

Understanding the financial value resulting from IS security investments is critically important to organizations focused on protecting service confidentiality, integrity, and availability in order to preserve firm revenues and reputations. Quantifying the financial effect from IS security investments is difficult to derive. This study…

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Leap Frog Digital Sensors and Definition, Integration & Testing FY 2003 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meitzler, Wayne D.; Ouderkirk, Steven J.; Shoemaker, Steven V.

2003-12-31

The objective of Leap Frog is to develop a comprehensive security tool that is transparent to the user community and more effective than current methods for preventing and detecting security compromises of critical physical and digital assets. Current security tools intrude on the people that interact with these critical assets by requiring them to perform additional functions or having additional visible sensors. Leap Frog takes security to the next level by being more effective and reducing the adverse impact on the people interacting with protected assets.

78 FR 7334 - Port Authority Access to Facility Vulnerability Assessments and the Integration of Security Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... to Facility Vulnerability Assessments and the Integration of Security Systems AGENCY: Coast Guard...-sharing measures. Security System Integration Alternatives Require each MTSA-regulated facility owner or... other forms of security system integration. Information Requested 1. We request comments on the...

The Effectiveness of an Electronic Security Management System in a Privately Owned Apartment Complex

ERIC Educational Resources Information Center

Greenberg, David F.; Roush, Jeffrey B.

2009-01-01

Poisson and negative binomial regression methods are used to analyze the monthly time series data to determine the effects of introducing an integrated security management system including closed-circuit television (CCTV), door alarm monitoring, proximity card access, and emergency call boxes to a large privately-owned complex of apartment…

Automated Information Security Will Not Improve until Effectively Supported by IRM.

ERIC Educational Resources Information Center

Chick, Morey J.

1989-01-01

The first of two articles on the nature of the growing problem of automated information systems security, especially in the federal government, this article presents a brief history of the problem and describes the need for integrating security activities into overall policies and programs to help reduce system vulnerabilities and risks. (23…

Economics and Environmental Compatibility of Fusion Reactors —Its Analysis and Coming Issues— 4.Economic Effect of Fusion in Energy Market 4.2Various Externalities of Energy Systems and the Integrated Evaluation

NASA Astrophysics Data System (ADS)

Ito, Keishiro

The primacy of a nuclear fusion reactor in a competitive energy market remarkably depends on to what extent the reactor contributes to reduce the externalities of energy. The reduction effects are classified into two effects, which have quite dissimilar characteristics. One is an effect of environmental dimensions. The other is related to energy security. In this study I took up the results of EC's Extern Eproject studies as are presentative example of the former effect. Concerning the latter effect, I clarified the fundamental characteristics of externalities related to energy security and the conceptual framework for the purpose of evaluation. In the socio-economical evaluation of research into and development investments in nuclear fusions reactors, the public will require the development of integrated evaluation systems to support the cost-effect analysis of how well the reduction effects of externalities have been integrated with the effects of technological innovation, learning, spillover, etc.

The role of the health physicist in nuclear security.

PubMed

Waller, Edward J; van Maanen, Jim

2015-04-01

Health physics is a recognized safety function in the holistic context of the protection of workers, members of the public, and the environment against the hazardous effects of ionizing radiation, often generically designated as radiation protection. The role of the health physicist as protector dates back to the Manhattan Project. Nuclear security is the prevention and detection of, and response to, criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities. Its importance has become more visible and pronounced in the post 9/11 environment, and it has a shared purpose with health physics in the context of protection of workers, members of the public, and the environment. However, the duties and responsibilities of the health physicist in the nuclear security domain are neither clearly defined nor recognized, while a fundamental understanding of nuclear phenomena in general, nuclear or other radioactive material specifically, and the potential hazards related to them is required for threat assessment, protection, and risk management. Furthermore, given the unique skills and attributes of professional health physicists, it is argued that the role of the health physicist should encompass all aspects of nuclear security, ranging from input in the development to implementation and execution of an efficient and effective nuclear security regime. As such, health physicists should transcend their current typical role as consultants in nuclear security issues and become fully integrated and recognized experts in the nuclear security domain and decision making process. Issues regarding the security clearances of health physics personnel and the possibility of insider threats must be addressed in the same manner as for other trusted individuals; however, the net gain from recognizing and integrating health physics expertise in all levels of a nuclear security regime far outweighs any negative aspects. In fact, it can be argued that health physics is essential in achieving an integrated approach toward nuclear safety, security, and safeguards.

The Role of the Health Physicist in Nuclear Security

PubMed Central

Waller, Edward J.; van Maanen, Jim

2015-01-01

Abstract Health physics is a recognized safety function in the holistic context of the protection of workers, members of the public, and the environment against the hazardous effects of ionizing radiation, often generically designated as radiation protection. The role of the health physicist as protector dates back to the Manhattan Project. Nuclear security is the prevention and detection of, and response to, criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities. Its importance has become more visible and pronounced in the post 9/11 environment, and it has a shared purpose with health physics in the context of protection of workers, members of the public, and the environment. However, the duties and responsibilities of the health physicist in the nuclear security domain are neither clearly defined nor recognized, while a fundamental understanding of nuclear phenomena in general, nuclear or other radioactive material specifically, and the potential hazards related to them is required for threat assessment, protection, and risk management. Furthermore, given the unique skills and attributes of professional health physicists, it is argued that the role of the health physicist should encompass all aspects of nuclear security, ranging from input in the development to implementation and execution of an efficient and effective nuclear security regime. As such, health physicists should transcend their current typical role as consultants in nuclear security issues and become fully integrated and recognized experts in the nuclear security domain and decision making process. Issues regarding the security clearances of health physics personnel and the possibility of insider threats must be addressed in the same manner as for other trusted individuals; however, the net gain from recognizing and integrating health physics expertise in all levels of a nuclear security regime far outweighs any negative aspects. In fact, it can be argued that health physics is essential in achieving an integrated approach toward nuclear safety, security, and safeguards. PMID:25706142

FEMA Urban Search and Rescue Teams: Considering an Improved Strategy for an Evolving Homeland Security Enterprise

DTIC Science & Technology

2012-09-01

and Rescue (US&R) teams be used more effectively and efficiently in the Homeland Security Enterprise ( HSE )? 1. Are there other strategies that would...allow the FEMA US&R resources to be more adaptable in the HSE ? 2. What other disciplines could be integrated with the FEMA US&R task forces to...consideration of the questions: 1. Can the FEMA US&R teams be used more effectively in the Homeland Security Enterprise ( HSE )? 2. Are there other

Secure and Resilient Cloud Computing for the Department of Defense

DTIC Science & Technology

2015-07-21

that addresses that threat model, and (3) integrate the technology into a usable, secure, resilient cloud test bed. Underpinning this work is the...risks for the DoD’s acquisition of secure, resilient cloud technology by providing proofs of concept, technology maturity, integration demonstrations...we need a strategy for integrating LLSRC technology with the cloud services and applications that need to be secured. The LLSRC integration

75 FR 43500 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... effective on August 25, 2010, unless comments are received that would result in a contrary determination... name, rank, Social Security Number (SSN), designator, address and signature. The system manager may... Integrity Drive, Millington, TN 38055-0000. Requests should contain full name, rank, Social Security Number...

The appropriate and effective use of security technologies in U.S. schools : a guide for schools and law enforcement agencies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Green, Mary Wilson

The purpose of this report is to provide school administrators with the ability to determine their security system requirements, so they can make informed decisions when working with vendors and others to improve their security posture. This is accomplished by (1) explaining a systems-based approach to defining the objectives and needs of the system, and (2), providing information on the ability of common components (sensors, cameras, metal detectors, etc) to achieve those objectives, in an effectively integrated system.

Matrix Game Methodology - Support to V2010 Olympic Marine Security Planners

DTIC Science & Technology

2011-02-01

OMOC was called the Integrated Safety /Security Matrix Game – Marine III, and was held 16-17 June 2009. This was the most extensive and complex of...Protection Matrix Game Marine Two .................................................. 12 3.3 Integrated Safety /Security Matrix Game – Marine III...Integrated Safety /Security Matrix Game – Marine III Scenarios........................... 53 ISSMG Marine III – Team Groupings

Military Cooperation Frameworks: Effective Models to Address Transnational Security Challenges of the Asia-Pacific Region

DTIC Science & Technology

2011-05-04

evolving security challenges. Issues such as terrorism, proliferation of weapons of mass destruction, impacts of climate change , and the ever...impacts of climate change , and the ever-growing competition for valuable natural resources are a few of the these challenges. As an integral part...destruction, impacts of climate change , and the ever-growing competition for valuable natural resources have resulted in a new set of security

Integrating legacy medical data sensors in a wireless network infrastucture.

PubMed

Dembeyiotis, S; Konnis, G; Koutsouris, D

2005-01-01

In the process of developing a wireless networking solution to provide effective field-deployable communications and telemetry support for rescuers during major natural disasters, we are faced with the task of interfacing the multitude of medical and other legacy data collection sensors to the network grid. In this paper, we detail a number of solutions, with particular attention given to the issue of data security. The chosen implementation allows for sensor control and management from remote network locations, while the sensors can wirelessly transmit their data to nearby network nodes securely, utilizing the latest commercially available cryptography solutions. Initial testing validates the design choices, while the network-enabled sensors are being integrated in the overall wireless network security framework.

77 FR 32655 - DHS Data Privacy and Integrity Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... Officer, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane..., DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane SW... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2012-0029] DHS Data...

Security Risks: Management and Mitigation in the Software Life Cycle

NASA Technical Reports Server (NTRS)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

Information Security Management - Part Of The Integrated Management System

NASA Astrophysics Data System (ADS)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

PubMed

Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

2017-11-01

A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.

49 CFR 1544.409 - Integrity of screener tests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Integrity of screener tests. 1544.409 Section 1544.409 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Screener...

Integration of the SSPM and STAGE with the MPACT Virtual Facility Distributed Test Bed.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cipiti, Benjamin B.; Shoman, Nathan

The Material Protection Accounting and Control Technologies (MPACT) program within DOE NE is working toward a 2020 milestone to demonstrate a Virtual Facility Distributed Test Bed. The goal of the Virtual Test Bed is to link all MPACT modeling tools, technology development, and experimental work to create a Safeguards and Security by Design capability for fuel cycle facilities. The Separation and Safeguards Performance Model (SSPM) forms the core safeguards analysis tool, and the Scenario Toolkit and Generation Environment (STAGE) code forms the core physical security tool. These models are used to design and analyze safeguards and security systems and generatemore » performance metrics. Work over the past year has focused on how these models will integrate with the other capabilities in the MPACT program and specific model changes to enable more streamlined integration in the future. This report describes the model changes and plans for how the models will be used more collaboratively. The Virtual Facility is not designed to integrate all capabilities into one master code, but rather to maintain stand-alone capabilities that communicate results between codes more effectively.« less

49 CFR 1546.409 - Integrity of screener tests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Integrity of screener tests. 1546.409 Section 1546.409 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FOREIGN AIR CARRIER SECURITY Screener Qualifications When the Foreign Air...

78 FR 21634 - Order of Suspension of Trading; in the Matter of Integrity Bancshares, Inc.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-11

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; in the Matter of Integrity Bancshares, Inc. April 9, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Integrity...

Crypto-Watermarking of Transmitted Medical Images.

PubMed

Al-Haj, Ali; Mohammad, Ahmad; Amer, Alaa'

2017-02-01

Telemedicine is a booming healthcare practice that has facilitated the exchange of medical data and expertise between healthcare entities. However, the widespread use of telemedicine applications requires a secured scheme to guarantee confidentiality and verify authenticity and integrity of exchanged medical data. In this paper, we describe a region-based, crypto-watermarking algorithm capable of providing confidentiality, authenticity, and integrity for medical images of different modalities. The proposed algorithm provides authenticity by embedding robust watermarks in images' region of non-interest using SVD in the DWT domain. Integrity is provided in two levels: strict integrity implemented by a cryptographic hash watermark, and content-based integrity implemented by a symmetric encryption-based tamper localization scheme. Confidentiality is achieved as a byproduct of hiding patient's data in the image. Performance of the algorithm was evaluated with respect to imperceptibility, robustness, capacity, and tamper localization, using different medical images. The results showed the effectiveness of the algorithm in providing security for telemedicine applications.

Medical Devices Transition to Information Systems: Lessons Learned

PubMed Central

Charters, Kathleen G.

2012-01-01

Medical devices designed to network can share data with a Clinical Information System (CIS), making that data available within clinician workflow. Some lessons learned by transitioning anesthesia reporting and monitoring devices (ARMDs) on a local area network (LAN) to integration of anesthesia documentation within a CIS include the following categories: access, contracting, deployment, implementation, planning, security, support, training and workflow integration. Areas identified for improvement include: Vendor requirements for access reconciled with the organizations’ security policies and procedures. Include clauses supporting transition from stand-alone devices to information integrated into clinical workflow in the medical device procurement contract. Resolve deployment and implementation barriers that make the process less efficient and more costly. Include effective field communication and creative alternatives in planning. Build training on the baseline knowledge of trainees. Include effective help desk processes and metrics. Have a process for determining where problems originate when systems share information. PMID:24199054

A Layered Decision Model for Cost-Effective System Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wei, Huaqiang; Alves-Foss, James; Soule, Terry

System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use inmore » deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.« less

The Delivery of an Effective Collective Security Mechanism in West Africa: It Is Long Overdue

DTIC Science & Technology

2014-06-13

latter typical of conflicts of the context of bipolar dispute of post- World War II between the USA and the USSR, popularly known as the Cold War...the world powers, it generated an 3 unprecedented response to national and regional security cooperation and the requirement for a strong...stable world order can only be maintained with the benefit of a collective security system, with the military as an integral part to that cause

Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

PubMed

Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

2013-06-01

Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2010 CFR

2010-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2012 CFR

2012-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2011 CFR

2011-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2014 CFR

2014-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2013 CFR

2013-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

The Threat of Security: Hindering Technology Integration in the Classroom

ERIC Educational Resources Information Center

Robinson, LeAnne K.; Brown, Abbie; Green, Tim

2007-01-01

For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…

Integrated management of land and water resources based on a collective approach to fragmented international conventions.

PubMed

Duda, Alfred M

2003-12-29

Interlinked crises of land degradation, food security, ecosystem decline, water quality and water flow depletion stand in the way of poverty reduction and sustainable development. These crises are made worse by increased fluctuations in climatic regimes. Single-purpose international conventions address these crises in a piecemeal, sectoral fashion and may not meet their objectives without greater attention to policy, legal, and institutional reforms related to: (i) balancing competing uses of land and water resources within hydrologic units; (ii) adopting integrated approaches to management; and (iii) establishing effective governance institutions for adaptive management within transboundary basins. This paper describes this global challenge and argues that peace, stability and security are all at stake when integrated approaches are not used. The paper presents encouraging results from a decade of transboundary water projects supported by the Global Environment Facility in developing countries that test practical applications of processes for facilitating reforms related to land and water that are underpinned by science-based approaches. Case studies of using these participative processes are described that collectively assist in the transition to integrated management. A new imperative for incorporating interlinkages among food, water, and environment security at the basin level is identified.

Integrated management of land and water resources based on a collective approach to fragmented international conventions.

PubMed Central

Duda, Alfred M

2003-01-01

Interlinked crises of land degradation, food security, ecosystem decline, water quality and water flow depletion stand in the way of poverty reduction and sustainable development. These crises are made worse by increased fluctuations in climatic regimes. Single-purpose international conventions address these crises in a piecemeal, sectoral fashion and may not meet their objectives without greater attention to policy, legal, and institutional reforms related to: (i) balancing competing uses of land and water resources within hydrologic units; (ii) adopting integrated approaches to management; and (iii) establishing effective governance institutions for adaptive management within transboundary basins. This paper describes this global challenge and argues that peace, stability and security are all at stake when integrated approaches are not used. The paper presents encouraging results from a decade of transboundary water projects supported by the Global Environment Facility in developing countries that test practical applications of processes for facilitating reforms related to land and water that are underpinned by science-based approaches. Case studies of using these participative processes are described that collectively assist in the transition to integrated management. A new imperative for incorporating interlinkages among food, water, and environment security at the basin level is identified. PMID:14728798

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

PubMed Central

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods. PMID:25405226

Security threat assessment of an Internet security system using attack tree and vague sets.

PubMed

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

77 FR 53952 - Self-Regulatory Organizations; NYSE MKT LLC; Notice of Filing and Immediate Effectiveness of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-04

... the Exchange and NYSE already operate in an integrated manner on a single physical Trading Floor, and... May Trade at the Same Panel Securities Traded on the Exchange and/or Securities Listed on the New York... (``Act'') \\1\\ and Rule 19b-4 thereunder,\\2\\ notice is hereby given that, on August 22, 2012, NYSE MKT LLC...

Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment

PubMed Central

Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun

2015-01-01

Objectives Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. Methods This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. Results The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. Conclusions The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff. PMID:26618034

Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment.

PubMed

Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun; Cha, Hyo Soung

2015-10-01

Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff.

GEOSS Water Cycle Integrator

NASA Astrophysics Data System (ADS)

Koike, T.; Lawford, R. G.; Cripe, D.

2012-12-01

It is critically important to recognize and co-manage the fundamental linkages across the water-dependent domains; land use, including deforestation; ecosystem services; and food-, energy- and health-securities. Sharing coordinated, comprehensive and sustained observations and information for sound decision-making is a first step; however, to take full advantage of these opportunities, we need to develop an effective collaboration mechanism for working together across different disciplines, sectors and agencies, and thereby gain a holistic view of the continuity between environmentally sustainable development, climate change adaptation and enhanced resilience. To promote effective multi-sectoral, interdisciplinary collaboration based on coordinated and integrated efforts, the Global Earth Observation System of Systems (GEOSS) is now developing a "GEOSS Water Cycle Integrator (WCI)", which integrates "Earth observations", "modeling", "data and information", "management systems" and "education systems". GEOSS/WCI sets up "work benches" by which partners can share data, information and applications in an interoperable way, exchange knowledge and experiences, deepen mutual understanding and work together effectively to ultimately respond to issues of both mitigation and adaptation. (A work bench is a virtual geographical or phenomenological space where experts and managers collaborate to use information to address a problem within that space). GEOSS/WCI enhances the coordination of efforts to strengthen individual, institutional and infrastructure capacities, especially for effective interdisciplinary coordination and integration. GEO has established the GEOSS Asian Water Cycle Initiative (AWCI) and GEOSS African Water Cycle Coordination Initiative (AfWCCI). Through regional, inter-disciplinary, multi-sectoral integration and inter-agency coordination in Asia and Africa, GEOSS/WCI is now leading to effective actions and public awareness in support of water security and sustainable development.

43 CFR 2.51 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.51 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.51 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.226 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.226 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

17 CFR 230.155 - Integration of abandoned offerings.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Integration of abandoned... GENERAL RULES AND REGULATIONS, SECURITIES ACT OF 1933 General § 230.155 Integration of abandoned offerings... from integration of private and registered offerings. Because of the objectives of Rule 155 and the...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Capturing security requirements for software systems.

PubMed

El-Hadary, Hassan; El-Kassas, Sherif

2014-07-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

PubMed Central

El-Hadary, Hassan; El-Kassas, Sherif

2014-01-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

PubMed

Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

2017-10-30

Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which...

The informatics capability maturity of integrated primary care centres in Australia.

PubMed

Liaw, Siaw-Teng; Kearns, Rachael; Taggart, Jane; Frank, Oliver; Lane, Riki; Tam, Michael; Dennis, Sarah; Walker, Christine; Russell, Grant; Harris, Mark

2017-09-01

Integrated primary care requires systems and service integration along with financial incentives to promote downward substitution to a single entry point to care. Integrated Primary Care Centres (IPCCs) aim to improve integration by co-location of health services. The Informatics Capability Maturity (ICM) describes how well health organisations collect, manage and share information; manage eHealth technology, implementation, change, data quality and governance; and use "intelligence" to improve care. Describe associations of ICM with systems and service integration in IPCCs. Mixed methods evaluation of IPCCs in metropolitan and rural Australia: an enhanced general practice, four GP Super Clinics, a "HealthOne" (private-public partnership) and a Community Health Centre. Data collection methods included self-assessed ICM, document review, interviews, observations in practice and assessment of electronic health record data. Data was analysed and compared across IPCCs. The IPCCs demonstrated a range of funding models, ownership, leadership, organisation and ICM. Digital tools were used with varying effectiveness to collect, use and share data. Connectivity was problematic, requiring "work-arounds" to communicate and share information. The lack of technical, data and software interoperability standards, clinical coding and secure messaging were barriers to data collection, integration and sharing. Strong leadership and governance was important for successful implementation of robust and secure eHealth systems. Patient engagement with eHealth tools was suboptimal. ICM is positively associated with integration of data, systems and care. Improved ICM requires a health workforce with eHealth competencies; technical, semantic and software standards; adequate privacy and security; and good governance and leadership. Copyright © 2017 Elsevier B.V. All rights reserved.

Security Verification Techniques Applied to PatchLink COTS Software

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Powell, John D.; Bishop, Matt; Andrew, Chris; Jog, Sameer

2006-01-01

Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propulsion Laboratory (JPL) and the University of California at Davis (UC Davis). Two security verification instruments were developed and then piloted on PatchLink's UNIX Agent, a Commercial-Off-The-Shelf (COTS) software product, to assess the value of the instruments and the approach. The two instruments are the Flexible Modeling Framework (FMF) -- a model-based verification instrument (JPL), and a Property-Based Tester (UC Davis). Security properties were formally specified for the COTS artifact and then verified using these instruments. The results were then reviewed to determine the effectiveness of the approach and the security of the COTS product.

Using SysML to model complex systems for security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cano, Lester Arturo

2010-08-01

As security systems integrate more Information Technology the design of these systems has tended to become more complex. Some of the most difficult issues in designing Complex Security Systems (CSS) are: Capturing Requirements: Defining Hardware Interfaces: Defining Software Interfaces: Integrating Technologies: Radio Systems: Voice Over IP Systems: Situational Awareness Systems.

Human Factors and Information Security: Individual, Culture and Security Environment

DTIC Science & Technology

2010-10-01

cannot operate effectively ( Ivancevich et al., 2000). However, Buono, Bowditch and Lewis (1985), state that the strength of values is questionable...socialisation can be viewed as a form of organisational integration ( Ivancevich et al., 2000). Specifically, socialisation “is a strategy for achieving... Ivancevich et al., 2000, p.605). Organisations with strong cultures are considered to operate under a cohesive set of values and norms (George & Jones

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

PubMed

Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

Effect of Incest on Self and Social Functioning: A Developmental Psychopathology Perspective.

ERIC Educational Resources Information Center

Cole, Pamela M.; Putnam, Frank W.

1992-01-01

Proposes model based on developmental psychopathology for conceptualizing effects of child sexual abuse. Argues that incest has negative effects on self and social functioning, by jeopardizing self-definition and integration, self-regulatory processes, and sense of security and trust in relationships. Reviews self and social development…

An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1.

PubMed

Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A

2013-10-01

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

Risk assessment of integrated electronic health records.

PubMed

Bjornsson, Bjarni Thor; Sigurdardottir, Gudlaug; Stefansson, Stefan Orri

2010-01-01

The paper describes the security concerns related to Electronic Health Records (EHR) both in registration of data and integration of systems. A description of the current state of EHR systems in Iceland is provided, along with the Ministry of Health's future vision and plans. New legislation provides the opportunity for increased integration of EHRs and further collaboration between institutions. Integration of systems, along with greater availability and access to EHR data, requires increased security awareness since additional risks are introduced. The paper describes the core principles of information security as it applies to EHR systems and data. The concepts of confidentiality, integrity, availability, accountability and traceability are introduced and described. The paper discusses the legal requirements and importance of performing risk assessment for EHR data. Risk assessment methodology according to the ISO/IEC 27001 information security standard is described with examples on how it is applied to EHR systems.

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

Migrants, refugees and insecurity. Current threats to peace?

PubMed

Lohrmann, R

2000-01-01

Since the early 1980s, international migration has moved beyond humanitarian, economic development, labor market and societal integration concerns, raising complex interactive security implications for governments of migrant sending, receiving and transit countries, as well as for multilateral bodies. This article examines the effects of international migration on varied understandings and perceptions of international security. It discusses why international migration has come to be perceived as a security issue, both in industrialized and developing countries. Questions are raised on the migration-security nexus and the way in which the concepts "security" and "migration" are used. The real and perceived impacts of international migration upon national and regional security, both in industrialized and developing countries, are analyzed. The policies developed by governments and multilateral agencies since the mid-1980s to mitigate the destabilizing effects of certain kinds of international population movement and human displacement are examined. The conclusions stress the need for the establishment of a comprehensive framework of international cooperation among origin and receiving countries and international organizations to address the destabilizing implications of international migration.

Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Milos Manic; Miles McQueen

Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenariosmore » is demonstrated on several control system network topologies.« less

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2010 CFR

2010-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

Chemical and Biological National Security Program (CBNP) Annual Report FY2002 Overview Local Integration of NARAC With Cities (LINC)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ermak, D L; Nasstrom, J S; Tull, J E

The objective of the Local Integration of NARAC With Cities (LINC) project is to demonstrate the capability for providing local government agencies with advanced, CBNP-developed operational atmospheric plume prediction capabilities that can be seamlessly integrated with appropriate federal agency support for homeland security. LINC's approach is to integrate Lawrence Livermore National Laboratory's (LLNL) National Atmospheric Release Advisory Center (NARAC) tools and services with local emergency management and response centers. In the event of an airborne chemical or biological agent release in an urban area, large portions of the city and even the surrounding suburbs may be affected by the airbornemore » plume, depending on the type of agent, size of release, dissemination mechanism and ambient meteorological conditions. The goal of LINC is to provide real-time predictions that would be used by emergency managers and responders (fire, police, hazmat, etc.) to map the extent and effects of hazardous airborne material. Prompt predictions are provided to guide first responders in determining protective actions to be taken (use of personal protective equipment, evacuation, sheltering in place, etc.), safe locations for incident command posts, and critical facilities that may be at risk (hospitals, schools, etc.). LINC also provides response teams from multiple jurisdictions (local, state, and federal) with tools to effectively share information regarding the areas and populations at risk. The ultimate goal of LINC is a seamless and coordinated nationwide system that integrates NARAC prediction and situation awareness resources with the appropriate local, state and federal agencies for homeland security applications ranging from planning to emergency response to consequence assessment and attribution.« less

GEOSS Water Cycle Integrator

NASA Astrophysics Data System (ADS)

Koike, Toshio; Lawford, Richard; Cripe, Douglas

2013-04-01

It is critically important to recognize and co-manage the fundamental linkages across the water-dependent domains; land use, including deforestation; ecosystem services; and food-, energy- and health-securities. Sharing coordinated, comprehensive and sustained observations and information for sound decision-making is a first step; however, to take full advantage of these opportunities, we need to develop an effective collaboration mechanism for working together across different disciplines, sectors and agencies, and thereby gain a holistic view of the continuity between environmentally sustainable development, climate change adaptation and enhanced resilience. To promote effective multi-sectoral, interdisciplinary collaboration based on coordinated and integrated efforts, the intergovernmental Group on Earth Observations (GEO) is implementing the Global Earth Observation System of Systems (GEOSS). A component of GEOSS now under development is the "GEOSS Water Cycle Integrator (WCI)", which integrates Earth observations, modeling, data and information, management systems and education systems. GEOSS/WCI sets up "work benches" by which partners can share data, information and applications in an interoperable way, exchange knowledge and experiences, deepen mutual understanding and work together effectively to ultimately respond to issues of both mitigation and adaptation. (A work bench is a virtual geographical or phenomenological space where experts and managers collaborate to use information to address a problem within that space). GEOSS/WCI enhances the coordination of efforts to strengthen individual, institutional and infrastructure capacities, especially for effective interdisciplinary coordination and integration. GEO has established the GEOSS Asian Water Cycle Initiative (AWCI) and GEOSS African Water Cycle Coordination Initiative (AfWCCI). Through regional, inter-disciplinary, multi-sectoral integration and inter-agency coordination in Asia and Africa, GEOSS/WCI is now leading to effective actions and public awareness in support of water security and sustainable development.

Integrated Work Management: Overview, Course 31881

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simpson, Lewis Edward

Integrated work management (IWM) is the process used for formally implementing the five-step process associated with integrated safety management (ISM) and integrated safeguards and security management (ISSM) at Los Alamos National Laboratory (LANL). IWM also directly supports the LANL Environmental Management System (EMS). IWM helps all workers and managers perform work safely and securely and in a manner that protects people, the environment, property, and the security of the nation. The IWM process applies to all work activities at LANL, from working in the office to designing experiments to assembling and detonating explosives. The primary LANL document that establishes andmore » describes IWM requirements is Procedure (P) 300, Integrated Work Management.« less

The FBI is Leading the Way by Making the Private Sector an Integral Part of the Counterterrorism Homeland Security Enterprise

DTIC Science & Technology

2012-09-01

Pentagon, U.S. National Parks and Monuments and Reagan National Airport. Amidst the PCC sits Pentagon City Mall, home to more than 170 stores, a movie...integrated into the homeland security apparatus. As the threat our nation and her allies face continues to evolve, so must our responses. Integrating the...Advisor Dan Moran, PhD Chair, Department of National Security Affairs iv THIS PAGE INTENTIONALLY LEFT BLANK v ABSTRACT This thesis

Y-12 Integrated Materials Management System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alspaugh, D. H.; Hickerson, T. W.

2002-06-03

The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclearmore » material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system.« less

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

A cost effective FBG-based security fence with fire alarm function

NASA Astrophysics Data System (ADS)

Wu, H. J.; Li, S. S.; Lu, X. L.; Wu, Y.; Rao, Y. J.

2012-02-01

Fiber Bragg Grating (FBG) is sensitive to the temperature as well when it is measuring the strain change, which is always avoided in most measurement applications. However, in this paper strain/temperature dual sensitivity is utilized to construct a special security fence with a second function of fire threat prediction. In an FBG-based fiber fence configuration, only by characteristics analysis and identification method, it can intelligently distinguish the different effects of personal threats and fires from their different trends of the wavelength drifts. Thus without any additional temperature sensing fittings or other fire alarm systems integrated, a normal perimeter security system can possess a second function of fire prediction, which can not only monitor the intrusion induced by personal actions but also predict fire threats in advance. The experimental results show the effectiveness of the method.

Global Food Security in a Changing Climate: Considerations and Projections

NASA Astrophysics Data System (ADS)

Walsh, M. K.; Brown, M. E.; Backlund, P. W.; Antle, J. M.; Carr, E. R.; Easterling, W. E.; Funk, C. C.; Murray, A.; Ngugi, M.; Barrett, C. B.; Ingram, J. S. I.; Dancheck, V.; O'Neill, B. C.; Tebaldi, C.; Mata, T.; Ojima, D. S.; Grace, K.; Jiang, H.; Bellemare, M.; Attavanich, W.; Ammann, C. M.; Maletta, H.

2015-12-01

Global food security is an elusive challenge and important policy focus from the community to the globe. Food is provisioned through food systems that may be simple or labyrinthine, yet each has vulnerabilities to climate change through its effects on food production, transportation, storage, and other integral food system activities. At the same time, the future of food systems is sensitive to socioeconomic trajectories determined by choices made outside of the food system, itself. Constrictions for any reason can lead to decreased food availability, access, utilization, or stability - that is, to diminished food security. Possible changes in trade and other U.S. relationships to the rest of the world under changing conditions to the end of the century are considered through integrated assessment modelling under a range of emissions scenarios. Climate change is likely to diminish continued progress on global food security through production disruptions leading to local availability limitations and price increases, interrupted transport conduits, and diminished food safety, among other causes. In the near term, some high-latitude production export regions may benefit from changes in climate. The types and price of food imports is likely to change, as are export demands, affecting U.S. consumers and producers. Demands placed on foreign assistance programs may increase, as may demand for advanced technologies. Adaptation across the food system has great potential to manage climate change effects on food security, and the complexity of the food system offers multiple potential points of intervention for decision makers at every level. However, effective adaptation is subject to highly localized conditions and socioeconomic factors, and the technical feasibility of an adaptive intervention is not necessarily a guarantee of its application if it is unaffordable or does not provide benefits within a relatively short time frame.

Integrated homeland security system with passive thermal imaging and advanced video analytics

NASA Astrophysics Data System (ADS)

Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

2007-04-01

A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection for creating initial alerts - we refer to this as software level detection, the next level building block Immersive 3D visual assessment for situational awareness and to manage the reaction process - we refer to this as automated intelligent situational awareness, a third building block Wide area command and control capabilities to allow control from a remote location - we refer to this as the management and process control building block integrating together the lower level building elements. In addition, this paper describes three live installations of complete, total systems that incorporate visible and thermal cameras as well as advanced video analytics. Discussion of both system elements and design is extensive.

Block-Level Added Redundancy Explicit Authentication for Parallelized Encryption and Integrity Checking of Processor-Memory Transactions

NASA Astrophysics Data System (ADS)

Elbaz, Reouven; Torres, Lionel; Sassatelli, Gilles; Guillemin, Pierre; Bardouillet, Michel; Martinez, Albert

The bus between the System on Chip (SoC) and the external memory is one of the weakest points of computer systems: an adversary can easily probe this bus in order to read private data (data confidentiality concern) or to inject data (data integrity concern). The conventional way to protect data against such attacks and to ensure data confidentiality and integrity is to implement two dedicated engines: one performing data encryption and another data authentication. This approach, while secure, prevents parallelizability of the underlying computations. In this paper, we introduce the concept of Block-Level Added Redundancy Explicit Authentication (BL-AREA) and we describe a Parallelized Encryption and Integrity Checking Engine (PE-ICE) based on this concept. BL-AREA and PE-ICE have been designed to provide an effective solution to ensure both security services while allowing for full parallelization on processor read and write operations and optimizing the hardware resources. Compared to standard encryption which ensures only confidentiality, we show that PE-ICE additionally guarantees code and data integrity for less than 4% of run-time performance overhead.

Integrating security in multiple, remote, and diverse facilities: how major health systems are meeting today's and tomorrow's technological and organizational challenges.

PubMed

1996-11-01

As the trend to mergers and diversification of healthcare facilities grows, so too does the challenge to security directors to effectively and efficiently protect not only acute care, emergency, and outpatient facilities, but physician office buildings, parking garages, long-term-care units, medical schools, technical service units, and even health clubs. Besides the different security and communications problems posed by each type of facility, the problem of distance between facilities and their geographic location must also be met. In this report, we'll update you on the approaches being taken by security and planning executives at three leading health systems and how they are dealing with current and future problems.

Towards secure quantum key distribution protocol for wireless LANs: a hybrid approach

NASA Astrophysics Data System (ADS)

Naik, R. Lalu; Reddy, P. Chenna

2015-12-01

The primary goals of security such as authentication, confidentiality, integrity and non-repudiation in communication networks can be achieved with secure key distribution. Quantum mechanisms are highly secure means of distributing secret keys as they are unconditionally secure. Quantum key distribution protocols can effectively prevent various attacks in the quantum channel, while classical cryptography is efficient in authentication and verification of secret keys. By combining both quantum cryptography and classical cryptography, security of communications over networks can be leveraged. Hwang, Lee and Li exploited the merits of both cryptographic paradigms for provably secure communications to prevent replay, man-in-the-middle, and passive attacks. In this paper, we propose a new scheme with the combination of quantum cryptography and classical cryptography for 802.11i wireless LANs. Since quantum cryptography is premature in wireless networks, our work is a significant step forward toward securing communications in wireless networks. Our scheme is known as hybrid quantum key distribution protocol. Our analytical results revealed that the proposed scheme is provably secure for wireless networks.

Leveraging Safety Programs to Improve and Support Security Programs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Leach, Janice; Snell, Mark K.; Pratt, R.

2015-10-01

There has been a long history of considering Safety, Security, and Safeguards (3S) as three functions of nuclear security design and operations that need to be properly and collectively integrated with operations. This paper specifically considers how safety programmes can be extended directly to benefit security as part of an integrated facility management programme. The discussion will draw on experiences implementing such a programme at Sandia National Laboratories’ Annular Research Reactor Facility. While the paper focuses on nuclear facilities, similar ideas could be used to support security programmes at other types of high-consequence facilities and transportation activities.

The food-energy-water nexus and urban complexity

NASA Astrophysics Data System (ADS)

Romero-Lankao, Patricia; McPhearson, Timon; Davidson, Debra J.

2017-04-01

While tackling interdependencies among food, energy, and water security is promising, three fundamental challenges to effective operationalization need addressing: the feasibility of science-policy integration, cross-scale inequalities, and path-dependencies in infrastructure and socio-institutional practices.

Is emergency management an integrated element of business continuity management? A case study with security professionals in Western Australia.

PubMed

Frohde, Kenny; Brooks, David J

Emergency management (EM) and business continuity management (BCM) frameworks incorporate various strategic and operational measures. Defined within a number of national and international standards and guidelines, such concepts may be integrated within one another to provide increased resilience to disruptive events. Nevertheless, there is a degree of dispute regarding concept integration among security and EM professionals and bodies of knowledge. In line with cognitive psychology exemplar-based concepts, such disputes may be associated with a lack of precision in communality in the approach to EM and BCM. This paper presents a two-stage study, where stage 1 critiqued national and international literature and stage 2 applied semi-structured interviews with security managers in Western Australia. Findings indicate the existence of contradictory views on EM and its integration within BCM. As such, this study concludes that EM is considered a vital component of BCM by the majority of security managers. However, there is broader dispute regarding its degree of integration. Understanding the underpinnings of such disputes will aid in raising the standards and application of professionalism within security, EM and BCM domains, supporting clarification and definition of professional boundaries.

Providing integrity, authenticity, and confidentiality for header and pixel data of DICOM images.

PubMed

Al-Haj, Ali

2015-04-01

Exchange of medical images over public networks is subjected to different types of security threats. This has triggered persisting demands for secured telemedicine implementations that will provide confidentiality, authenticity, and integrity for the transmitted images. The medical image exchange standard (DICOM) offers mechanisms to provide confidentiality for the header data of the image but not for the pixel data. On the other hand, it offers mechanisms to achieve authenticity and integrity for the pixel data but not for the header data. In this paper, we propose a crypto-based algorithm that provides confidentially, authenticity, and integrity for the pixel data, as well as for the header data. This is achieved by applying strong cryptographic primitives utilizing internally generated security data, such as encryption keys, hashing codes, and digital signatures. The security data are generated internally from the header and the pixel data, thus a strong bond is established between the DICOM data and the corresponding security data. The proposed algorithm has been evaluated extensively using DICOM images of different modalities. Simulation experiments show that confidentiality, authenticity, and integrity have been achieved as reflected by the results we obtained for normalized correlation, entropy, PSNR, histogram analysis, and robustness.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

PubMed Central

Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

Develop security architecture for both in-house healthcare information systems and electronic patient record

NASA Astrophysics Data System (ADS)

Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

2003-05-01

In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Physical and property victimization behind bars: a multilevel examination.

PubMed

Lahm, Karen F

2009-06-01

The majority of the extant literature on inmate victimization considers only one level of analysis, thus ignoring the interaction effects between inmate- and prison-level variables. To extend this literature, multilevel modeling techniques were used to analyze self-report data from more than 1,000 inmates and 30 prisons in Kentucky, Tennessee, and Ohio. Results revealed that demographic variables were strong predictors of physical victimization (i.e., race and assaultive behavior). Also, security level had a contextual direct effect on physical victimization. Property victimization was best explained with an integrated model including inmate (i.e., race, assaultive behavior, prior education, prior employment, and time served), contextual (i.e., security level and proportion non-White), and micro-macro interaction variables (i.e., Race x Security Level). Policy implications and suggestions for future research are discussed.

Integrated modeling approach for optimal management of water, energy and food security nexus

NASA Astrophysics Data System (ADS)

Zhang, Xiaodong; Vesselinov, Velimir V.

2017-03-01

Water, energy and food (WEF) are inextricably interrelated. Effective planning and management of limited WEF resources to meet current and future socioeconomic demands for sustainable development is challenging. WEF production/delivery may also produce environmental impacts; as a result, green-house-gas emission control will impact WEF nexus management as well. Nexus management for WEF security necessitates integrated tools for predictive analysis that are capable of identifying the tradeoffs among various sectors, generating cost-effective planning and management strategies and policies. To address these needs, we have developed an integrated model analysis framework and tool called WEFO. WEFO provides a multi-period socioeconomic model for predicting how to satisfy WEF demands based on model inputs representing productions costs, socioeconomic demands, and environmental controls. WEFO is applied to quantitatively analyze the interrelationships and trade-offs among system components including energy supply, electricity generation, water supply-demand, food production as well as mitigation of environmental impacts. WEFO is demonstrated to solve a hypothetical nexus management problem consistent with real-world management scenarios. Model parameters are analyzed using global sensitivity analysis and their effects on total system cost are quantified. The obtained results demonstrate how these types of analyses can be helpful for decision-makers and stakeholders to make cost-effective decisions for optimal WEF management.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

Integrating public health and medical intelligence gathering into homeland security fusion centres.

PubMed

Lenart, Brienne; Albanese, Joseph; Halstead, William; Schlegelmilch, Jeffrey; Paturas, James

Homeland security fusion centres serve to gather, analyse and share threat-related information among all levels of governments and law enforcement agencies. In order to function effectively, fusion centres must employ people with the necessary competencies to understand the nature of the threat facing a community, discriminate between important information and irrelevant or merely interesting facts and apply domain knowledge to interpret the results to obviate or reduce the existing danger. Public health and medical sector personnel routinely gather, analyse and relay health-related inform-ation, including health security risks, associated with the detection of suspicious biological or chemical agents within a community to law enforcement agencies. This paper provides a rationale for the integration of public health and medical personnel in fusion centres and describes their role in assisting law enforcement agencies, public health organisations and the medical sector to respond to natural or intentional threats against local communities, states or the nation as a whole.

Enterotoxin Vaccine Delivery System With Bioadherence. Phase 1.

DTIC Science & Technology

1995-12-05

Microencapsulation 33 Bioadhesive Biodegradable 16. PRICE CODE Perorally Controlled Delivery 17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY...this magnitude requires a delivery system configured with a bioadhesive polymer that integrates the surface of the microcapsules and the mucosa. SBIR...integrates the surface of the microcapsules and the mucosa. SBIR Phase I Program efforts focused on the development of the most feasible method(s) for

Using digital watermarking to enhance security in wireless medical image transmission.

PubMed

Giakoumaki, Aggeliki; Perakis, Konstantinos; Banitsas, Konstantinos; Giokas, Konstantinos; Tachakra, Sapal; Koutsouris, Dimitris

2010-04-01

During the last few years, wireless networks have been increasingly used both inside hospitals and in patients' homes to transmit medical information. In general, wireless networks suffer from decreased security. However, digital watermarking can be used to secure medical information. In this study, we focused on combining wireless transmission and digital watermarking technologies to better secure the transmission of medical images within and outside the hospital. We utilized an integrated system comprising the wireless network and the digital watermarking module to conduct a series of tests. The test results were evaluated by medical consultants. They concluded that the images suffered no visible quality degradation and maintained their diagnostic integrity. The proposed integrated system presented reasonable stability, and its performance was comparable to that of a fixed network. This system can enhance security during the transmission of medical images through a wireless channel.

A more secure anonymous user authentication scheme for the integrated EPR information system.

PubMed

Wen, Fengtong

2014-05-01

Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.'s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

2015-01-01

NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

NASA Astrophysics Data System (ADS)

Green, Mary W.

1997-01-01

As problems of violence and crime become more prevalent in our schools, more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense US social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti- graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more tot he general 'order maintenance' of the facility than could be achieved by separate measures not integrated or related.

Bibliography for computer security, integrity, and safety

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports.

Research on offense and defense technology for iOS kernel security mechanism

NASA Astrophysics Data System (ADS)

Chu, Sijun; Wu, Hao

2018-04-01

iOS is a strong and widely used mobile device system. It's annual profits make up about 90% of the total profits of all mobile phone brands. Though it is famous for its security, there have been many attacks on the iOS operating system, such as the Trident apt attack in 2016. So it is important to research the iOS security mechanism and understand its weaknesses and put forward targeted protection and security check framework. By studying these attacks and previous jailbreak tools, we can see that an attacker could only run a ROP code and gain kernel read and write permissions based on the ROP after exploiting kernel and user layer vulnerabilities. However, the iOS operating system is still protected by the code signing mechanism, the sandbox mechanism, and the not-writable mechanism of the system's disk area. This is far from the steady, long-lasting control that attackers expect. Before iOS 9, breaking these security mechanisms was usually done by modifying the kernel's important data structures and security mechanism code logic. However, after iOS 9, the kernel integrity protection mechanism was added to the 64-bit operating system and none of the previous methods were adapted to the new versions of iOS [1]. But this does not mean that attackers can not break through. Therefore, based on the analysis of the vulnerability of KPP security mechanism, this paper implements two possible breakthrough methods for kernel security mechanism for iOS9 and iOS10. Meanwhile, we propose a defense method based on kernel integrity detection and sensitive API call detection to defense breakthrough method mentioned above. And we make experiments to prove that this method can prevent and detect attack attempts or invaders effectively and timely.

DOE DISS/ET pilot system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Strait, R.S.; Wagner, E.E.

1994-07-01

The US Department of Energy (DOE) Office of Safeguards and Security initiated the DOE Integrated Security System / Electronic Transfer (DISS/ET) for the purpose of reducing the time required to process security clearance requests. DISS/ET will be an integrated system using electronic commerce technologies for the collection and processing of personnel security clearance data, and its transfer between DOE local security clearance offices, DOE Operations Offices, and the Office of Personnel Management. The system will use electronic forms to collect clearance applicant data. The forms data will be combined with electronic fingerprint images and packaged in a secure encrypted electronicmore » mail envelope for transmission across the Internet. Information provided by the applicant will be authenticated using digital signatures. All processing will be done electronically.« less

Designing new institutions for implementing integrated disaster risk management: key elements and future directions.

PubMed

Gopalakrishnan, Chennat; Okada, Norio

2007-12-01

The goal of integrated disaster risk management is to promote an overall improvement in the quality of safety and security in a region, city or community at disaster risk. This paper presents the case for a thorough overhaul of the institutional component of integrated disaster risk management. A review of disaster management institutions in the United States indicates significant weaknesses in their ability to contribute effectively to the implementation of integrated disaster risk management. Our analysis and findings identify eight key elements for the design of dynamic new disaster management institutions. Six specific approaches are suggested for incorporating the identified key elements in building new institutions that would have significant potential for enhancing the effective implementation of integrated disaster risk management. We have developed a possible blueprint for effective design and construction of efficient, sustainable and functional disaster management institutions.

Resilient and Robust High Performance Computing Platforms for Scientific Computing Integrity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jin, Yier

As technology advances, computer systems are subject to increasingly sophisticated cyber-attacks that compromise both their security and integrity. High performance computing platforms used in commercial and scientific applications involving sensitive, or even classified data, are frequently targeted by powerful adversaries. This situation is made worse by a lack of fundamental security solutions that both perform efficiently and are effective at preventing threats. Current security solutions fail to address the threat landscape and ensure the integrity of sensitive data. As challenges rise, both private and public sectors will require robust technologies to protect its computing infrastructure. The research outcomes from thismore » project try to address all these challenges. For example, we present LAZARUS, a novel technique to harden kernel Address Space Layout Randomization (KASLR) against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical. We also introduced HA2lloc, a hardware-assisted allocator that is capable of leveraging an extended memory management unit to detect memory errors in the heap. We also perform testing using HA2lloc in a simulation environment and find that the approach is capable of preventing common memory vulnerabilities.« less

Design for Security Workshop

DTIC Science & Technology

2014-09-30

fingerprint sensor etc.  Secure application execution  Trust established outwards  With normal world apps  With internet/cloud apps...Xilinx Zynq Security Components and Capabilities © Copyright 2014 Xilinx . Security Features Inherited from FPGAs Zynq Secure Boot TrustZone...2014 Xilinx . Security Features Inherited from FPGAs Zynq Secure Boot TrustZone Integration 4 Agenda © Copyright 2014 Xilinx . Device DNA and User

A Framework for Resilient Remote Monitoring

DTIC Science & Technology

2014-08-01

of low-level observables are availa- ble, audited , and recorded. This establishes the need for a re- mote monitoring framework that can integrate with...Security, WS-Policy, SAML, XML Signature, and XML Encryption. Pearson Higher Education, 2004. [3] OMG, “Common Secure Interoperability Protocol...www.darpa.mil/Our_Work/I2O/Programs/Integrated_Cyb er_Analysis_System_%28ICAS%29.aspx. [8] D. Miller and B. Pearson , Security information and event man

The Effect of Interactive Simulations on Exercise Adherence with Overweight and Obese Adults

DTIC Science & Technology

2009-12-01

integrated video game play capabilities was developed. Unique software was written and further modified to integrate the exercise equipment/ video game ...exercise bicycle with video gaming console 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 19a. NAME OF... video game play on exercise adherence, exercise motivation , and self-efficacy in overweight and obese Army personnel. Despite being younger. less

Security for whom? Stabilisation and civilian protection in Colombia.

PubMed

Elhawary, Samir

2010-10-01

This paper focuses on three periods of stabilisation in Colombia: the Alliance for Progress (1961-73) that sought to stem the threat of communist revolution in Latin America; Plan Colombia and President Alvaro Uribe's 'democratic security' policy (2000-07) aimed at defeating the guerrillas and negotiating a settlement with the paramilitaries; and the current 'integrated approach', adopted from 2007, to consolidate more effectively the state's control of its territory.(1) The paper assesses the extent to which these stabilisation efforts have enhanced the protection of civilians and ultimately finds that in all three periods there has been a disconnect between the discourse and the practice of stabilisation. While they have all sought to enhance security, in actual fact, they have privileged the security of the state and its allies at the expense of the effective protection of the civilian population. This has not only led to widespread human rights abuses but also has undermined the long-term stability being pursued. © 2010 The Author(s). Journal compilation © Overseas Development Institute, 2010.

Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report

DTIC Science & Technology

2011-08-24

REPORT Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: The...goal of this program is to establish a fundamental information-theoretic understand of quantum secure communication and to devise a practical...scalable implementation of quantum key distribution protocols in an integrated photonic architecture. We report our progress on experimental and

A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Das, Ashok Kumar

2015-03-01

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients' health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen's scheme has the same security drawbacks as in Lee at al.'s scheme. In order to remedy these security weaknesses found in Lee et al.'s scheme and Wen's scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.'s scheme and Wen's scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

Towards an integrated defense system for cyber security situation awareness experiment

NASA Astrophysics Data System (ADS)

Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

2015-05-01

In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

New secure communication-layer standard for medical image management (ISCL)

NASA Astrophysics Data System (ADS)

Kita, Kouichi; Nohara, Takashi; Hosoba, Minoru; Yachida, Masuyoshi; Yamaguchi, Masahiro; Ohyama, Nagaaki

1999-07-01

This paper introduces a summary of the standard draft of ISCL 1.00 which will be published by MEDIS-DC officially. ISCL is abbreviation of Integrated Secure Communication Layer Protocols for Secure Medical Image Management Systems. ISCL is a security layer which manages security function between presentation layer and TCP/IP layer. ISCL mechanism depends on basic function of a smart IC card and symmetric secret key mechanism. A symmetry key for each session is made by internal authentication function of a smart IC card with a random number. ISCL has three functions which assure authentication, confidently and integrity. Entity authentication process is done through 3 path 4 way method using functions of internal authentication and external authentication of a smart iC card. Confidentially algorithm and MAC algorithm for integrity are able to be selected. ISCL protocols are communicating through Message Block which consists of Message Header and Message Data. ISCL protocols are evaluating by applying to regional collaboration system for image diagnosis, and On-line Secure Electronic Storage system for medical images. These projects are supported by Medical Information System Development Center. These project shows ISCL is useful to keep security.

Whale Hearing Models

DTIC Science & Technology

2005-06-20

methodologies and partnership projects developed under the ONR Effect of Sound in the Marine Environment (ESME) Program. The effort involved an integration...computational models to predict audiograms for these species. National Security These data will assist in designing effective noise mitigation measures and...includes marine species for which there are reliable hearing data as well as sample sources with appropriate distance effects in their renditions, including

SIGAR: Special Inspector General for Afghanistan Reconstruction

DTIC Science & Technology

2009-10-30

effectively . SIGAR has recommended that U.S. civilian agencies and military commands work together to develop an integrated management information sys- tem...amnesties and developing a reintegration program. The 11 Transformative Effects • Population Security • Elections and Continuity of Governance...national economies, to assisting in the develop - ment of effective , accessible, independent legal systems for a more transparent and accountable

The Effective Integration of the ICGLR Towards Sustainable Security and Economic Development in the GLR of Africa

DTIC Science & Technology

2012-06-08

political stability and absence of violence, government effectiveness, and control of corruption (World Bank Institute 2010). These aggregates are...Accountability Political stability and absence of violence Government Effectiveness Control of Corruption Period in Years 2007-2010 in % Period in...of political stability and levels of violence, voice and accountability, government effectiveness, and control of corruption. The assessment goes

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

Understanding the Adoption Process of National Security Technology: An Integration of Diffusion of Innovations and Volitional Behavior Theories.

PubMed

Iles, Irina A; Egnoto, Michael J; Fisher Liu, Brooke; Ackerman, Gary; Roberts, Holly; Smith, Daniel

2017-11-01

After the 9/11 terrorist attacks, the U.S. government initiated several national security technology adoption programs. The American public, however, has been skeptical about these initiatives and adoption of national security technologies has been mandated, rather than voluntary. We propose and test a voluntary behavioral intention formation model for the adoption of one type of new security technology: portable radiation detectors. Portable radiation detectors are an efficient way of detecting radiological and nuclear threats and could potentially prevent loss of life and damage to individuals' health. However, their functioning requires that a critical mass of individuals use them on a daily basis. We combine the explanatory advantages of diffusion of innovation with the predictive power of two volitional behavior frameworks: the theory of reasoned action and the health belief model. A large sample survey (N = 1,482) investigated the influence of factors identified in previous diffusion of innovation research on portable radiation detector adoption intention. Results indicated that nonfinancial incentives, as opposed to financial incentives, should be emphasized in persuasive communications aimed at fostering adoption. The research provides a new integration of diffusion of innovation elements with determinants of volitional behavior from persuasion literature, and offers recommendations on effective communication about new security technologies to motivate public adoption and enhance national safety. © 2017 Society for Risk Analysis.

Promoting exercise behaviour in a secure mental health setting: Healthcare assistant perspectives.

PubMed

Kinnafick, Florence-Emilie; Papathomas, Anthony; Regoczi, Dora

2018-05-30

Individuals with severe mental illness engage in significantly less amounts of physical activity than the general population. A secure mental health setting can exacerbate barriers to exercise, and facilitate physical inactivity and sedentary behaviour. Healthcare assistants are intimately involved in the daily lives of patients and, therefore, should be considered integral to exercise promotion in secure mental health settings. Our aim was to explore healthcare assistants' perceptions of exercise and their attitudes to exercise promotion for adult patients in a secure mental health hospital. Qualitative semi-structured interviews were conducted with 11 healthcare assistants from a large UK-based secure mental health hospital. Topics included healthcare assistants' personal experiences of exercise within a secure facility, their perceptions of exercise as an effective treatment tool for mental health, and their perceived roles and responsibilities for exercise promotion. Thematic analysis was used to analyse the data. Three main themes were identified: (i) exercise is multi-beneficial to patients, (ii) perceived barriers to effective exercise promotion, and (iii) strategies for effectives exercise promotion. Healthcare assistants considered exercise to hold patient benefits. However, core organizational and individual barriers limited healthcare assistants' exercise promotion efforts. An informal approach to exercise promotion was deemed most effective to some, whereas others committed to more formal strategies including compulsory sessions. With education and organizational support, we propose healthcare assistants are well placed to identify individual needs for exercise promotion. Their consultation could lead to more efficacious, person-sensitive interventions. © 2018 Australian College of Mental Health Nurses Inc.

Conservation science in a terrorist age: the impact of airport security screening on the viability and DNA integrity of frozen felid spermatozoa.

PubMed

Gloor, Kayleen T; Winget, Doug; Swanson, William F

2006-09-01

In response to growing terrorism concerns, the Transportation Security Administration now requires that all checked baggage at U.S. airports be scanned through a cabinet x-ray system, which may increase risk of radiation damage to transported biologic samples and other sensitive genetic material. The objective of this study was to investigate the effect of these new airport security regulations on the viability and DNA integrity of frozen felid spermatozoa. Semen was collected from two domestic cats (Felis silvestris catus) and one fishing cat (Prionailurus viverrinus), cryopreserved in plastic freezing straws, and transferred into liquid nitrogen dry shippers for security screening. Treatment groups included frozen samples from each male scanned once or three times using a Transportation Security Administration-operated cabinet x-ray system, in addition to non-scanned samples (i.e., negative control) and samples previously scanned three times and exposed to five additional high-intensity x-ray bursts (i.e., positive control). Dosimeters placed in empty dry shippers were used to quantify radiation exposure. Following treatment, straws were thawed and spermatozoa analyzed for post-thaw motility (percentage motile and rate of progressive movement), acrosome status, and DNA integrity using single-cell gel electrophoresis (i.e., the comet assay). Dosimeter measurements determined that each airport screening procedure produced approximately 16 mrem of radiation exposure. Our results indicated that all levels of radiation exposure adversely affected (P < 0.05) post-thaw sperm motility, but the percentage of acrosome-intact spermatozoa did not differ (P > 0.05) among treatment groups. Results also showed that the amount of double-stranded DNA damage was greater (P < 0.05) in sperm samples from both cat species scanned three times compared to samples scanned once or negative controls. Findings suggest that new airport security measures may cause radiation-induced damage to frozen spermatozoa and other valuable biologic samples transported on passenger aircraft and that alternative modes of sample transportation should be used whenever possible.

Increasing security through public health: a practical model.

PubMed

Parker, R David

2011-01-01

As political and social changes sweep the globe, there are opportunities to increase national security through innovative approaches. While traditional security methods such as defense forces and homeland security provide both pre-emptive and defensive protection, new methods could meet emerging challenges by responding to the political, financial, and social trends. One method is the integration of defense, medicine and public health. By assisting a nation by providing basic services, such as healthcare, collaborative efforts can increase stabilization in areas of unrest. Improved health outcomes leads to increased domestic security, which can create a ripple effect across a region. Assessment, uptake and sustainability by the host nation are critical for program success. The proposed methodology focuses on the use of primarily extant resources, such as programs used by Special Operations Forces and other health and defense programs. Additional components include evaluation, set objectives and mission collaborations. As the nexus between foreign affairs, security, and public health is increasingly validated through research and practice, standardized interventions should be developed to minimize overlapping expenditures, promote security and strengthen international relations. 2011.

An Integrating Framework for Interdisciplinary Military Analyses

DTIC Science & Technology

2017-04-01

Effectiveness, System Performance, Task Prosecution, War Gaming 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES...and space for every play of the game . Called plays can be compared to collective tasks with each player responsible for executing one or more

Lessons learned from the scaling-up of a weekly multimicronutrient supplementation program in the integrated food security program (PISA).

PubMed

Lechtig, Aarón; Gross, Rainer; Vivanco, Oscar Aquino; Gross, Ursula; López de Romaña, Daniel

2006-01-01

Weekly multimicronutrient supplementation was initiated as an appropriate intervention to protect poor urban populations from anemia. To identify the lessons learned from the Integrated Food Security Program (Programa Integrado de Seguridad Alimentaria [PISA]) weekly multimicronutrient supplementation program implemented in poor urban populations of Chiclayo, Peru. Data were collected from a 12-week program in which multimicronutrient supplements were provided weekly to women and adolescent girls 12 through 44 years of age and children under 5 years of age. A baseline survey was first conducted. Within the weekly multimicronutrient supplementation program, information was collected on supplement distribution, compliance, biological effectiveness, and cost. Supplementation, fortification, and dietary strategies can be integrated synergistically within a micronutrient intervention program. To ensure high cost-effectiveness of a weekly multimicronutrient supplementation program, the following conditions need to be met: the program should be implemented twice a year for 4 months; the program should be simultaneously implemented at the household (micro), community (meso), and national (macro) levels; there should be governmental participation from health and other sectors; and there should be community and private sector participation. Weekly multimicronutrient supplementation programs are cost effective options in urban areas with populations at low risk of energy deficiency and high risk of micronutrient deficiencies.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Securing Digital Images Integrity using Artificial Neural Networks

NASA Astrophysics Data System (ADS)

Hajji, Tarik; Itahriouan, Zakaria; Ouazzani Jamil, Mohammed

2018-05-01

Digital image signature is a technique used to protect the image integrity. The application of this technique can serve several areas of imaging applied to smart cities. The objective of this work is to propose two methods to protect digital image integrity. We present a description of two approaches using artificial neural networks (ANN) to digitally sign an image. The first one is “Direct Signature without learning” and the second is “Direct Signature with learning”. This paper presents the theory of proposed approaches and an experimental study to test their effectiveness.

Encouraging staff involvement in the security effort.

PubMed

Hudson, Gary A

2006-01-01

Developing greater rapport between the security department and other hospital employees is essential to a successful security effort. In this article, the author describes a number of methods which can be used to better integrate the security program into the culture of the hospital.

Beyond grid security

NASA Astrophysics Data System (ADS)

Hoeft, B.; Epting, U.; Koenig, T.

2008-07-01

While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls.

Integrity and security in an Ada runtime environment

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

A review is provided of the Formal Methods group discussions. It was stated that integrity is not a pure mathematical dual of security. The input data is part of the integrity domain. The group provided a roadmap for research. One item of the roadmap and the final position statement are closely related to the space shuttle and space station. The group's position is to use a safe subset of Ada. Examples of safe sets include the Army Secure Operating System and the Penelope Ada verification tool. It is recommended that a conservative attitude is required when writing Ada code for life and property critical systems.

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

Integrated Modeling Approach for Optimal Management of Water, Energy and Food Security Nexus

DOE Office of Scientific and Technical Information (OSTI.GOV)

Zhang, Xiaodong; Vesselinov, Velimir Valentinov

We report that water, energy and food (WEF) are inextricably interrelated. Effective planning and management of limited WEF resources to meet current and future socioeconomic demands for sustainable development is challenging. WEF production/delivery may also produce environmental impacts; as a result, green-house-gas emission control will impact WEF nexus management as well. Nexus management for WEF security necessitates integrated tools for predictive analysis that are capable of identifying the tradeoffs among various sectors, generating cost-effective planning and management strategies and policies. To address these needs, we have developed an integrated model analysis framework and tool called WEFO. WEFO provides a multi-periodmore » socioeconomic model for predicting how to satisfy WEF demands based on model inputs representing productions costs, socioeconomic demands, and environmental controls. WEFO is applied to quantitatively analyze the interrelationships and trade-offs among system components including energy supply, electricity generation, water supply-demand, food production as well as mitigation of environmental impacts. WEFO is demonstrated to solve a hypothetical nexus management problem consistent with real-world management scenarios. Model parameters are analyzed using global sensitivity analysis and their effects on total system cost are quantified. Lastly, the obtained results demonstrate how these types of analyses can be helpful for decision-makers and stakeholders to make cost-effective decisions for optimal WEF management.« less

Integrated Modeling Approach for Optimal Management of Water, Energy and Food Security Nexus

DOE PAGES

Zhang, Xiaodong; Vesselinov, Velimir Valentinov

2016-12-28

We report that water, energy and food (WEF) are inextricably interrelated. Effective planning and management of limited WEF resources to meet current and future socioeconomic demands for sustainable development is challenging. WEF production/delivery may also produce environmental impacts; as a result, green-house-gas emission control will impact WEF nexus management as well. Nexus management for WEF security necessitates integrated tools for predictive analysis that are capable of identifying the tradeoffs among various sectors, generating cost-effective planning and management strategies and policies. To address these needs, we have developed an integrated model analysis framework and tool called WEFO. WEFO provides a multi-periodmore » socioeconomic model for predicting how to satisfy WEF demands based on model inputs representing productions costs, socioeconomic demands, and environmental controls. WEFO is applied to quantitatively analyze the interrelationships and trade-offs among system components including energy supply, electricity generation, water supply-demand, food production as well as mitigation of environmental impacts. WEFO is demonstrated to solve a hypothetical nexus management problem consistent with real-world management scenarios. Model parameters are analyzed using global sensitivity analysis and their effects on total system cost are quantified. Lastly, the obtained results demonstrate how these types of analyses can be helpful for decision-makers and stakeholders to make cost-effective decisions for optimal WEF management.« less

25 CFR 700.263 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-04-01

... safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment..., subject to safeguards based on those recommended in the National Bureau of Standards booklet “Computer...

25 CFR 700.263 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-04-01

... safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment..., subject to safeguards based on those recommended in the National Bureau of Standards booklet “Computer...

25 CFR 700.263 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarassment..., subject to safeguards based on those recommended in the National Bureau of Standards booklet “Computer...

25 CFR 700.263 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarassment..., subject to safeguards based on those recommended in the National Bureau of Standards booklet “Computer...

25 CFR 700.263 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-04-01

... safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment..., subject to safeguards based on those recommended in the National Bureau of Standards booklet “Computer...

Ver-i-Fus: an integrated access control and information monitoring and management system

NASA Astrophysics Data System (ADS)

Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

1997-01-01

This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

12 CFR 704.2 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-01-01

.... Adjusted trading means any method or transaction whereby a corporate credit union sells a security to a... securities, asset-backed securities, or corporate obligations in the form of loans or debt. Senior tranches... repurchase transaction means an integrated transaction in which a corporate credit union purchases a security...

Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Powell, J. D.

2002-01-01

This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

Effect of Conservation Systems and Irrigation on Potential Bioenergy Crops

USDA-ARS?s Scientific Manuscript database

Renewable energy production in the United States should increase due to economic, environmental, and national security concerns. In the Southeastern US, annual cellulosic crops could be integrated in rotation systems to produce biofuels. An experiment conducted in South Central Alabama evaluated thr...

Professional Development: Catalyst for Change?

ERIC Educational Resources Information Center

Niederhauser, Dale; Wessling, Sarah

2011-01-01

Difficulty securing adequate professional development (PD) has long been a barrier to the effective implementation of educational technology. Concerns about the dearth of PD for helping teachers integrate technology into their instructional practices raised nearly 25 years ago appear to still hold true despite repeated calls for increased…

Columbia University's Informatics for Diabetes Education and Telemedicine (IDEATel) Project

PubMed Central

Starren, Justin; Hripcsak, George; Sengupta, Soumitra; Abbruscato, C.R.; Knudson, Paul E.; Weinstock, Ruth S.; Shea, Steven

2002-01-01

The Columbia University Informatics for Diabetes Education and Telemedicine IDEATel) project is a four-year demonstration project funded by the Centers for Medicare and Medicaid Services with the overall goal of evaluating the feasibility, acceptability, effectiveness, and cost-effectiveness of telemedicine. The focal point of the intervention is the home telemedicine unit (HTU), which provides four functions: synchronous videoconferencing over standard telephone lines, electronic transmission for fingerstick glucose and blood pressure readings, secure Web-based messaging and clinical data review, and access to Web-based educational materials. The HTU must be usable by elderly patients with no prior computer experience. Providing these functions through the HTU requires tight integration of six components: the HTU itself, case management software, a clinical information system, Web-based educational material, data security, and networking and telecommunications. These six components were integrated through a variety of interfaces, providing a system that works well for patients and providers. With more than 400 HTUs installed, IDEATel has demonstrated the feasibility of large-scale home telemedicine. PMID:11751801

Metrinome: Continuous Monitoring and Security Validation of Distributed Systems

DTIC Science & Technology

2014-03-01

Integration into the SDLC ( Software Development Life Cycle), Retrieved Nov 06 2013, https://www.owasp.org/ images/f/f6/Integration_into_the_SDLC.ppt [2...assessment as part of the software development life cycle, current approaches suffer from a number of shortcomings that limit their application in...with assessing security and correct functionality. Second, integrated and end-to-end testing and experimentation is often postponed until software

Secure password-based authenticated key exchange for web services

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liang, Fang; Meder, Samuel; Chevassut, Olivier

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options inmore » the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.« less

Information security requirements in patient-centred healthcare support systems.

PubMed

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

NASA Astrophysics Data System (ADS)

Graham, Christopher J.

2012-05-01

Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 16 Commercial Practices 1 2013-01-01 2013-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 16 Commercial Practices 1 2010-01-01 2010-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 16 Commercial Practices 1 2011-01-01 2011-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 16 Commercial Practices 1 2012-01-01 2012-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 16 Commercial Practices 1 2014-01-01 2014-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Green, M.W.

As problems of violence and crime become more prevalent in our schools (or at least the perception of their prevalence), more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense U.S. social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti-graffiti methods, and duress alarms can all be effective, given they aremore » used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems (`big picture`) approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more to the general `order maintenance` of the facility than could be achieved by separate measures not integrated or related.« less

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network

PubMed Central

Rajagopalan, S. P.

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network. PMID:29040290

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

PubMed

Alagarsamy, Sumithra; Rajagopalan, S P

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

An Integrated Approach for Physical and Cyber Security Risk Assessment: The U.S. Army Corps of Engineers Common Risk Model for Dams

DTIC Science & Technology

2016-07-01

Common Risk Model for Dams ( CRM -D) Methodology,” for the Director, Cost Assessment and Program Evaluation, Office of Secretary of Defense and the...for Dams ( CRM -D), developed by the U.S. Army Corps of Engineers (USACE) in collaboration with the Institute for Defense Analyses (IDA) and the U.S...and cyber security risks across a portfolio of dams, and informing decisions on how to mitigate those risks. The CRM -D can effectively quantify the

HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

NASA Astrophysics Data System (ADS)

Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

2006-03-01

As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Selecting Security Technology Providers

ERIC Educational Resources Information Center

Schneider, Tod

2009-01-01

The world of security technology holds great promise, but it is fraught with opportunities for expensive missteps and misapplications. The quality of the security technology consultants and system integrators one uses will have a direct bearing on how well his school masters this complex subject. Security technology consultants help determine…

77 FR 32111 - Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-31

... or fraud, or harm to the security or integrity of this system or other systems or programs (whether... to comment. FCC/MB-2 System Name: Broadcast Station Public Inspection Files. Security Classification: The FCC's Security Operations Center (SOC) has not assigned a security classification to this system...

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

Grid Computing and Collaboration Technology in Support of Fusion Energy Sciences

NASA Astrophysics Data System (ADS)

Schissel, D. P.

2004-11-01

The SciDAC Initiative is creating a computational grid designed to advance scientific understanding in fusion research by facilitating collaborations, enabling more effective integration of experiments, theory and modeling, and allowing more efficient use of experimental facilities. The philosophy is that data, codes, analysis routines, visualization tools, and communication tools should be thought of as easy to use network available services. Access to services is stressed rather than portability. Services share the same basic security infrastructure so that stakeholders can control their own resources and helps ensure fair use of resources. The collaborative control room is being developed using the open-source Access Grid software that enables secure group-to-group collaboration with capabilities beyond teleconferencing including application sharing and control. The ability to effectively integrate off-site scientists into a dynamic control room will be critical to the success of future international projects like ITER. Grid computing, the secure integration of computer systems over high-speed networks to provide on-demand access to data analysis capabilities and related functions, is being deployed as an alternative to traditional resource sharing among institutions. The first grid computational service deployed was the transport code TRANSP and included tools for run preparation, submission, monitoring and management. This approach saves user sites from the laborious effort of maintaining a complex code while at the same time reducing the burden on developers by avoiding the support of a large number of heterogeneous installations. This tutorial will present the philosophy behind an advanced collaborative environment, give specific examples, and discuss its usage beyond FES.

Computer Assisted Exercise Environment for Terrorist Attack Consequence Management

DTIC Science & Technology

2006-09-01

security and crisis management. Fig. 3. Third Generation SSR for Integrated Security Sector MoD MoI MoEM MoFA Special Services Integrated Security...Ministries: MoEM , MoI, MoD, MH, MoEW, MoE, MoAF National Media, NGOs, other agencies District EOC / LEMA MHS/IDS/WIS Field EOC MHS/IDS/WIS MHS IDS...SRA EDA DG Environment ... EU SR Fund MoD MoI MoE&S MoEM ... National USA Great Britain Netherlands Germany ... Bilateral BSEC Stab. Pact ... Regional

Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2007-01-01

This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

Fully integrated automated security surveillance system: managing a changing world through managed technology and product applications

NASA Astrophysics Data System (ADS)

Francisco, Glen; Brown, Todd

2012-06-01

Integrated security systems are essential to pre-empting criminal assaults. Nearly 500,000 sites have been identified (source: US DHS) as critical infrastructure sites that would suffer severe damage if a security breach should occur. One major breach in any of 123 U.S. facilities, identified as "most critical", threatens more than 1,000,000 people. The vulnerabilities of critical infrastructure are expected to continue and even heighten over the coming years.

NATIONAL PREPAREDNESS: Integrating New and Existing Technology and Information Sharing into an Effective Homeland Security Strategy

DTIC Science & Technology

2002-06-07

Continue to Develop and Refine Emerging Technology • Some of the emerging biometric devices, such as iris scans and facial recognition systems...such as iris scans and facial recognition systems, facial recognition systems, and speaker verification systems. (976301)

10 CFR 706.30 - Clearance of certain local union representatives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Section 706.30 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT... opportunity for effective representation of employees in collective bargaining relationships with DOE... Energy Installations in respect to integration of the union into the plant organization “as to two-way...

10 CFR 706.30 - Clearance of certain local union representatives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Section 706.30 Energy DEPARTMENT OF ENERGY SECURITY POLICIES AND PRACTICES RELATING TO LABOR-MANAGEMENT... opportunity for effective representation of employees in collective bargaining relationships with DOE... Energy Installations in respect to integration of the union into the plant organization “as to two-way...

45 CFR 307.13 - Security and confidentiality for computerized support enforcement systems in operation after...

Code of Federal Regulations, 2010 CFR

2010-10-01

... ENFORCEMENT SYSTEMS § 307.13 Security and confidentiality for computerized support enforcement systems in... systems in operation after October 1, 1997. (a) Information integrity and security. Have safeguards... 45 Public Welfare 2 2010-10-01 2010-10-01 false Security and confidentiality for computerized...

CSRQ: Communication-Efficient Secure Range Queries in Two-Tiered Sensor Networks

PubMed Central

Dai, Hua; Ye, Qingqun; Yang, Geng; Xu, Jia; He, Ruiliang

2016-01-01

In recent years, we have seen many applications of secure query in two-tiered wireless sensor networks. Storage nodes are responsible for storing data from nearby sensor nodes and answering queries from Sink. It is critical to protect data security from a compromised storage node. In this paper, the Communication-efficient Secure Range Query (CSRQ)—a privacy and integrity preserving range query protocol—is proposed to prevent attackers from gaining information of both data collected by sensor nodes and queries issued by Sink. To preserve privacy and integrity, in addition to employing the encoding mechanisms, a novel data structure called encrypted constraint chain is proposed, which embeds the information of integrity verification. Sink can use this encrypted constraint chain to verify the query result. The performance evaluation shows that CSRQ has lower communication cost than the current range query protocols. PMID:26907293

Improving Strategic Competence: Lessons from 13 Years of War

DTIC Science & Technology

2014-01-01

a public service of the RAND Corporation. CHILDREN AND FAMILIES EDUCATION AND THE ARTS ENERGY AND ENVIRONMENT HEALTH AND HEALTH CARE INFRASTRUCTURE...2. An Integrated Civilian-Military Process Is a Necessary, But Not Sufficient, Condition of Effective National Security Policy and Strategy...Influence, and Unconventional Operations May Be Cost- Effective Ways of Addressing Conflict That Obviate the Need for Larger, Costlier Interventions

Integrity mechanism for eHealth tele-monitoring system in smart home environment.

PubMed

Mantas, Georgios; Lymberopoulos, Dimitrios; Komninos, Nikos

2009-01-01

During the past few years, a lot of effort has been invested in research and development of eHealth tele-monitoring systems that will provide many benefits for healthcare delivery from the healthcare provider to the patient's home. However, there is a plethora of security requirements in eHealth tele-monitoring systems. Data integrity of the transferred medical data is one of the most important security requirements that should be satisfied in these systems, since medical information is extremely sensitive information, and even sometimes life threatening information. In this paper, we present a data integrity mechanism for eHealth tele-monitoring system that operates in a smart home environment. Agent technology is applied to achieve data integrity with the use of cryptographic smart cards. Furthermore, the overall security infrastructure and its various components are described.

Security Assistance Dependence - Wielding American Power

DTIC Science & Technology

2002-12-09

national security objectives. One vehicle of this power brokering is the well-developed international security assistance program – oftentimes...incorrectly referred to exclusively as foreign military sales. There is nothing simple about the security assistance program as it has developed today...For the USG, there are many agencies influencing today’s security assistance program to execute complex, integrated tasks directly impacting U.S

National Strategy for Aviation Security

DTIC Science & Technology

2007-03-26

for Aviation Security (hereafter referred to as the Strategy) to protect the Nation and its interests from threats in the Air Domain. The Secretary of... Aviation security is best achieved by integrating public and private aviation security global activities into a coordinated effort to detect, deter...might occur. The Strategy aligns Federal government aviation security programs and initiatives into a comprehensive and cohesive national effort

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

A New Approach to Understanding Information Assurance

NASA Astrophysics Data System (ADS)

Blyth, Andrew; Williams, Colin; Bryant, Ian; Mattinson, Harvey

The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include Non-Repudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modern use of computing has generated. Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

26 CFR 1.410(b)-1 - Minimum coverage requirements (before 1994).

Code of Federal Regulations, 2010 CFR

2010-04-01

....410(b)-1(b)(2). (6) Integration with Social Security Act. See section 401(a)(5) and the regulations thereunder for rules relating to integration of plans with the Social Security Act. (7) Different age and..., all the employees of corporations or trades and businesses whose employees are treated as employed by...

77 FR 47411 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-08

... strengthening the integrity of the nation's legal immigration system by ensuring that immigration benefits are... the United States. In addition, USCIS enhances the integrity of the nation's legal immigration system... legal immigration system by: (1) Identifying threats to national security and public safety posed by...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hamlet, Jason; Pierson, Lyndon; Bauer, Todd

Supply chain security to detect, deter, and prevent the counterfeiting of networked and stand-alone integrated circuits (ICs) is critical to cyber security. Sandia National Laboratory researchers have developed IC ID to leverage Physically Unclonable Functions (PUFs) and strong cryptographic authentication to create a unique fingerprint for each integrated circuit. IC ID assures the authenticity of ICs to prevent tampering or malicious substitution.

Security technology: the shaping of research strategy--a holistic approach (Invited Paper)

NASA Astrophysics Data System (ADS)

Fisher, Neil

2005-05-01

Since the terrible events of 11 Sep 2001 the response to security vulnerabilities has been to throw "Guns, Gates and Guards" at the problem. Three years later and it is clear that, although this may have had a short-term effect, it is unsustainable and unaffordable in the long term. The war on terrorism is going to be fought for a very long time. Defending against terrorism and enhancing the resilience and robustness of society and its processes now requires constant vigilance. Only technology can provide that vigilance at an efficiency that can provide certainty of detection and fast response. A technology led approach, integrating with people and their processes calls for innovation and a new generation of technology that fuses the physical world with the logical world. This approach is measurable in terms of capability and investment, in the way that the previous Newtonian security approach of cause and effect is not. This paper will address this new security environment and the different approach that R&D has to take to ensure that life and Democracy thrive and terrorism is defeated.

Effect of security threats on primary care access in Logar province, Afghanistan.

PubMed

Morikawa, Masahiro J

2008-01-01

Security threats are a major concern for access to health care in many war-torn communities; however, there is little quantified data on actual access to care in rural communities during war. Kinderberg International e.V. provided primary care in rural Logar province, Afghanistan, for these three years in eight districts until they were integrated into the new health care structure led by the Ministry of Health in early 2005. We examined the number of patients visiting our clinic before and during the security threats related to the parliamentary election and subsequent national assembly in 2004. The number of patients declined in remote clinics while the number increased in central locations. This finding has an important practical implication: the monitoring of access to care should include remote clinics, otherwise it may potentially underestimate compromised access to health care due to security threats.

Virtual-optical information security system based on public key infrastructure

NASA Astrophysics Data System (ADS)

Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

2005-01-01

A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

The Forensic Confirmation Bias: A Comparison Between Experts and Novices.

PubMed

van den Eeden, Claire A J; de Poot, Christianne J; van Koppen, Peter J

2018-05-17

A large body of research has described the influence of context information on forensic decision-making. In this study, we examined the effect of context information on the search for and selection of traces by students (N = 36) and crime scene investigators (N = 58). Participants investigated an ambiguous mock crime scene and received prior information indicating suicide, a violent death or no information. Participants described their impression of the scene and wrote down which traces they wanted to secure. Results showed that context information impacted first impression of the scene and crime scene behavior, namely number of traces secured. Participants in the murder condition secured most traces. Furthermore, the students secured more crime-related traces. Students were more confident in their first impression. This study does not indicate that experts outperform novices. We therefore argue for proper training on cognitive processes as an integral part of all forensic education. © 2018 American Academy of Forensic Sciences.

Final report for the Integrated and Robust Security Infrastructure (IRSI) laboratory directed research and development project

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.

1997-11-01

This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSImore » addressed some of these issues to create a more manageable public key infrastructure.« less

Updating energy security and environmental policy: Energy security theories revisited.

PubMed

Proskuryakova, L

2018-06-18

The energy security theories are based on the premises of sufficient and reliable supply of fossil fuels at affordable prices in centralized supply systems. Policy-makers and company chief executives develop energy security strategies based on the energy security theories and definitions that dominate in the research and policy discourse. It is therefore of utmost importance that scientists revisit these theories in line with the latest changes in the energy industry: the rapid advancement of renewables and smart grid, decentralization of energy systems, new environmental and climate challenges. The study examines the classic energy security concepts (neorealism, neoliberalism, constructivism and international political economy) and assesses if energy technology changes are taken into consideration. This is done through integrative literature review, comparative analysis, identification of 'international relations' and 'energy' research discourse with the use of big data, and case studies of Germany, China, and Russia. The paper offers suggestions for revision of energy security concepts through integration of future technology considerations. Copyright © 2018 Elsevier Ltd. All rights reserved.

A security scheme of SMS system

NASA Astrophysics Data System (ADS)

Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

2005-02-01

With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

PubMed

Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

PubMed Central

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

Exploitation of Unintentional Information Leakage from Integrated Circuits

ERIC Educational Resources Information Center

Cobb, William E.

2011-01-01

The information leakage of electronic devices, especially those used in cryptographic or other vital applications, represents a serious practical threat to secure systems. While physical implementation attacks have evolved rapidly over the last decade, relatively little work has been done to allow system designers to effectively counter the…

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

PubMed Central

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation. PMID:26981584

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

PubMed

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

UNIX security in a supercomputing environment

NASA Technical Reports Server (NTRS)

Bishop, Matt

1989-01-01

The author critiques some security mechanisms in most versions of the Unix operating system and suggests more effective tools that either have working prototypes or have been implemented, for example in secure Unix systems. Although no computer (not even a secure one) is impenetrable, breaking into systems with these alternate mechanisms will cost more, require more skill, and be more easily detected than penetrations of systems without these mechanisms. The mechanisms described fall into four classes (with considerable overlap). User authentication at the local host affirms the identity of the person using the computer. The principle of least privilege dictates that properly authenticated users should have rights precisely sufficient to perform their tasks, and system administration functions should be compartmentalized; to this end, access control lists or capabilities should either replace or augment the default Unix protection system, and mandatory access controls implementing multilevel security models and integrity mechanisms should be available. Since most users access supercomputing environments using networks, the third class of mechanisms augments authentication (where feasible). As no security is perfect, the fourth class of mechanism logs events that may indicate possible security violations; this will allow the reconstruction of a successful penetration (if discovered), or possibly the detection of an attempted penetration.

An integrated water-energy-food-livelihoods approach for assessing environmental livelihood security

NASA Astrophysics Data System (ADS)

Biggs, E. M.; Duncan, J.; Boruff, B.; Bruce, E.; Neef, A.; McNeill, K.; van Ogtrop, F. F.; Haworth, B.; Duce, S.; Horsley, J.; Pauli, N.; Curnow, J.; Imanari, Y.

2015-12-01

Environmental livelihood security refers to the challenges of maintaining global food security and universal access to freshwater and energy to sustain livelihoods and promote inclusive economic growth, whilst sustaining key environmental systems' functionality, particularly under variable climatic regimes. Environmental security is a concept complementary to sustainable development, and considers the increased vulnerability people have to certain environmental stresses, such as climatic change. Bridging links between the core component concepts of environmental security is integral to future human security, and in an attempt to create this bridge, the nexus approach to human protection has been created, where water resource availability underpins food, water and energy security. The water-energy-food nexus has an influential role in attaining human security, yet little research has made the link between the nexus and livelihoods. In this research we provide a critical appraisal of the synergies between water-energy-food nexus framings and sustainable livelihoods approaches, both of which aim to promote sustainable development. In regions where livelihoods are dependent on environmental conditions, the concept of sustainable development is critical for ensuring future environmental and human security. Given our appraisal we go on to develop an integrated framework for assessing environmental livelihood security of multiscale and multi-level systems. This framework provides a tangible approach for assessing changes in the water-energy-food-livelihood indicators of a system. Examples of where system applications may occur are discussed for the Southeast Asia and Oceania region. Our approach will be particularly useful for policy-makers to inform evidence-based decision-making, especially in localities where climate change increases the vulnerability of impoverished communities and extenuates environmental livelihood insecurity.

Medical image security in a HIPAA mandated PACS environment.

PubMed

Cao, F; Huang, H K; Zhou, X Q

2003-01-01

Medical image security is an important issue when digital images and their pertinent patient information are transmitted across public networks. Mandates for ensuring health data security have been issued by the federal government such as Health Insurance Portability and Accountability Act (HIPAA), where healthcare institutions are obliged to take appropriate measures to ensure that patient information is only provided to people who have a professional need. Guidelines, such as digital imaging and communication in medicine (DICOM) standards that deal with security issues, continue to be published by organizing bodies in healthcare. However, there are many differences in implementation especially for an integrated system like picture archiving and communication system (PACS), and the infrastructure to deploy these security standards is often lacking. Over the past 6 years, members in the Image Processing and Informatics Laboratory, Childrens Hospital, Los Angeles/University of Southern California, have actively researched image security issues related to PACS and teleradiology. The paper summarizes our previous work and presents an approach to further research on the digital envelope (DE) concept that provides image integrity and security assurance in addition to conventional network security protection. The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The paper outlines the systematic development, evaluation and deployment of the DE method in a PACS environment. We have also proposed a dedicated PACS security server that will act as an image authority to check and certify the image origin and integrity upon request by a user, and meanwhile act also as a secure DICOM gateway to the outside connections and a PACS operation monitor for HIPAA supporting information. Copyright 2002 Elsevier Science Ltd.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

Access Control Is More than Security.

ERIC Educational Resources Information Center

Fickes, Michael

2002-01-01

Describes the University of New Mexico's photo identification LOBO card system, which performs both security and validation tasks. It is used in conjunction with several C-CURE 800 Integrated Security Management Systems supplied by Software House of Lexington, Massachusetts. (EV)

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

Best Practices for the Security of Radioactive Materials

DOE Office of Scientific and Technical Information (OSTI.GOV)

Coulter, D.T.; Musolino, S.

2009-05-01

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studiesmore » suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass both physical security (hardware and engineering) and administrative procedures. Security regimes for these devices and materials typically use a defense-in-depth- or layered-security approach to eliminate single points of failure. The Department of Energy, the Department of Homeland Security, the Department of Defense, the American Society of Industrial Security (ASIS), the Security Industry Association (SIA) and Underwriters Laboratory (UL) all rovide design guidance and hardware specifications. With a graded approach, a physical-security specialist can tailor an integrated security-management system in the most appropriate cost-effective manner to meet the regulatory and non-regulatory requirements of the licensee or client.« less

Security for IP Multimedia Services in the 3GPP Third Generation Mobile System.

ERIC Educational Resources Information Center

Horn, G.; Kroselberg, D.; Muller, K.

2003-01-01

Presents an overview of the security architecture of the IP multimedia core network subsystem (IMS) of the third generation mobile system, known in Europe as UMTS. Discusses IMS security requirements; IMS security architecture; authentication between IMS user and home network; integrity and confidentiality for IMS signalling; and future aspects of…

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Border and Transportation Security: Possible New Directions and Policy Options

DTIC Science & Technology

2005-03-29

Security: Overview of Issues. See also “ JFK Airport to Receive Walk-Through Explosives Detection Portal,” Homeland Security Monitor, Oct. 26, 2004. In...of integrated security design can be seen at Terminal six at the JFK airport in New York City. Since many airports were originally designed in the

Securing health sensing using integrated circuit metric.

PubMed

Tahir, Ruhma; Tahir, Hasan; McDonald-Maier, Klaus

2015-10-20

Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric) that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware "fingerprints". The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner.

Securing Health Sensing Using Integrated Circuit Metric

PubMed Central

Tahir, Ruhma; Tahir, Hasan; McDonald-Maier, Klaus

2015-01-01

Convergence of technologies from several domains of computing and healthcare have aided in the creation of devices that can help health professionals in monitoring their patients remotely. An increase in networked healthcare devices has resulted in incidents related to data theft, medical identity theft and insurance fraud. In this paper, we discuss the design and implementation of a secure lightweight wearable health sensing system. The proposed system is based on an emerging security technology called Integrated Circuit Metric (ICMetric) that extracts the inherent features of a device to generate a unique device identification. In this paper, we provide details of how the physical characteristics of a health sensor can be used for the generation of hardware “fingerprints”. The obtained fingerprints are used to deliver security services like authentication, confidentiality, secure admission and symmetric key generation. The generated symmetric key is used to securely communicate the health records and data of the patient. Based on experimental results and the security analysis of the proposed scheme, it is apparent that the proposed system enables high levels of security for health monitoring in resource optimized manner. PMID:26492250

Simple group password-based authenticated key agreements for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

State Security Breach Response Laws: State-by-State Summary Table. Using Data to Improve Education: A Legal Reference Guide to Protecting Student Privacy and Data Security

ERIC Educational Resources Information Center

Data Quality Campaign, 2011

2011-01-01

Under security breach response laws, businesses--and sometimes state and governmental agencies--are required to inform individuals when the security, confidentiality or integrity of their personal information has been compromised. This resource provides a state-by-state analysis of security breach response laws. [The Data Quality Campaign has…

Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

NASA Technical Reports Server (NTRS)

Powell, John D.

2003-01-01

This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

2015-01-01

NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

Risk assessment of climate systems for national security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean

2012-10-01

Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

76 FR 20003 - Privacy Act of 1974: Notice of New System of Records, Integrated Disbursement & Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-11

... property interests, identity theft or fraud, or harm to the security or integrity of this system, then the... System (IDIS). System Location: Online at http://www.hud.gov/offices/cpd/systems/idis/idis.cfm... Information (PII) is not being released. If the Department suspects or has confirmed that the security or...

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

OSD CALS Architecture Master Plan Study. Concept Paper. Security. Volume 38

DOT National Transportation Integrated Search

1989-07-01

Developing and executing a well-thought-out security policy is critical to the success of CALS. Without appropriate security measures, the integration of technology, organizations, functions, and data envisioned as Phase II CALS can not occur. Theref...

Hardening Logic Encryption against Key Extraction Attacks with Circuit Camouflage

DTIC Science & Technology

2017-03-01

camouflage; obfuscation; SAT; key extraction; reverse engineering; security; trusted electronics Introduction Integrated Circuit (IC) designs are...Encryption Algorithms”, Hardware Oriented Security and Trust , 2015. 3. Rajendran J., Pino, Y., Sinanoglu, O., Karri, R., “Security Analysis of Logic

A review of integration strategies for solid oxide fuel cells

NASA Astrophysics Data System (ADS)

Zhang, Xiongwen; Chan, S. H.; Li, Guojun; Ho, H. K.; Li, Jun; Feng, Zhenping

Due to increasing oil and gas demand, the depletion of fossil resources, serious global warming, efficient energy systems and new energy conversion processes are urgently needed. Fuel cells and hybrid systems have emerged as advanced thermodynamic systems with great promise in achieving high energy/power efficiency with reduced environmental loads. In particular, due to the synergistic effect of using integrated solid oxide fuel cell (SOFC) and classical thermodynamic cycle technologies, the efficiency of the integrated system can be significantly improved. This paper reviews different concepts/strategies for SOFC-based integration systems, which are timely transformational energy-related technologies available to overcome the threats posed by climate change and energy security.

Children affected by HIV/AIDS: SAFE, a model for promoting their security, health, and development.

PubMed

Betancourt, Theresa S; Fawzi, Mary K S; Bruderlein, Claude; Desmond, Chris; Kim, Jim Y

2010-05-01

A human security framework posits that individuals are the focus of strategies that protect the safety and integrity of people by proactively promoting children's well being, placing particular emphasis on prevention efforts and health promotion. This article applies this framework to a rights-based approach in order to examine the health and human rights of children affected by HIV/AIDS. The SAFE model describes sources of insecurity faced by children across four fundamental dimensions of child well-being and the survival strategies that children and families may employ in response. The SAFE model includes: Safety/protection; Access to health care and basic physiological needs; Family/connection to others; and Education/livelihoods. We argue that it is critical to examine the situation of children through an integrated lens that effectively looks at human security and children's rights through a holistic approach to treatment and care rather than artificially limiting our scope of work to survival-oriented interventions for children affected by HIV/AIDS. Interventions targeted narrowly at children, in isolation of their social and communal environment as outlined in the SAFE model, may in fact undermine protective resources in operation in families and communities and present additional threats to children's basic security. An integrated approach to the basic security and care of children has implications for the prospects of millions of children directly infected or indirectly affected by HIV/AIDS around the world. The survival strategies that young people and their families engage in must be recognized as a roadmap for improving their protection and promoting healthy development. Although applied to children affected by HIV/AIDS in the present analysis, the SAFE model has implications for guiding the care and protection of children and families facing adversity due to an array of circumstances from armed conflict and displacement to situations of extreme poverty.

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

Security and health research databases: the stakeholders and questions to be addressed.

PubMed

Stewart, Sara

2006-01-01

Health research database security issues abound. Issues include subject confidentiality, data ownership, data integrity and data accessibility. There are also various stakeholders in database security. Each of these stakeholders has a different set of concerns and responsibilities when dealing with security issues. There is an obvious need for training in security issues, so that these issues may be addressed and health research will move on without added obstacles based on misunderstanding security methods and technologies.

Image-based electronic patient records for secured collaborative medical applications.

PubMed

Zhang, Jianguo; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Yao, Yihong; Cai, Weihua; Jin, Jin; Zhang, Guozhen; Sun, Kun

2005-01-01

We developed a Web-based system to interactively display image-based electronic patient records (EPR) for secured intranet and Internet collaborative medical applications. The system consists of four major components: EPR DICOM gateway (EPR-GW), Image-based EPR repository server (EPR-Server), Web Server and EPR DICOM viewer (EPR-Viewer). In the EPR-GW and EPR-Viewer, the security modules of Digital Signature and Authentication are integrated to perform the security processing on the EPR data with integrity and authenticity. The privacy of EPR in data communication and exchanging is provided by SSL/TLS-based secure communication. This presentation gave a new approach to create and manage image-based EPR from actual patient records, and also presented a way to use Web technology and DICOM standard to build an open architecture for collaborative medical applications.

Advanced Micro Grid Energy Management Coupled with Integrated Volt/VAR Control for Improved Energy Efficiency, Energy Security, and Power Quality at DoD Installations

DTIC Science & Technology

2016-10-28

assumptions. List of Assumptions: Price of electrical energy : $0.07/kWh flat rate for energy at the base Price of peak power: $15/MW peak power...EW-201147) Advanced Micro-Grid Energy Management Coupled with Integrated Volt/VAR Control for Improved Energy Efficiency, Energy Security, and...12-C-0002 5b. GRANT NUMBER Advanced Micro-Grid Energy Management Coupled with Integrated Volt/VAR Control for Improved Energy Efficiency, Energy

Physical Watermarking for Securing Cyber-Physical Systems via Packet Drop Injections

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ozel, Omur; Weekrakkody, Sean; Sinopoli, Bruno

Physical watermarking is a well known solution for detecting integrity attacks on Cyber-Physical Systems (CPSs) such as the smart grid. Here, a random control input is injected into the system in order to authenticate physical dynamics and sensors which may have been corrupted by adversaries. Packet drops may naturally occur in a CPS due to network imperfections. To our knowledge, previous work has not considered the role of packet drops in detecting integrity attacks. In this paper, we investigate the merit of injecting Bernoulli packet drops into the control inputs sent to actuators as a new physical watermarking scheme. Withmore » the classical linear quadratic objective function and an independent and identically distributed packet drop injection sequence, we study the effect of packet drops on meeting security and control objectives. Our results indicate that the packet drops could act as a potential physical watermark for attack detection in CPSs.« less

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Food Security Framings within the UK and the Integration of Local Food Systems

ERIC Educational Resources Information Center

Kirwan, James; Maye, Damian

2013-01-01

This paper provides a critical interpretation of food security politics in the UK. It applies the notion of food security collective action frames to assess how specific action frames are maintained and contested. The interdependency between scale and framing in food security discourse is also scrutinised. It does this through an examination of…

Service Oriented Architecture Security Risks and their Mitigation

DTIC Science & Technology

2012-10-01

this section can be mitigated by making use of suitable authentication , confidentiality, integrity, and authorisation standards such as Security...for authorisation . Machines/non-human users should be clearly identified and authenticated by the identity provision and authentication services... authentication , any security related attributes for the subject, and the authorisation decisions given based on the security and privilege attributes

High-Speed Large-Alphabet Quantum Key Distribution Using Photonic Integrated Circuits

DTIC Science & Technology

2014-01-28

polarizing beam splitter, TDC: time-to-digital converter. Extra&loss& photon/bin frame size QSER secure bpp ECC secure&key&rate& none& 0.0031 64 14...to-digital converter. photon/frame frame size QSER secure bpp ECC secure&key& rate& 1.3 16 9.5 % 2.9 layered LDPC 7.3&Mbps& Figure 24: Operating

Laser housing having integral mounts and method of manufacturing same

DOEpatents

Herron, Michael Alan; Brickeen, Brian Keith

2004-10-19

A housing adapted to position, support, and facilitate aligning various components, including an optical path assembly, of a laser. In a preferred embodiment, the housing is constructed from a single piece of material and broadly comprises one or more through-holes; one or more cavities; and one or more integral mounts, wherein the through-holes and the cavities cooperate to define the integral mounts. Securement holes machined into the integral mounts facilitate securing components within the integral mounts using set screws, adhesive, or a combination thereof. In a preferred method of making the housing, the through-holes and cavities are first machined into the single piece of material, with at least some of the remaining material forming the integral mounts.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

PubMed

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-12-17

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

PubMed Central

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-01-01

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

The Brazilian school feeding programme: an example of an integrated programme in support of food and nutrition security.

PubMed

Sidaner, Emilie; Balaban, Daniel; Burlandy, Luciene

2013-06-01

The present paper analyses the advances and challenges of the school feeding programme in Brazil (PNAE), as part of the Brazilian experience building up an integrated food and nutrition security national system. It explores the role of policy and regulatory frameworks in constructing quality service delivery and intersectoral integration. Review of PNAE and federal government technical documents and studies, legislation, minutes of meetings and official documents of the National Council of Food and Nutrition Security from 2003 to 2011. Food insecurity has decreased significantly in Brazil in the last decade, indicating that appropriate choices were made in terms of public policies and institutional arrangements, which other countries can learn from. Brazil food and nutrition security system; school feeding; school food. Brazil's integrated food and nutrition security policy approach promoted intersectorality in the food system, articulating actions to guarantee access to healthy food and to strengthen family farming. The quality of school meals has progressively improved; in particular, the availability of fruits and vegetables increased. However, national standards regarding menu composition have not yet been met. Regulations were an important factor, along with the policy approach linking food production, nutrition, health and education. Challenges are related to conflict of interests and to farmers' insufficient capacity to meet supply requirements and comply with technical procedures. Local food production, school meals and nutrition education can be linked through integrated programmes and policies, improving access to healthier foods. Government leadership, strong legislation, civil society participation and intersectoral decision making are determinant.

European security framework for healthcare.

PubMed

Ruotsalainen, Pekka; Pohjonen, Hanna

2003-01-01

eHealth and telemedicine services are promising business areas in Europe. It is clear that eHealth products and services will be sold and ordered from a distance and over national borderlines in the future. However, there are many barriers to overcome. For both national and pan-European eHealth and telemedicine applications a common security framework is needed. These frameworks set security requirements needed for cross-border eHealth services. The next step is to build a security infrastructure which is independent of technical platforms. Most of the European eHealth platforms are regional or territorial. Some countries are looking for a Public Key Infrastructure, but no large scale solutions do exist in healthcare. There is no clear candidate solution for European-wide interoperable eHealth platform. Gross-platform integration seems to be the most practical integration method at a European level in the short run. The use of Internet as a European integration platform is a promising solution in the long run.

R&D100: IC ID

ScienceCinema

Hamlet, Jason; Pierson, Lyndon; Bauer, Todd

2018-06-25

Supply chain security to detect, deter, and prevent the counterfeiting of networked and stand-alone integrated circuits (ICs) is critical to cyber security. Sandia National Laboratory researchers have developed IC ID to leverage Physically Unclonable Functions (PUFs) and strong cryptographic authentication to create a unique fingerprint for each integrated circuit. IC ID assures the authenticity of ICs to prevent tampering or malicious substitution.

Scheduling multimedia services in cloud computing environment

NASA Astrophysics Data System (ADS)

Liu, Yunchang; Li, Chunlin; Luo, Youlong; Shao, Yanling; Zhang, Jing

2018-02-01

Currently, security is a critical factor for multimedia services running in the cloud computing environment. As an effective mechanism, trust can improve security level and mitigate attacks within cloud computing environments. Unfortunately, existing scheduling strategy for multimedia service in the cloud computing environment do not integrate trust mechanism when making scheduling decisions. In this paper, we propose a scheduling scheme for multimedia services in multi clouds. At first, a novel scheduling architecture is presented. Then, We build a trust model including both subjective trust and objective trust to evaluate the trust degree of multimedia service providers. By employing Bayesian theory, the subjective trust degree between multimedia service providers and users is obtained. According to the attributes of QoS, the objective trust degree of multimedia service providers is calculated. Finally, a scheduling algorithm integrating trust of entities is proposed by considering the deadline, cost and trust requirements of multimedia services. The scheduling algorithm heuristically hunts for reasonable resource allocations and satisfies the requirement of trust and meets deadlines for the multimedia services. Detailed simulated experiments demonstrate the effectiveness and feasibility of the proposed trust scheduling scheme.

Freshwater as shared between society and ecosystems: from divided approaches to integrated challenges.

PubMed

Falkenmark, Malin

2003-12-29

The paper has its focus on water's key functions behind ecosystem dynamics and the water-related balancing involved in a catchment-based ecosystem approach. A conceptual framework is being developed to address fundamental trade-offs between humans and ecosystems. This is done by paying attention to society's unavoidable landscape modifications and their unavoidable ecological effects mediated by water processes. Because the coevolution of societal and environmental processes indicates resonance rather than a cause-effect relationship, humanity will have to learn to live with change while securing ecosystem resilience. In view of the partial incompatibility of the social imperative of the millennium goals and its environmental sustainability goal, human activities and ecosystems have to be orchestrated for compatibility. To this end a catchment-based approach has to be taken by integrating water, land use and ecosystems. It is being suggested that ecosystem protection has to be thought of in two scales: site-specific biotic landscape components to be protected for their social value, and a catchment-based ecosystem approach to secure sustainable supply of crucial ecosystem goods and services on which social and economic development depends.

Integration of Control Algorithms for Quadrotor UAV’s Using an Indoor Sensor Environment

DTIC Science & Technology

2011-09-01

PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE Unclassified 19. SECURITY...gorgeous wife, Maggie, thank you for your loving support and continuous study snacks . xvi THIS PAGE INTENTIONALLY LEFT BLANK 1 I

Software security checklist for the software life cycle

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Wolfe, T. L.; Sherif, J. S.

2002-01-01

A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Due to its criticality, security should be integrated as a formal approach in the software life cycle.

Interactive Programming Support for Secure Software Development

ERIC Educational Resources Information Center

Xie, Jing

2012-01-01

Software vulnerabilities originating from insecure code are one of the leading causes of security problems people face today. Unfortunately, many software developers have not been adequately trained in writing secure programs that are resistant from attacks violating program confidentiality, integrity, and availability, a style of programming…

High Assurance Models for Secure Systems

ERIC Educational Resources Information Center

Almohri, Hussain M. J.

2013-01-01

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

Interrelatedness of child health, protection and well-being: an application of the SAFE model in Rwanda.

PubMed

Betancourt, Theresa S; Williams, Timothy P; Kellner, Sarah E; Gebre-Medhin, Joy; Hann, Katrina; Kayiteshonga, Yvonne

2012-05-01

This study examines the core components of children's basic security and well-being in order to examine issues central to improving child protection in Rwanda. Sources of data included 15 focus groups with adults, 7 focus groups with children ages 10-17, and 11 key informant interviews with child protection stakeholders, including representatives from international NGOs, community-based groups, and the Rwandan Government, all of which took place in April and May of 2010. Participants painted a complex picture of threats to children's basic security in Rwanda. Three key themes were pervasive across all interviews: (1) deterioration of social and community cohesion in post-genocide Rwanda; (2) the cascading effects of poverty; and (3) the impact of caregiver illness and death on the caregiving environment. Consistent with the SAFE (Safety/freedom from harm; Access to basic physiological needs and healthcare; Family and connection to others; Education and economic security) model of child protection, participants rarely elaborated on a child protection threat independent of other basic security needs and rights. Findings suggest a need for integrated approaches to child protection that recognize this interrelatedness and extend beyond issue-specific child protection responses. This study contributes to a growing body of work highlighting the interrelated nature of child protection threats and the implications of adaptive and dangerous survival strategies that children and families engage in to meet their basic security needs. Analysis of this interrelatedness provides a roadmap for improving policies and implementing integrated and robust child protection strategies in Rwanda and other settings. Copyright © 2012 Elsevier Ltd. All rights reserved.

Computer-generated holograms and diffraction gratings in optical security applications

NASA Astrophysics Data System (ADS)

Stepien, Pawel J.

2000-04-01

The term 'computer generated hologram' (CGH) describes a diffractive structure strictly calculated and recorded to diffract light in a desired way. The CGH surface profile is a result of the wavefront calculation rather than of interference. CGHs are able to form 2D and 3D images. Optically, variable devices (OVDs) composed of diffractive gratings are often used in security applications. There are various types of optically and digitally recorded gratings in security applications. Grating based OVDs are used to record bright 2D images with limited range of cinematic effects. These effects result form various orientations or densities of recorded gratings. It is difficult to record high quality OVDs of 3D objects using gratings. Stereo grams and analogue rainbow holograms offer 3D imaging, but they are darker and have lower resolution than grating OVDs. CGH based OVDs contains unlimited range of cinematic effects and high quality 3D images. Images recorded using CGHs are usually more noisy than grating based OVDs, because of numerical inaccuracies in CGH calculation and mastering. CGH based OVDs enable smooth integration of hidden and machine- readable features within an OVD design.

2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference

DTIC Science & Technology

2017-11-15

beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and

Leveraging social media for flood emergency management: an experience in Campania region (southern Italy)

NASA Astrophysics Data System (ADS)

Biafore, Mauro

2017-04-01

Campania is the Italian region with the highest population density (419 inhabitants/km2). Almost 20% of its territory (13669 km2) is exposed to severe hydrogeological risk scenarios, triggered by extreme rainfall events with duration ranging from a few tens of minutes to several hours. Many of these risk scenarios can only be mitigated by non-structural measures, which are mainly designed to increase the resilience of the exposed communities. Several studies have evidenced that the effectiveness of civil protection actions can be enhanced by using social media for disseminating and collecting information relevant for crisis preparedness, response and recovery. However, the application of social media in the management of hydrogeological risks is still in its infancy. The civil protection of Campania Region, as part of a FP7 project called SUPER (Social sensors for secUrity Assessments and Proactive EmeRgencies management), has been validating an integrated framework enabling optimal blending of social media in the emergency management processes. The SUPER project is a joint effort of social media experts (including social network providers) and security experts (including security and civil protection agencies), towards introducing an integrated and privacy-friendly approach to the use of social media in emergencies and security incidents. As part of the project outcomes, the "SUPER platform" has been developed. It consists of a set of social media processing components integrated in a Common Operational Picture, designed for supporting security and emergency management. A demonstration was primarily setup to evaluate how the SUPER platform can effectively facilitate the exploitation of social media data for improving civil protection actions during a simulated emergency scenario. To this purpose, a civil protection exercise took place in the city of Sorrento (Naples, Italy), involving tens of volunteers and emergency operators. The simulated emergency scenario was represented by simultaneous flash floods associated with shallow landslides, triggered by a severe thunderstorm in the city centre of Sorrento. Volunteers on the field simulated the social media engagement during such an event. The SUPER platform was successfully evaluated with respect to the following real-time operations: i) filtering the relevant information posted on Twitter during the simulated emergency; ii) geo-localising the relevant information within the Command Operational Picture; iii) enhancing the situation awareness at Command and Control level.

Providing security assurance in line with national DBT assumptions

NASA Astrophysics Data System (ADS)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the field of physical and cyber protection. These national regulations have to be met later on by I&C platform suppliers, electrical systems suppliers, system integrators and turn-key providers.

Robotic inspection for vehicle-borne contraband

NASA Astrophysics Data System (ADS)

Witus, Gary; Gerhart, Grant; Smuda, W.; Andrusz, H.

2006-05-01

Vehicle-borne smuggling is widespread because of the availability, flexibility and capacity of the cars and trucks. Inspecting vehicles at border crossings and checkpoints are key security elements. At the present time, most vehicle security inspections at home and abroad are conducted manually. Remotely operated vehicle inspection robots could be integrated into the operating procedures to improve throughput while reducing the workload burden on security personnel. The robotic inspection must be effective at detecting contraband and efficient at clearing the "clean" vehicles that make up the bulk of the traffic stream, while limiting the workload burden on the operators. In this paper, we present a systems engineering approach to robotic vehicle inspection. We review the tactics, techniques and procedures to interdict contraband. We present an operational concept for robotic vehicle inspection within this framework, and identify needed capabilities. We review the technologies currently available to meet these needs. Finally, we summarize the immediate potential and R&D challenges for effective contraband detection robots.

AST: Activity-Security-Trust driven modeling of time varying networks.

PubMed

Wang, Jian; Xu, Jiake; Liu, Yanheng; Deng, Weiwen

2016-02-18

Network modeling is a flexible mathematical structure that enables to identify statistical regularities and structural principles hidden in complex systems. The majority of recent driving forces in modeling complex networks are originated from activity, in which an activity potential of a time invariant function is introduced to identify agents' interactions and to construct an activity-driven model. However, the new-emerging network evolutions are already deeply coupled with not only the explicit factors (e.g. activity) but also the implicit considerations (e.g. security and trust), so more intrinsic driving forces behind should be integrated into the modeling of time varying networks. The agents undoubtedly seek to build a time-dependent trade-off among activity, security, and trust in generating a new connection to another. Thus, we reasonably propose the Activity-Security-Trust (AST) driven model through synthetically considering the explicit and implicit driving forces (e.g. activity, security, and trust) underlying the decision process. AST-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the effects of security and trust in driving network evolution, and improving the biases induced by only involving activity representations in analyzing the dynamical processes.

Bayesian performance metrics and small system integration in recent homeland security and defense applications

NASA Astrophysics Data System (ADS)

Jannson, Tomasz; Kostrzewski, Andrew; Patton, Edward; Pradhan, Ranjit; Shih, Min-Yi; Walter, Kevin; Savant, Gajendra; Shie, Rick; Forrester, Thomas

2010-04-01

In this paper, Bayesian inference is applied to performance metrics definition of the important class of recent Homeland Security and defense systems called binary sensors, including both (internal) system performance and (external) CONOPS. The medical analogy is used to define the PPV (Positive Predictive Value), the basic Bayesian metrics parameter of the binary sensors. Also, Small System Integration (SSI) is discussed in the context of recent Homeland Security and defense applications, emphasizing a highly multi-technological approach, within the broad range of clusters ("nexus") of electronics, optics, X-ray physics, γ-ray physics, and other disciplines.

Safe and Secure Partitioning with Pikeos: Towards Integrated Modular Avionics in Space

NASA Astrophysics Data System (ADS)

Almeida, J.; Prochazka, M.

2009-05-01

This paper presents our approach to logical partitioning of spacecraft onboard software. We present PikeOS, a separation micro-kernel which applies the state-of-the- art techniques and widely recognised standards such as ARINC 653 and MILS in order to guarantee safety and security properties of partitions executing software with different criticality and confidentiality. We provide an overview of our approach, also used in the Securely Partitioning Spacecraft Computing Resources project, an ESA TRP contract, which shifts spacecraft onboard software development towards the Integrated Modular Avionics concept with relevance for dual-use military and civil missions.

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

SPAR: a security- and power-aware routing protocol for wireless ad hoc and sensor networks

NASA Astrophysics Data System (ADS)

Oberoi, Vikram; Chigan, Chunxiao

2005-05-01

Wireless Ad Hoc and Sensor Networks (WAHSNs) are vulnerable to extensive attacks as well as severe resource constraints. To fulfill the security needs, many security enhancements have been proposed. Like wise, from resource constraint perspective, many power aware schemes have been proposed to save the battery power. However, we observe that for the severely resource limited and extremely vulnerable WAHSNs, taking security or power (or any other resource) alone into consideration for protocol design is rather inadequate toward the truly "secure-and-useful" WAHSNs. For example, from resource constraint perspective, we identify one of the potential problems, the Security-Capable-Congestion (SCC) behavior, for the WAHSNs routing protocols where only the security are concerned. On the other hand, the design approach where only scarce resource is concerned, such as many power-aware WAHSNs protocols, leaves security unconsidered and is undesirable to many WAHSNs application scenarios. Motivated by these observations, we propose a co-design approach, where both the high security and effective resource consumption are targeted for WAHSNs protocol design. Specifically, we propose a novel routing protocol, Security- and Power- Aware Routing (SPAR) protocol based on this co-design approach. In SPAR, the routing decisions are made based on both security and power as routing criteria. The idea of the SPAR mechanism is routing protocol independent and therefore can be broadly integrated into any of the existing WAHSNs routing protocols. The simulation results show that SPAR outperforms the WAHSNs routing protocols where security or power alone is considered, significantly. This research finding demonstrates the proposed security- and resource- aware co-design approach is promising towards the truly "secure-and-useful" WAHSNs.

One health security: an important component of the global health security agenda.

PubMed

Gronvall, Gigi; Boddie, Crystal; Knutsson, Rickard; Colby, Michelle

2014-01-01

The objectives of the Global Health Security Agenda (GHSA) will require not only a "One Health" approach to counter natural disease threats against humans, animals, and the environment, but also a security focus to counter deliberate threats to human, animal, and agricultural health and to nations' economies. We have termed this merged approach "One Health Security." It will require the integration of professionals with expertise in security, law enforcement, and intelligence to join the veterinary, agricultural, environmental, and human health experts essential to One Health and the GHSA. Working across such different professions, which occasionally have conflicting aims and different professional cultures, poses multiple challenges, but a multidisciplinary and multisectoral approach is necessary to prevent disease threats; detect them as early as possible (when responses are likely to be most effective); and, in the case of deliberate threats, find who may be responsible. This article describes 2 project areas that exemplify One Health Security that were presented at a workshop in January 2014: the US government and private industry efforts to reduce vulnerabilities to foreign animal diseases, especially foot-and-mouth disease; and AniBioThreat, an EU project to counter deliberate threats to agriculture by raising awareness and implementing prevention and response policies and practices.

Cyber security with radio frequency interferences mitigation study for satellite systems

NASA Astrophysics Data System (ADS)

Wang, Gang; Wei, Sixiao; Chen, Genshe; Tian, Xin; Shen, Dan; Pham, Khanh; Nguyen, Tien M.; Blasch, Erik

2016-05-01

Satellite systems including the Global Navigation Satellite System (GNSS) and the satellite communications (SATCOM) system provide great convenience and utility to human life including emergency response, wide area efficient communications, and effective transportation. Elements of satellite systems incorporate technologies such as navigation with the global positioning system (GPS), satellite digital video broadcasting, and information transmission with a very small aperture terminal (VSAT), etc. The satellite systems importance is growing in prominence with end users' requirement for globally high data rate transmissions; the cost reduction of launching satellites; development of smaller sized satellites including cubesat, nanosat, picosat, and femtosat; and integrating internet services with satellite networks. However, with the promising benefits, challenges remain to fully develop secure and robust satellite systems with pervasive computing and communications. In this paper, we investigate both cyber security and radio frequency (RF) interferences mitigation for satellite systems, and demonstrate that they are not isolated. The action space for both cyber security and RF interferences are firstly summarized for satellite systems, based on which the mitigation schemes for both cyber security and RF interferences are given. A multi-layered satellite systems structure is provided with cross-layer design considering multi-path routing and channel coding, to provide great security and diversity gains for secure and robust satellite systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Batiste, Merida; Bentz, Misty C.; Manne-Nicholas, Emily R.

We present new bulge stellar velocity dispersion measurements for 10 active galaxies with secure M {sub BH} determinations from reverberation mapping. These new velocity dispersion measurements are based on spatially resolved kinematics from integral-field (IFU) spectroscopy. In all but one case, the field of view of the IFU extends beyond the effective radius of the galaxy, and in the case of Mrk 79 it extends to almost one half the effective radius. This combination of spatial resolution and field of view allows for secure determinations of stellar velocity dispersion within the effective radius for all 10 target galaxies. Spatially resolvedmore » maps of the first ( V ) and second ( σ {sub ⋆}) moments of the line of sight velocity distribution indicate the presence of kinematic substructure in most cases. In future projects we plan to explore methods of correcting for the effects of kinematic substructure in the derived bulge stellar velocity dispersion measurements.« less

The BRAVE Program. I. Improved Bulge Stellar Velocity Dispersion Estimates for a Sample of Active Galaxies

NASA Astrophysics Data System (ADS)

Batiste, Merida; Bentz, Misty C.; Manne-Nicholas, Emily R.; Onken, Christopher A.; Bershady, Matthew A.

2017-02-01

We present new bulge stellar velocity dispersion measurements for 10 active galaxies with secure MBH determinations from reverberation mapping. These new velocity dispersion measurements are based on spatially resolved kinematics from integral-field (IFU) spectroscopy. In all but one case, the field of view of the IFU extends beyond the effective radius of the galaxy, and in the case of Mrk 79 it extends to almost one half the effective radius. This combination of spatial resolution and field of view allows for secure determinations of stellar velocity dispersion within the effective radius for all 10 target galaxies. Spatially resolved maps of the first (V) and second (σ⋆) moments of the line of sight velocity distribution indicate the presence of kinematic substructure in most cases. In future projects we plan to explore methods of correcting for the effects of kinematic substructure in the derived bulge stellar velocity dispersion measurements.

76 FR 19174 - In the Matter of Circuit Systems, Inc., Global Energy Group, Inc., Integrated Medical Resources...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... SECURITIES AND EXCHANGE COMMISSION File No. 500-1 In the Matter of Circuit Systems, Inc., Global Energy Group, Inc., Integrated Medical Resources, Inc., iNTELEFILM Corp., and Lot$off Corp.; Order of Suspension of Trading April 4, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information...

Strict integrity control of biomedical images

NASA Astrophysics Data System (ADS)

Coatrieux, Gouenou; Maitre, Henri; Sankur, Bulent

2001-08-01

The control of the integrity and authentication of medical images is becoming ever more important within the Medical Information Systems (MIS). The intra- and interhospital exchange of images, such as in the PACS (Picture Archiving and Communication Systems), and the ease of copying, manipulation and distribution of images have brought forth the security aspects. In this paper we focus on the role of watermarking for MIS security and address the problem of integrity control of medical images. We discuss alternative schemes to extract verification signatures and compare their tamper detection performance.

Safeguards and Security by Design (SSBD) for Small Modular Reactors (SMRs) through a Common Global Approach

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badwan, Faris M.; Demuth, Scott Francis; Miller, Michael Conrad

Small Modular Reactors (SMR) with power levels significantly less than the currently standard 1000 to 1600-MWe reactors have been proposed as a potential game changer for future nuclear power. SMRs may offer a simpler, more standardized, and safer modular design by using factory built and easily transportable components. Additionally, SMRs may be more easily built and operated in isolated locations, and may require smaller initial capital investment and shorter construction times. Because many SMRs designs are still conceptual and consequently not yet fixed, designers have a unique opportunity to incorporate updated design basis threats, emergency preparedness requirements, and then fullymore » integrate safety, physical security, and safeguards/material control and accounting (MC&A) designs. Integrating safety, physical security, and safeguards is often referred to as integrating the 3Ss, and early consideration of safeguards and security in the design is often referred to as safeguards and security by design (SSBD). This paper describes U.S./Russian collaborative efforts toward developing an internationally accepted common approach for implementing SSBD/3Ss for SMRs based upon domestic requirements, and international guidance and requirements. These collaborative efforts originated with the Nuclear Energy and Nuclear Security working group established under the U.S.-Russia Bilateral Presidential Commission during the 2009 Presidential Summit. Initial efforts have focused on review of U.S. and Russian domestic requirements for Security and MC&A, IAEA guidance for security and MC&A, and IAEA requirements for international safeguards. Additionally, example SMR design features that can enhance proliferation resistance and physical security have been collected from past work and reported here. The development of a U.S./Russian common approach for SSBD/3Ss should aid the designer of SMRs located anywhere in the world. More specifically, the application of this approach may lead to more proliferation resistant and physically secure design features for SMRs.« less

Barriers to Securing Data on Bluetooth®-Enabled Mobile Devices: A Phenomenological Study

ERIC Educational Resources Information Center

Hines, Natasha

2015-01-01

Company data on mobile devices is vulnerable and subject to unauthorized access. The general problem is that information security incidents compromise the integrity and authenticity of electronic data. The specific problem is that organizational security policies, procedures, and training do not adequately address the vulnerabilities associated…

75 FR 60488 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-30

... decisions. Data elements with respect to the SHORT subscription service that would be provided through the... information about technical data elements to support transmission and data-integrity processes between the... Securities and Exchange Commission (``Commission''), pursuant to Section 19(b)(1) of the Securities [[Page...

A Computational Model and Multi-Agent Simulation for Information Assurance

DTIC Science & Technology

2002-06-01

Podell , Information Security: an Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, 1994. Brinkley, D. L. and Schell, R...R., “What is There to Worry About? An Introduction to the Computer Security Problem,” ed. Abrams and Jajodia and Podell , Information Security: an

Getting Employees Involved in Information Security: The Case of Strong Passwords

ERIC Educational Resources Information Center

Taylor, Richard G.

2009-01-01

With the increasing amount and severity of information security incidents, organizations are constantly looking for better ways to protect their information. The implementation of physical safeguards such as firewalls and intrusion detection systems is an integral part on an organization's overall information security; however these safeguards…

78 FR 2953 - National Cybersecurity Center of Excellence (NCCoE) Secure Exchange of Electronic Health...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-15

...-01] National Cybersecurity Center of Excellence (NCCoE) Secure Exchange of Electronic Health... the National Cybersecurity Center of Excellence (NCCoE) in the Secure Exchange of Electronic Health... accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE will bring...

The Myth about IT Security

ERIC Educational Resources Information Center

Oblinger, Diana G.; Hawkins, Brian L.

2006-01-01

Seeing an institution's name in the headlines for a security breach may be among a CIO's-- and a president's--worst nightmares. Whether the breached data involves social security numbers, credit card accounts, clinical records, or research, this is bad news. Federal agencies that provide research funding may lose confidence in data integrity,…

Addressing software security risk mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2003-01-01

The NASA Office of Safety and Mission Assurance (OSMA) has funded the Jet Propulsion Laboratory (JPL) with a Center Initiative, 'Reducing Software Security Risk through an Integrated Approach' (RSSR), to address this need. The Initiative is a formal approach to addressing software security in the life cycle through the instantiation of a Software Security Assessment Instrument (SSAI) for the development and maintenance life cycles.

Integrating Programming Language and Operating System Information Security Mechanisms

DTIC Science & Technology

2016-08-31

suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

Stonework or Sandcastle? Asia’s Regional Security Forum.

DTIC Science & Technology

1995-07-01

security without equal security for all," and "with the growing interdependence of states, the differences in economic and social systems, ideologies... social integration, and historical background . . . [W]e cannot directly apply a European model to the different security environment of the Asia...contentious issue of human rights, a prominent theme in CSCE, along with pressures from Western countries on social , political and environmental

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

LANL Safeguards and Security Assurance Program. Revision 6

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

1995-04-03

The Safeguards and Security (S and S) Assurance Program provides a continuous quality improvement approach to ensure effective, compliant S and S program implementation throughout the Los Alamos National Laboratory. Any issues identified through the various internal and external assessments are documented, tracked and closed using the Safeguards and Security Issue Management Program. The Laboratory utilizes an integrated S and S systems approach to protect US Department of Energy (DOE) interests from theft or diversion of special nuclear material (SNM), sabotage, espionage, loss or theft of classified/controlled matter or government property, and other hostile acts that may cause unacceptable impactsmore » on national security, health and safety of employees and the public, and the environment. This document explains the basis, scope, and conduct of the S and S process to include: self-assessments, issue management, risk assessment, and root cause analysis. It also provides a discussion of S and S topical areas, roles and responsibilities, process flow charts, minimum requirements, methodology, terms, and forms.« less

FlySec: a risk-based airport security management system based on security as a service concept

NASA Astrophysics Data System (ADS)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Green Secure Processors: Towards Power-Efficient Secure Processor Design

NASA Astrophysics Data System (ADS)

Chhabra, Siddhartha; Solihin, Yan

With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

Perimeter security alarm system based on fiber Bragg grating

NASA Astrophysics Data System (ADS)

Zhang, Cui; Wang, Lixin

2010-11-01

With the development of the society and economy and the improvement of living standards, people need more and more pressing security. Perimeter security alarm system is widely regarded as the first line of defense. A highly sensitive Fiber Bragg grating (FBG) vibration sensor based on the theory of the string vibration, combined with neural network adaptive dynamic programming algorithm for the perimeter security alarm system make the detection intelligently. Intelligent information processing unit identify the true cause of the vibration of the invasion or the natural environment by analyzing the frequency of vibration signals, energy, amplitude and duration. Compared with traditional perimeter security alarm systems, such as infrared perimeter security system and electric fence system, FBG perimeter security alarm system takes outdoor passive structures, free of electromagnetic interference, transmission distance through optical fiber can be as long as 20 km It is able to detect the location of event within short period of time (high-speed response, less than 3 second).This system can locate the fiber cable's breaking sites and alarm automatically if the cable were be cut. And the system can prevent effectively the false alarm from small animals, birds, strong wind, scattering things, snowfalls and vibration of sensor line itself. It can also be integrated into other security systems. This system can be widely used in variety fields such as military bases, nuclear sites, airports, warehouses, prisons, residence community etc. It will be a new force of perimeter security technology.

Supporting the Use of CERT (registered trademark) Secure Coding Standards in DoD Acquisitions

DTIC Science & Technology

2012-07-01

Capability Maturity Model IntegrationSM (CMMI®) [Davis 2009]. SM Team Software Process, TSP, and Capability Maturity Model Integration are service...STP Software Test Plan TEP Test and Evaluation Plan TSP Team Software Process V & V verification and validation CMU/SEI-2012-TN-016 | 47...Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions Tim Morrow ( Software Engineering Institute) Robert Seacord ( Software

The need for integration of drought monitoring tools for proactive food security management in sub-Saharan Africa

USGS Publications Warehouse

Tadesse, T.; Haile, M.; Senay, G.; Wardlow, B.D.; Knutson, C.L.

2008-01-01

Reducing the impact of drought and famine remains a challenge in sub-Saharan Africa despite ongoing drought relief assistance in recent decades. This is because drought and famine are primarily addressed through a crisis management approach when a disaster occurs, rather than stressing preparedness and risk management. Moreover, drought planning and food security efforts have been hampered by a lack of integrated drought monitoring tools, inadequate early warning systems (EWS), and insufficient information flow within and between levels of government in many sub-Saharan countries. The integration of existing drought monitoring tools for sub-Saharan Africa is essential for improving food security systems to reduce the impacts of drought and famine on society in this region. A proactive approach emphasizing integration requires the collective use of multiple tools, which can be used to detect trends in food availability and provide early indicators at local, national, and regional scales on the likely occurrence of food crises. In addition, improving the ability to monitor and disseminate critical drought-related information using available modern technologies (e.g., satellites, computers, and modern communication techniques) may help trigger timely and appropriate preventive responses and, ultimately, contribute to food security and sustainable development in sub-Saharan Africa. ?? 2008 United Nations.

Alternative Futures: United States Air Force Security Police in the Twenty-First Century

DTIC Science & Technology

1988-04-01

34What policies should today’s Air Force leadership be pursuing to prepare for tomorrow’s combat support and security police roles?’ The monograph...Further, it addresses the capability of the Air Force to respond to its future combat support and security police missions and their integration into the...security police organizations. His most recent assignments were as the deputy commander of a combat support group and the commander of a security police

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2003-01-01

Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2004-01-01

Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Cyber security best practices for the nuclear industry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badr, I.

2012-07-01

When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

DICOM image secure communications with Internet protocols IPv6 and IPv4.

PubMed

Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

2007-01-01

Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

Security in the CernVM File System and the Frontier Distributed Database Caching System

NASA Astrophysics Data System (ADS)

Dykstra, D.; Blomer, J.

2014-06-01

Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the authenticity and integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently Frontier has added X.509-based authenticity and integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

Security challenges in integration of a PHR-S into a standards based national EHR.

PubMed

Mense, Alexander; Hoheiser Pförtner, Franz; Sauermann, Stefan

2014-01-01

Health related data provided by patients themselves is expected to play a major role in future healthcare. Data from personal health devices, vaccination records, health diaries or observations of daily living, for instance, is stored in personal health records (PHR) which are maintained by personal health record systems (PHR-S). Combining this information with medical records provided by healthcare providers in electronic health records (EHR) is one of the next steps towards "personal care". Austria currently sets up a nationwide EHR system that incorporates all healthcare providers and is technically based on international standards (IHE, HL7, OASIS, ...). Looking at the expected potential of merging PHR and EHR data it is worth to analyse integration approaches. Although knowing that an integration requires the coordination of processes, information models and technical architectures, this paper specifically focuses on security issues by evaluating general security requirements for a PHR-S (based on HL7 PHR-S FM), comparing them with the information security specifications for the Austrian's national EHR (based on ISO/IES 27000 series) and identifying the main challenges as well as possible approaches.

Sustainable integrated farming system: A solution for national food security and sovereignty

NASA Astrophysics Data System (ADS)

Ansar, M.; Fathurrahman

2018-05-01

This paper provides a comprehensive review of literature related to food security. The world food crisis is a threat to all countries, including Indonesia. The problem of food security in Indonesia is still happening, particularly, aspects of production and increasingly unbalanced food availability. Due to the increasing rate of population growth, land functional shift, degradation of land resources and water, as well as environmental pollution and climate change. Food production has not been able to meet the needs of the population continuously. Therefore, the food policy paradigm applied in Indonesia must change from food security to food independence. Thus, Indonesia is not dependent on other countries. Food diversification is one of the best policies to be implemented in achieving food independence and anticipating the food crisis. Food diversification utilizes land optimally by developing an integrated farming system. The integrated farming system is an efficient and environmentally agricultural system. It is able to utilize sustainable agriculture development, followed by the development of participatory technology (Participatory Technology Development) which refers to the local wisdom of the community.

Addressing the Challenges of Collective Security in West Africa: In View of Recent Conflicts

DTIC Science & Technology

2017-06-09

Distribution is Unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT Understanding that achieving peace and security is a primary condition for an economic ...condition for an economic integration, ECOWAS has developped various approachs in resolving crises and overcoming threats within West Africa. Using...System CS Collective Security CSO Civil Society Organizations CSS Center for Security Studies EAC East Africa Community ECCAS Economic Community of

BALKANS SECURITY. Current and Projected Factors Affecting Regional Stability

DTIC Science & Technology

2000-04-01

Security Briefing Section II Current Situation in Kosovo and Bosnia primary responsibility for public security in Kosovo. 6 According to a senior KFOR...Integrity * Reliability GAO/NSIAD-00-125BR „.c-miBUTION STATEMENT A ApSwed for Public Release Contents Letter Briefing Section Appendixes Tables...Figures Briefing Section I: Background Briefing Section II: Current Situation in Kosovo and Bosnia Briefing Section III: Projected Security Situation

Secure smart grid communications and information integration based on digital watermarking in wireless sensor networks

NASA Astrophysics Data System (ADS)

Yan, Xin; Zhang, Ling; Wu, Yang; Luo, Youlong; Zhang, Xiaoxing

2017-02-01

As more and more wireless sensor nodes and networks are employed to acquire and transmit the state information of power equipment in smart grid, we are in urgent need of some viable security solutions to ensure secure smart grid communications. Conventional information security solutions, such as encryption/decryption, digital signature and so forth, are not applicable to wireless sensor networks in smart grid any longer, where bulk messages need to be exchanged continuously. The reason is that these cryptographic solutions will account for a large portion of the extremely limited resources on sensor nodes. In this article, a security solution based on digital watermarking is adopted to achieve the secure communications for wireless sensor networks in smart grid by data and entity authentications at a low cost of operation. Our solution consists of a secure framework of digital watermarking, and two digital watermarking algorithms based on alternating electric current and time window, respectively. Both watermarking algorithms are composed of watermark generation, embedding and detection. The simulation experiments are provided to verify the correctness and practicability of our watermarking algorithms. Additionally, a new cloud-based architecture for the information integration of smart grid is proposed on the basis of our security solutions.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network.

PubMed

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-12-30

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network

PubMed Central

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-01-01

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods. PMID:28042831

Public Auditing with Privacy Protection in a Multi-User Model of Cloud-Assisted Body Sensor Networks

PubMed Central

Li, Song; Cui, Jie; Zhong, Hong; Liu, Lu

2017-01-01

Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users’ medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs’ applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs’ deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models. PMID:28475110

Public Auditing with Privacy Protection in a Multi-User Model of Cloud-Assisted Body Sensor Networks.

PubMed

Li, Song; Cui, Jie; Zhong, Hong; Liu, Lu

2017-05-05

Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users' medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs' applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs' deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models.

An Autonomic Framework for Integrating Security and Quality of Service Support in Databases

ERIC Educational Resources Information Center

Alomari, Firas

2013-01-01

The back-end databases of multi-tiered applications are a major data security concern for enterprises. The abundance of these systems and the emergence of new and different threats require multiple and overlapping security mechanisms. Therefore, providing multiple and diverse database intrusion detection and prevention systems (IDPS) is a critical…

75 FR 28253 - Privacy Act of 1974; Notice of new System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-20

... certified by the National Computer Security Association. RETENTION AND DISPOSAL: System records are retained... Agency suspects or has confirmed that the security or confidentiality of information in the system of... security or integrity of this system or other systems or programs (whether maintained by GSA or another...

75 FR 29548 - Privacy Act of 1974; Notice of New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-26

... maintained behind a firewall certified by the National Computer Security Association. RETENTION AND DISPOSAL... agencies, entities when (1) the Agency suspects or has confirmed that the security or confidentiality of..., identity theft or fraud, or harm to the security or integrity or this system or other systems or programs...

76 FR 20986 - Privacy Act of 1974; Notice of New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... but are not limited to: name, social security number, addresses, phone numbers, e- mail address, birth... persons when (1) the Agency suspects or has confirmed that the security or confidentiality of information... or fraud, or harm to the security or integrity of this system or other systems or programs (whether...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-07-01

... shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-07-01

... shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to...

77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-25

... technology security, --Cybersecurity Updates from Director of Cybersecurity, White House, --Presentation on... communications across federal agencies with the National Cybersecurity and Communications Integration Center...

Internetting tactical security sensor systems

NASA Astrophysics Data System (ADS)

Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

1998-08-01

The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control stations.

A lightweight security scheme for wireless body area networks: design, energy evaluation and proposed microprocessor design.

PubMed

Selimis, Georgios; Huang, Li; Massé, Fabien; Tsekoura, Ioanna; Ashouei, Maryam; Catthoor, Francky; Huisken, Jos; Stuyt, Jan; Dolmans, Guido; Penders, Julien; De Groot, Harmke

2011-10-01

In order for wireless body area networks to meet widespread adoption, a number of security implications must be explored to promote and maintain fundamental medical ethical principles and social expectations. As a result, integration of security functionality to sensor nodes is required. Integrating security functionality to a wireless sensor node increases the size of the stored software program in program memory, the required time that the sensor's microprocessor needs to process the data and the wireless network traffic which is exchanged among sensors. This security overhead has dominant impact on the energy dissipation which is strongly related to the lifetime of the sensor, a critical aspect in wireless sensor network (WSN) technology. Strict definition of the security functionality, complete hardware model (microprocessor and radio), WBAN topology and the structure of the medium access control (MAC) frame are required for an accurate estimation of the energy that security introduces into the WBAN. In this work, we define a lightweight security scheme for WBAN, we estimate the additional energy consumption that the security scheme introduces to WBAN based on commercial available off-the-shelf hardware components (microprocessor and radio), the network topology and the MAC frame. Furthermore, we propose a new microcontroller design in order to reduce the energy consumption of the system. Experimental results and comparisons with other works are given.

Interdisciplinary assessment of sea-level rise and climate change impacts on the lower Nile delta, Egypt.

PubMed

Sušnik, Janez; Vamvakeridou-Lyroudia, Lydia S; Baumert, Niklas; Kloos, Julia; Renaud, Fabrice G; La Jeunesse, Isabelle; Mabrouk, Badr; Savić, Dragan A; Kapelan, Zoran; Ludwig, Ralf; Fischer, Georg; Roson, Roberto; Zografos, Christos

2015-01-15

CLImate-induced changes on WAter and SECurity (CLIWASEC) was a cluster of three complementary EC-FP7 projects assessing climate-change impacts throughout the Mediterranean on: hydrological cycles (CLIMB - CLimate-Induced changes on the hydrology of Mediterranean Basins); water security (WASSERMed - Water Availability and Security in Southern EuRope and the Mediterranean) and human security connected with possible hydro-climatic conflicts (CLICO - CLImate change hydro-COnflicts and human security). The Nile delta case study was common between the projects. CLIWASEC created an integrated forum for modelling and monitoring to understand potential impacts across sectors. This paper summarises key results from an integrated assessment of potential challenges to water-related security issues, focusing on expected sea-level rise impacts by the middle of the century. We use this common focus to illustrate the added value of project clustering. CLIWASEC pursued multidisciplinary research by adopting a single research objective: sea-level rise related water security threats, resulting in a more holistic view of problems and potential solutions. In fragmenting research, policy-makers can fail to understand how multiple issues can materialize from one driver. By combining efforts, an integrated assessment of water security threats in the lower Nile is formulated, offering policy-makers a clearer picture of inter-related issues to society and environment. The main issues identified by each project (land subsidence, saline intrusion - CLIMB; water supply overexploitation, land loss - WASSERMed; employment and housing security - CLICO), are in fact related. Water overexploitation is exacerbating land subsidence and saline intrusion, impacting on employment and placing additional pressure on remaining agricultural land and the underdeveloped housing market. All these have wider implications for regional development. This richer understanding could be critical in making better policy decisions when attempting to mitigate climate and social change impacts. The CLIWASEC clustering offers an encouraging path for the new European Commission Horizon 2020 programme to follow. Copyright © 2014 Elsevier B.V. All rights reserved.

Research on key technologies of data processing in internet of things

NASA Astrophysics Data System (ADS)

Zhu, Yangqing; Liang, Peiying

2017-08-01

The data of Internet of things (IOT) has the characteristics of polymorphism, heterogeneous, large amount and processing real-time. The traditional structured and static batch processing method has not met the requirements of data processing of IOT. This paper studied a middleware that can integrate heterogeneous data of IOT, and integrated different data formats into a unified format. Designed a data processing model of IOT based on the Storm flow calculation architecture, integrated the existing Internet security technology to build the Internet security system of IOT data processing, which provided reference for the efficient transmission and processing of IOT data.

Evaluation of security algorithms used for security processing on DICOM images

NASA Astrophysics Data System (ADS)

Chen, Xiaomeng; Shuai, Jie; Zhang, Jianguo; Huang, H. K.

2005-04-01

In this paper, we developed security approach to provide security measures and features in PACS image acquisition and Tele-radiology image transmission. The security processing on medical images was based on public key infrastructure (PKI) and including digital signature and data encryption to achieve the security features of confidentiality, privacy, authenticity, integrity, and non-repudiation. There are many algorithms which can be used in PKI for data encryption and digital signature. In this research, we select several algorithms to perform security processing on different DICOM images in PACS environment, evaluate the security processing performance of these algorithms, and find the relationship between performance with image types, sizes and the implementation methods.

Secured Advanced Federated Environment (SAFE): A NASA Solution for Secure Cross-Organization Collaboration

NASA Technical Reports Server (NTRS)

Chow, Edward; Spence, Matthew Chew; Pell, Barney; Stewart, Helen; Korsmeyer, David; Liu, Joseph; Chang, Hsin-Ping; Viernes, Conan; Gogorth, Andre

2003-01-01

This paper discusses the challenges and security issues inherent in building complex cross-organizational collaborative projects and software systems within NASA. By applying the design principles of compartmentalization, organizational hierarchy and inter-organizational federation, the Secured Advanced Federated Environment (SAFE) is laying the foundation for a collaborative virtual infrastructure for the NASA community. A key element of SAFE is the Micro Security Domain (MSD) concept, which balances the need to collaborate and the need to enforce enterprise and local security rules. With the SAFE approach, security is an integral component of enterprise software and network design, not an afterthought.

6 CFR 37.15 - Physical security features for the driver's license or identification card.

Code of Federal Regulations, 2012 CFR

2012-01-01

.... (3) Level 3. Inspection by forensic specialists. (d) Document security and integrity. States must... independent laboratory experienced with adversarial analysis of identification documents concerning one or...

6 CFR 37.15 - Physical security features for the driver's license or identification card.

Code of Federal Regulations, 2014 CFR

2014-01-01

.... (3) Level 3. Inspection by forensic specialists. (d) Document security and integrity. States must... independent laboratory experienced with adversarial analysis of identification documents concerning one or...

6 CFR 37.15 - Physical security features for the driver's license or identification card.

Code of Federal Regulations, 2013 CFR

2013-01-01

.... (3) Level 3. Inspection by forensic specialists. (d) Document security and integrity. States must... independent laboratory experienced with adversarial analysis of identification documents concerning one or...

6 CFR 37.15 - Physical security features for the driver's license or identification card.

Code of Federal Regulations, 2011 CFR

2011-01-01

.... (3) Level 3. Inspection by forensic specialists. (d) Document security and integrity. States must... independent laboratory experienced with adversarial analysis of identification documents concerning one or...

Strategies for online test security.

PubMed

Hart, Leigh; Morgan, Lesley

2009-01-01

As online courses continue to increase, maintaining academic integrity in student evaluation is a challenge. The authors review several strategies, with varying degrees of cost and technology, to improve test security in the online classroom.

Cybersecurity and Resilience | Energy Systems Integration Facility | NREL

Science.gov Websites

, and offer prioritized action items to improve organizational protocols. The team is also helping and provide a prioritized list of action items for gaps in security controls. Security architectures

36 CFR § 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Privacy Act shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures...

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

PubMed

Sahi, Aqeel; Lai, David; Li, Yan

2016-11-01

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.

Supporting secure programming in web applications through interactive static analysis.

PubMed

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2014-07-01

Many security incidents are caused by software developers' failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Supporting secure programming in web applications through interactive static analysis

PubMed Central

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2013-01-01

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases. PMID:25685513

Integration of LDSE and LTVS logs with HIPAA compliant auditing system (HCAS)

NASA Astrophysics Data System (ADS)

Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Guo, Bing; Documet, Jorge; King, Nelson

2006-03-01

The deadline of HIPAA (Health Insurance Portability and Accountability Act) Security Rules has passed on February 2005; therefore being HIPAA compliant becomes extremely critical to healthcare providers. HIPAA mandates healthcare providers to protect the privacy and integrity of the health data and have the ability to demonstrate examples of mechanisms that can be used to accomplish this task. It is also required that a healthcare institution must be able to provide audit trails on image data access on demand for a specific patient. For these reasons, we have developed a HIPAA compliant auditing system (HCAS) for image data security in a PACS by auditing every image data access. The HCAS was presented in 2005 SPIE. This year, two new components, LDSE (Lossless Digital Signature Embedding) and LTVS (Patient Location Tracking and Verification System) logs, have been added to the HCAS. The LDSE can assure medical image integrity in a PACS, while the LTVS can provide access control for a PACS by creating a security zone in the clinical environment. By integrating the LDSE and LTVS logs with the HCAS, the privacy and integrity of image data can be audited as well. Thus, a PACS with the HCAS installed can become HIPAA compliant in image data privacy and integrity, access control, and audit control.

Credit with Education: A Promising Title II Microfinance Strategy--Supporting Integrated Food Security and Nutrition Programs To Improve Health and Well-Being of Women and Children). Food and Nutrition Technical Assistance.

ERIC Educational Resources Information Center

Dunford, Christopher; Denman, Vicki

This paper introduces the reader to microfinance integrated with health and nutrition education as a promising strategy for Title II practitioners. The paper provides an overview of how microfinance, particularly village banking, can contribute to the food-security objectives of Title II. It describes a variant of village banking, called…

A Cryptographic SoC for Robust Protection of Secret Keys in IPTV DRM Systems

NASA Astrophysics Data System (ADS)

Lee, Sanghan; Yang, Hae-Yong; Yeom, Yongjin; Park, Jongsik

The security level of an internet protocol television (IPTV) digital right management (DRM) system ultimately relies on protection of secret keys. Well known devices for the key protection include smartcards and battery backup SRAMs (BB-SRAMs); however, these devices could be vulnerable to various physical attacks. In this paper, we propose a secure and cost-effective design of a cryptographic system on chip (SoC) that integrates the BB-SRAM with a cell-based design technique. The proposed SoC provides robust safeguard against the physical attacks, and satisfies high-speed and low-price requirements of IPTV set-top boxes. Our implementation results show that the maximum encryption rate of the SoC is 633Mb/s. In order to verify the data retention capabilities, we made a prototype chip using 0.18µm standard cell technology. The experimental results show that the integrated BB-SRAM can reliably retain data with a 1.4µA leakage current.

AST: Activity-Security-Trust driven modeling of time varying networks

PubMed Central

Wang, Jian; Xu, Jiake; Liu, Yanheng; Deng, Weiwen

2016-01-01

Network modeling is a flexible mathematical structure that enables to identify statistical regularities and structural principles hidden in complex systems. The majority of recent driving forces in modeling complex networks are originated from activity, in which an activity potential of a time invariant function is introduced to identify agents’ interactions and to construct an activity-driven model. However, the new-emerging network evolutions are already deeply coupled with not only the explicit factors (e.g. activity) but also the implicit considerations (e.g. security and trust), so more intrinsic driving forces behind should be integrated into the modeling of time varying networks. The agents undoubtedly seek to build a time-dependent trade-off among activity, security, and trust in generating a new connection to another. Thus, we reasonably propose the Activity-Security-Trust (AST) driven model through synthetically considering the explicit and implicit driving forces (e.g. activity, security, and trust) underlying the decision process. AST-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the effects of security and trust in driving network evolution, and improving the biases induced by only involving activity representations in analyzing the dynamical processes. PMID:26888717

Xingu Project - Integrating Land Use Planning and Water Governance in Amazonia: Towards Improved Freshwater Security in the Agricultural Frontier of Mato Grosso.

NASA Astrophysics Data System (ADS)

Krusche, A. V.; Ballester, M. V.; Neill, C.; Elsenbeer, H.; Johnson, M. S.; Coe, M. T.; Garavello, M.; Molina, S. G.; Empinotti, V.; Reichardt, F.; Deegan, L.; Harris, L.

2014-12-01

The main goal of this project is to identify how impacts from land conversion, cropland expansion and intensification of both crop and animal production interact to affect regional evapotranspiration, rainfall generation, river flooding, and water quality and stream habitats, allowing us to identify thresholds of change that will endanger agricultural production, livelihoods of non-agricultural settlers and the region's new urban population and infrastructure. We will survey the effects of this on (1) soybean farmers, (2) cattle ranchers, (3) small-scale farm families, (4) rural non-agriculturists, including fishers, and (5) urban residents and map their roles as stakeholders. We will also conduct current water use surveys among the different stakeholder groups, accompanied by questions on desired aspects for future freshwater security to identify targets for desirable outcomes of water governance strategies. These targets, together with the information on land use drivers, water quantity and quality and predicted scenarios for global changes will be incorporated into a fully integrated and interactive geospatially oriented socio-ecological model that can serve as framework for future water governance that enhances Freshwater Security in such systems. This is an international cooperation initiative lead by Brazil and with the participation of Canada, Germany and United States of America.

Global Climate Change: Threat Multiplier for AFRICOM?

DTIC Science & Technology

2007-11-06

climate change , stability for Africa hinges upon mitigating the effects of global climate change to prevent future conflicts such as Darfur, and the...instability that fosters terrorism. The National Security Act of 2010 will formally address climate change and the planning requirement for the threat...of Responsibility (AOR). He will need to integrate multinational and multiagency cooperation to address climate change forecasts. The author

Understanding and Managing Causality of Change in Socio-Technical Systems II

DTIC Science & Technology

2011-01-25

SUBJECT TERMS Cognition , Human Effectiveness, Information Science 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Same as Report (SAR) 18...at large taking into account the cognitive interaction between humans and technology. 8 Hussein Abbass Professor Abbass leads the...Network Centric Operations Future Air Traffic Management Systems Cognitive Engineering including Human-Computer Integration In all of the

Winning the Peace: How Can the Military More Effectively and Efficiently Integrate Civilians in Post-Conflict Operations to Achieve Stability

DTIC Science & Technology

withdraw a large majority of troops months into the operation, but a stable environment required almost a decade to achieve. Stabilization in such a...scenario requires Political, Social , Justice, Economic and Security needs to be met. The military has not been equipped to meet these needs by themselves

Meeting EHR security requirements: SeAAS approach.

PubMed

Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

2010-01-01

In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings.

Freshwater as shared between society and ecosystems: from divided approaches to integrated challenges.

PubMed Central

Falkenmark, Malin

2003-01-01

The paper has its focus on water's key functions behind ecosystem dynamics and the water-related balancing involved in a catchment-based ecosystem approach. A conceptual framework is being developed to address fundamental trade-offs between humans and ecosystems. This is done by paying attention to society's unavoidable landscape modifications and their unavoidable ecological effects mediated by water processes. Because the coevolution of societal and environmental processes indicates resonance rather than a cause-effect relationship, humanity will have to learn to live with change while securing ecosystem resilience. In view of the partial incompatibility of the social imperative of the millennium goals and its environmental sustainability goal, human activities and ecosystems have to be orchestrated for compatibility. To this end a catchment-based approach has to be taken by integrating water, land use and ecosystems. It is being suggested that ecosystem protection has to be thought of in two scales: site-specific biotic landscape components to be protected for their social value, and a catchment-based ecosystem approach to secure sustainable supply of crucial ecosystem goods and services on which social and economic development depends. PMID:14728797

Toward a Theory of Employee Compliance with Information Security Policies: A Grounded Theory Methodology

ERIC Educational Resources Information Center

Sikolia, David Wafula

2013-01-01

User non-compliance with information security policies in organizations due to negligence or ignorance is reported as a key data security problem for organizations. The violation of the confidentiality, integrity and availability of organizational data has led to losses in millions of dollars for organizations in terms of money and time spent…

Secured Transactions: An Integrated Classroom Approach Using Financial Statements and Acronyms

ERIC Educational Resources Information Center

Seganish, W. Michael

2005-01-01

Students struggle with the subject of secured transactions under the Uniform Commercial Code. In this article, the author presents a method that uses balance-sheet information to help students visualize the difference between secured and unsecured creditors. The balance sheet is also used in the Uniform Commercial Code process, in which one must…

75 FR 57811 - Notice of Intent To Prepare an Environmental Assessment and Scoping; President's Park South...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-22

... to prevent delays in decision-making. The proposed actions grow out of needs identified by USSS... respond to the street closures and re-design of security elements to ensure the iconic historic nature of... security elements in place of the temporary security elements identified above. The intent is to integrate...

Learner Centric in M-Learning: Integration of Security, Dependability and Trust

ERIC Educational Resources Information Center

Mahalingam, Sheila; Abdollah, Faizal Mohd; Sahib, Shahrin

2014-01-01

The paper focus on learner centric attributes in a m-learning environment encounters the security measurements. In order to build up a systematic threat and countermeasure for protecting the learners as well as providing awareness and satisfaction in utilizing the mobile learning system, a security model need to be overhauled. The brief literature…

Secure Dynamic access control scheme of PHR in cloud computing.

PubMed

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

SEAODV: A Security Enhanced AODV Routing Protocol for Wireless Mesh Networks

NASA Astrophysics Data System (ADS)

Li, Celia; Wang, Zhuang; Yang, Cungang

In this paper, we propose a Security Enhanced AODV routing protocol (SEAODV) for wireless mesh networks (WMN). SEAODV employs Blom's key pre-distribution scheme to compute the pairwise transient key (PTK) through the flooding of enhanced HELLO message and subsequently uses the established PTK to distribute the group transient key (GTK). PTK and GTK authenticate unicast and broadcast routing messages respectively. In WMN, a unique PTK is shared by each pair of nodes, while GTK is shared secretly between the node and all its one-hop neighbours. A message authentication code (MAC) is attached as the extension to the original AODV routing message to guarantee the message's authenticity and integrity in a hop-by-hop fashion. Security analysis and performance evaluation show that SEAODV is more effective in preventing identified routing attacks and outperforms ARAN and SAODV in terms of computation cost and route acquisition latency.

Security and Stability Analysis of Wind Farms Integration into Distribution Network

NASA Astrophysics Data System (ADS)

Guan-yang, Li; Hongzhao, Wang; Guanglei, Li; Yamei, Cheng; Hong-zheng, Liu; Yi, Sun

2017-05-01

With the increasing share of the wind power in the power system, wind power fluctuations will cause obvious negative impacts on weak local grid. This paper firstly establish electromechanical transient simulation model for doubly fed induction wind turbine, then use Matlab/Simulink to achieve power flow calculation and transient simulation of power system including wind farms, the local synchronous generator, load, etc, finally analyze wind power on the impact of the local power grid under typical circumstances. The actual calculated results indicate that wind mutation causes little effect on the power grid, but when the three-phase short circuit fault happens, active power of wind power decreases sharply and the voltage of location of wind power into the grid also drop sharply, finally wind farm split from power system. This situation is not conducive to security and stability of the local power grid. It is necessary to develop security and stability measures in the future.

Vulnerability mitigation : technology assessment and deployment

DOT National Transportation Integrated Search

2003-01-01

Because of the new terrorist threats since the September 11, 2001 attacks, rapid development, prototyping, and deployment of systems has been necessary. A well integrated physical security system that combines state of the art security and informatio...

A coverage and slicing dependencies analysis for seeking software security defects.

PubMed

He, Hui; Zhang, Dongyan; Liu, Min; Zhang, Weizhe; Gao, Dongmin

2014-01-01

Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults.

Safeguards and security research and development: Progress report, October 1994--September 1995

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rutherford, D.R.; Henriksen, P.W.

The primary goal of the Los Alamos Safeguards and Security Technology Development Program, International Safeguards, and other Safeguards and Security Programs is to continue to be the center of excellence in the field of Safeguards and Security. This annual report for 1995 describes those scientific and engineering projects that contribute to all of the aforementioned programs. The authors have presented the information in a different format from previous annual reports. Part I is devoted to Nuclear Material Measurement Systems. Part II contains projects that are specific to Integrated Safeguards Systems. Part III highlights Safeguards Systems Effectiveness Evaluations and Part IVmore » is a compilation of highlights from Information Assurance projects. Finally Part V highlights work on the projects at Los Alamos for International Safeguards. The final part of this annual report lists titles and abstracts of Los Alamos Safeguards and Security Technology Development reports, technical journal articles, and conference papers that were presented and published in 1995. This is the last annual report in this format. The authors wish to thank all of the individuals who have contributed to this annual report and made it so successful over the years.« less

Exploring the meaning of health security for disaster resilience through people's perspectives in Bangladesh.

PubMed

Ray-Bennett, Nibedita S; Collins, Andrew; Bhuiya, Abbas; Edgeworth, Ross; Nahar, Papreen; Alamgir, Fariba

2010-05-01

There has been significant interest in the rhetoric of health security in recent years from both global and local perspectives. Understanding health in the context of disaster vulnerability presents an opportunity to examine how improved health might reduce the effects of environmental disasters and other crises. To this end, a project was implemented in Bangladesh to establish the potential of a health security approach for disaster resilience amongst people living in high risk environments. This paper explores what we might mean by health security through engaging community level perspectives in the southeast coastal belt of Bangladesh, an area prone to cyclone and flood. This has been examined with respect to variation in gender and wealth of households. Household surveys, interviews and focus group discussions were some of the methods used to collect data. The findings show that health related coping strategies and agentive capabilities in the context of impending crises vary from one micro-context to the next. This suggests a dynamic and integrative resilience that could be built on further, but one which remains remote from wider discourses on health security. Copyright 2010 Elsevier Ltd. All rights reserved.

New color-shifting security devices

NASA Astrophysics Data System (ADS)

Moia, Franco

2004-06-01

The unbroken global increase of forgery and counterfeiting of valuable documents and products steadily requires improved types of optical security devices. Hence, the "security world" is actively seeking for new features which meet high security standards, look attractively and allow easy recognition. One special smart security device created by ROLIC's technology represents a cholesteric device combined with a phase image. On tilting, such devices reveal strong color shifts which are clearly visible to the naked eye. The additional latent image is invisible under normal lighting conditions but can be revealed to human eyes by means of a simple, commercially available linear sheet polarizer. Based on our earlier work, first published in 1981, we now have developed phase change guest-host devices combined with dye-doped cholesteric material for application in new security features. ROLIC has developed sophisticated material systems of cross-linkable cholesteric liquid crystals and suitable cross-linkable dyes which allow to create outstanding cholesteric color-shifting effects not only on light absorbing dark backgrounds but also on bright or even white backgrounds preserving the circularly polarizing state. The new security devices combine unambiguously 1st and 2nd level inspection features and show brilliant colors on black as well as on white substrates. On tilting, the security devices exhibit remarkable color shifts while the integrated hidden images can be revealed by use of a sheet polarizer. Furthermore, due to its very thin material layers, even demanding applications, such as on banknotes can be considered.

Enhanced Vascular Effects of Cyclic GMP in Septic Rat Aorta

DTIC Science & Technology

1988-01-01

enzyme in turn catalyzes Integrative Comp. Physiol. 23): R436-R442, 1988--The mod- the synthesis of 3’,5’-cyclic monophosp#* (cGMP), ulation of... synthesis of endogenous cGMP or after aug- significant disparity in cGMP content of tissue from mentation of intracellular cGMP concentration by treat...and a proposal. J. Vascular reactivity in endotoxin shock: effect of lidocaine or in- Surg. Res. 29: 189-201, 1980. UNCLASSIFIED SECURITY CLASSIFICATION

RIPE integrity primitives, part 2 (RACE Integrity Primitives Evaluation)

NASA Astrophysics Data System (ADS)

Denboer, B.; Boly, J. P.; Bosselaers, A.; Brandt, J.; Chaum, D.; Damgaard, I.; Dichtl, M.; Fumy, W.; Vanderham, M.; Jansen, C. J. A.

1993-04-01

A manual intended for those seeking to secure information systems by applying modern cryptography is presented. It represents the successful attainment of goals by RIPE (RACE (Research and development of Advanced Communications technology in Europe) Integrity Primitives Evaluation). The recommended portfolio of integrity primitives, which is the main product of the project, forms the heart of the manual. By integrity, is meant the kinds of security that can be achieved through cryptography, apart from keeping messages secret. Thus included are ways to ensure that stored or communicated data is not illicitly modified, that parties exchanging messages are actually present, and that 'signed' electronic messages can be recognized as authentic by anyone. Of particular concern to the project were the high speed requirements of broadband communication. The project also aimed for completeness in its recommendations. As a result, the portfolio contains primitives, that is building blocks, that can meet most of today's perceived needs for integrity.

RIPE integrity primitives, part 1 (RACE Integrity Primitives Evaluation)

NASA Astrophysics Data System (ADS)

Denboer, B.; Boly, J. P.; Bosselaers, A.; Brandt, J.; Chaum, D.; Damgaard, I.; Dichtl, M.; Fumy, W.; Vanderham, M.; Jansen, C. J. A.

1993-04-01

A manual intended for those seeking to secure information systems by applying modern cryptography is presented. It represents the successful attainment of goals by RIPE (RACE (Research and development of Advanced Communication technology in Europe) Integrity Primitives Evaluation). The recommended portfolio of integrity primitives, which is the main product of the project, forms the heart of the manual. By integrity, is meant the kinds of security that can be achieved through cryptography, apart from keeping messages secret. Thus included are ways to ensure that stored or communicated data is not illicitly modified, that parties exchanging messages are actually present, and that 'signed' electronic messages can be recognized as authentic by anyone. Of particular concern to the project were the high speed requirements of broadband communication. The project also aimed for completeness in its recommendations. As a result, the portfolio contains primitives, that is building blocks, that can meet most of today's perceived needs for integrity.

Analyzing Cyber-Physical Threats on Robotic Platforms.

PubMed

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms †

PubMed Central

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

Security engineering: systems engineering of security through the adaptation and application of risk management

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

An evaluation index system of water security in China based on macroeconomic data from 2000 to 2012

NASA Astrophysics Data System (ADS)

Li, X. S.; Peng, Z. Y.; Li, T. T.

2016-08-01

This paper establishes an evaluation index system of water security. The index system employs 5 subsystems (water circulation security, water environment security, water ecology security, water society security and water economy security) and has 39 indicators. Using the AHP method, each indicator is given a relative weight to integrate within the whole system. With macroeconomic data from 2000 to 2012, a model of water security evaluation is applied to assess the state of water security in China. The results show an improving trend in the overall state of China's water security. In particular, the cycle of water security is at a high and low fluctuation. Water environment security presents an upward trend on the whole; however, this trend is unsteady and has shown a descending tendency in some years. Yet, water ecology security, water society security, and water economy security are basically on the rise. However, the degree of coordination of China's water security system remains in need of consolidation.

Integrated quantum key distribution sender unit for daily-life implementations

NASA Astrophysics Data System (ADS)

Mélen, Gwenaelle; Vogl, Tobias; Rau, Markus; Corrielli, Giacomo; Crespi, Andrea; Osellame, Roberto; Weinfurter, Harald

2016-03-01

Unlike currently implemented encryption schemes, Quantum Key Distribution provides a secure way of generating and distributing a key among two parties. Although a multitude of research platforms has been developed, the integration of QKD units within classical communication systems remains a tremendous challenge. The recently achieved maturity of integrated photonic technologies could be exploited to create miniature QKD add-ons that could extend the primary function of various existing systems such as mobile devices or optical stations. In this work we report on an integrated optics module enabling secure short-distance communication for, e.g., quantum access schemes. Using BB84-like protocols, Alice's mobile low-cost device can exchange secure key and information everywhere within a trusted node network. The new optics platform (35×20×8mm) compatible with current smartphone's technology generates NIR faint polarised laser pulses with 100MHz repetition rate. Fully automated beam tracking and live basis-alignment on Bob's side ensure user-friendly operation with a quantum link efficiency as high as 50% stable over a few seconds.

Remote video assessment for missile launch facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wagner, G.G.; Stewart, W.A.

1995-07-01

The widely dispersed, unmanned launch facilities (LFs) for land-based ICBMs (intercontinental ballistic missiles) currently do not have visual assessment capability for existing intrusion alarms. The security response force currently must assess each alarm on-site. Remote assessment will enhance manpower, safety, and security efforts. Sandia National Laboratories was tasked by the USAF Electronic Systems Center to research, recommend, and demonstrate a cost-effective remote video assessment capability at missile LFs. The project`s charter was to provide: system concepts; market survey analysis; technology search recommendations; and operational hardware demonstrations for remote video assessment from a missile LF to a remote security center viamore » a cost-effective transmission medium and without using visible, on-site lighting. The technical challenges of this project were to: analyze various video transmission media and emphasize using the existing missile system copper line which can be as long as 30 miles; accentuate and extremely low-cost system because of the many sites requiring system installation; integrate the video assessment system with the current LF alarm system; and provide video assessment at the remote sites with non-visible lighting.« less

46 CFR 111.105-5 - System integrity.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 4 2011-10-01 2011-10-01 false System integrity. 111.105-5 Section 111.105-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Hazardous Locations § 111.105-5 System integrity. In order to maintain system integrity, each...

46 CFR 111.105-5 - System integrity.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false System integrity. 111.105-5 Section 111.105-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Hazardous Locations § 111.105-5 System integrity. In order to maintain system integrity, each...

46 CFR 111.105-5 - System integrity.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 4 2013-10-01 2013-10-01 false System integrity. 111.105-5 Section 111.105-5 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Hazardous Locations § 111.105-5 System integrity. In order to maintain system integrity, each...

Integrating Security in Real-Time Embedded Systems

DTIC Science & Technology

2017-04-26

b) detect any intrusions/a ttacks once tl1ey occur and (c) keep the overall system safe in the event of an attack. 4. Analysis and evaluation of...beyond), we expanded our work in both security integration and attack mechanisms, and worked on demonstrations and evaluations in hardware. Year I...scheduling for each busy interval w ith the calculated arrival time w indow. Step 1 focuses on the problem of finding the quanti ty of each task

Secure, Autonomous, Intelligent Controller for Integrating Distributed Emergency Response Satellite Operations

NASA Astrophysics Data System (ADS)

Ivancic, W. D.; Paulsen, P. E.; Miller, E. M.; Sage, S. P.

This report describes a Secure, Autonomous, and Intelligent Controller for Integrating Distributed Emergency Response Satellite Operations. It includes a description of current improvements to existing Virtual Mission Operations Center technology being used by US Department of Defense and originally developed under NASA funding. The report also highlights a technology demonstration performed in partnership with the United States Geological Service for Earth Resources Observation and Science using DigitalGlobe® satellites to obtain space-based sensor data.

Development of national standards related to the integrated safety and security of high-rise buildings

NASA Astrophysics Data System (ADS)

Voskresenskaya, Elena; Vorona-Slivinskaya, Lubov

2018-03-01

The article considers the issues of developing national standards for high-rise construction. The system of standards should provide industrial, operational, economic and terrorist safety of high-rise buildings and facilities. Modern standards of high-rise construction should set the rules for designing engineering systems of high-rise buildings, which will ensure the integrated security of buildings, increase their energy efficiency and reduce the consumption of resources in construction and operation.

Good Manufacturing Practices (GMP) / Good Laboratory Practices (GLP) Review and Applicability for Chemical Security Enhancements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Iveson, Steven W.

Global chemical security has been enhanced through the determined use and integration of both voluntary and legislated standards. Many popular standards contain components that specifically detail requirements for the security of materials, facilities and other vital assets. In this document we examine the roll of quality management standards and how they affect the security culture within the institutions that adopt these standards in order to conduct business within the international market place. Good manufacturing practices and good laboratory practices are two of a number of quality management systems that have been adopted as law in many nations. These standards aremore » designed to protect the quality of drugs, medicines, foods and analytical test results in order to provide the world-wide consumer with safe and affective products for consumption. These standards provide no established security protocols and yet manage to increase the security of chemicals, materials, facilities and the supply chain via the effective and complete control over the manufacturing, the global supply chains and testing processes. We discuss the means through which these systems enhance security and how nations can further improve these systems with additional regulations that deal specifically with security in the realm of these management systems. We conclude with a discussion of new technologies that may cause disruption within the industries covered by these standards and how these issues might be addressed in order to maintain or increase the level of security within the industries and nations that have adopted these standards.« less

Managing information technology security risk

NASA Technical Reports Server (NTRS)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

Integrated Support for Manipulation and Display of 3D Objects for the Command and Control Workstation of the Future

DTIC Science & Technology

1989-06-01

Science Unclassified SECURITY CLASSIFICATION OF THIS PAGE REPORT DOCUMENTATION PAGE la. REPORT SECURITY CLASS’r!CATION )b RESTRICTIVE MARKINGS UNCLASSIFIED...2a. SECURITY CLASSIFICATION AUTHORITY 3. DISTRIBUTION/AVAILABILITY OF REPORT Approved for public release; Zb. DECLASSIFICATION I DOWNGRADING SCHEDULE...ZIP Code) 10 SOURCE OF FUNDING NUMBERS PROGRAM PROJECT TASK WORK UNIT Monterey, CA. 93943 FLEMENT NO. NO. NO ACCESSION NO. 11. TITLE (Include Security

On detection and visualization techniques for cyber security situation awareness

NASA Astrophysics Data System (ADS)

Yu, Wei; Wei, Shixiao; Shen, Dan; Blowers, Misty; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe; Zhang, Hanlin; Lu, Chao

2013-05-01

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

A governor's guide to emergency management. Volume two : homeland security

DOT National Transportation Integrated Search

2002-09-19

Homeland security is a complex challenge that demands significant investment; collaboration among local, state, and federal governments; and integration with the private sector. The purpose of A Governor's Guide to Emergency Management Volume Two: Ho...

A Multi-Pronged Plan

ERIC Educational Resources Information Center

Starkman, Neal

2007-01-01

As schools adopt new and varied technologies to protect the campus community, the need to look at security tools in terms of a comprehensive, layered, and integrated strategy, becomes clear. This article discusses how schools are using these security tools.

Bundle Security Protocol for ION

NASA Technical Reports Server (NTRS)

Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

2011-01-01

This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol.

PubMed

He, Debiao; Kumar, Neeraj; Chilamkurti, Naveen; Lee, Jong-Hyouk

2014-10-01

The radio frequency identification (RFID) technology has been widely adopted and being deployed as a dominant identification technology in a health care domain such as medical information authentication, patient tracking, blood transfusion medicine, etc. With more and more stringent security and privacy requirements to RFID based authentication schemes, elliptic curve cryptography (ECC) based RFID authentication schemes have been proposed to meet the requirements. However, many recently published ECC based RFID authentication schemes have serious security weaknesses. In this paper, we propose a new ECC based RFID authentication integrated with an ID verifier transfer protocol that overcomes the weaknesses of the existing schemes. A comprehensive security analysis has been conducted to show strong security properties that are provided from the proposed authentication scheme. Moreover, the performance of the proposed authentication scheme is analyzed in terms of computational cost, communicational cost, and storage requirement.

Design of Xen Hybrid Multiple Police Model

NASA Astrophysics Data System (ADS)

Sun, Lei; Lin, Renhao; Zhu, Xianwei

2017-10-01

Virtualization Technology has attracted more and more attention. As a popular open-source virtualization tools, XEN is used more and more frequently. Xsm, XEN security model, has also been widespread concern. The safety status classification has not been established in the XSM, and it uses the virtual machine as a managed object to make Dom0 a unique administrative domain that does not meet the minimum privilege. According to these questions, we design a Hybrid multiple police model named SV_HMPMD that organically integrates multiple single security policy models include DTE,RBAC,BLP. It can fullfill the requirement of confidentiality and integrity for security model and use different particle size to different domain. In order to improve BLP’s practicability, the model introduce multi-level security labels. In order to divide the privilege in detail, we combine DTE with RBAC. In order to oversize privilege, we limit the privilege of domain0.

Security-Oriented and Load-Balancing Wireless Data Routing Game in the Integration of Advanced Metering Infrastructure Network in Smart Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

He, Fulin; Cao, Yang; Zhang, Jun Jason

Ensuring flexible and reliable data routing is indispensable for the integration of Advanced Metering Infrastructure (AMI) networks, we propose a secure-oriented and load-balancing wireless data routing scheme. A novel utility function is designed based on security routing scheme. Then, we model the interactive security-oriented routing strategy among meter data concentrators or smart grid meters as a mixed-strategy network formation game. Finally, such problem results in a stable probabilistic routing scheme with proposed distributed learning algorithm. One contributions is that we studied that different types of applications affect the routing selection strategy and the strategy tendency. Another contributions is that themore » chosen strategy of our mixed routing can adaptively to converge to a new mixed strategy Nash equilibrium (MSNE) during the learning process in the smart grid.« less

"We Are in This Together": Common Group Identity Predicts Majority Members' Active Acculturation Efforts to Integrate Immigrants.

PubMed

Kunst, Jonas R; Thomsen, Lotte; Sam, David L; Berry, John W

2015-10-01

Although integration involves a process of mutual accommodation, the role of majority groups is often downplayed to passive tolerance, leaving immigrants with the sole responsibility for active integration. However, we show that common group identity can actively involve majority members in this process across five studies. Study 1 showed that common identity positively predicted support of integration efforts; Studies 2 and 3 extended these findings, showing that it also predicted real behavior such as monetary donations and volunteering. A decrease in modern racism mediated the relations across these studies, and Studies 4 and 5 further demonstrated that it indeed mediated these effects over and above acculturation expectations and color-blindness, which somewhat compromised integration efforts. Moreover, the last two studies also demonstrated that common, but not dual, groups motivated integration efforts. Common identity appears crucial for securing majorities' altruistic efforts to integrate immigrants and, thus, for achieving functional multiculturalism. © 2015 by the Society for Personality and Social Psychology, Inc.

Regional Military Security Cooperation in North America

DTIC Science & Technology

2009-12-11

will serve as the main research sources. The primary research question is how might the United States better facilitate greater security cooperation...militarily between the U.S., Canada, and Mexico? Secondary research questions are why do we need increased security integration? How do current...research question has several associated tertiary questions . The paper consists of five chapters. Chapters 1 through 3 are introductory and

Russia, America, and Security in the Asia-Pacific

DTIC Science & Technology

2007-01-01

the Chinese and Indian markets. Russia has grown increasingly interested in multilateral mechanisms for security and economic integration in the Asia... negotiating process. The project’s participants proposed some recommendations for policy makers The transnational, economic , and ecological security...historical backgrounds, their cultures , and the levels of their economic development. The countries of the region tend to demonstrate tolerance toward

Workshop on Current Issues in Predictive Approaches to Intelligence and Security Analytics: Fostering the Creation of Decision Advantage through Model Integration and Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanfilippo, Antonio P.

2010-05-23

The increasing asymmetric nature of threats to the security, health and sustainable growth of our society requires that anticipatory reasoning become an everyday activity. Currently, the use of anticipatory reasoning is hindered by the lack of systematic methods for combining knowledge- and evidence-based models, integrating modeling algorithms, and assessing model validity, accuracy and utility. The workshop addresses these gaps with the intent of fostering the creation of a community of interest on model integration and evaluation that may serve as an aggregation point for existing efforts and a launch pad for new approaches.

From secure dependency to attachment: Mary Ainsworth's integration of Blatz's security theory into Bowlby's attachment theory.

PubMed

van Rosmalen, Lenny; van der Horst, Frank C P; van der Veer, René

2016-02-01

John Bowlby is generally regarded as the founder of attachment theory, with the help of Mary Ainsworth. Through her Uganda and Baltimore studies Ainsworth provided empirical evidence for attachment theory, and she contributed the notion of the secure base and exploratory behavior, the Strange Situation Procedure and its classification system, and the notion of maternal sensitivity. On closer scrutiny, many of these contributions appear to be heavily influenced by William Blatz and his security theory. Even though Blatz's influence on Ainsworth has been generally acknowledged, this article, partly based on understudied correspondence from several personal archives, is the first to show which specific parts of attachment theory can be traced back directly to Blatz and his security theory. When Ainsworth started working with Bowlby in the 1950s, around the time he turned to evolutionary theory for an explanation of his findings, she integrated much of Blatzian security theory into Bowlby's theory in the making and used her theoretical and practical experience to enrich attachment theory. Even though Blatz is hardly mentioned nowadays, several of his ideas live on in attachment theory. (c) 2016 APA, all rights reserved).

Recent biosensing developments in environmental security.

PubMed

Wanekaya, Adam K; Chen, Wilfred; Mulchandani, Ashok

2008-06-01

Environmental security is one of the fundamental requirements of our well being. However, it still remains a major global challenge. Therefore, in addition to reducing and/or eliminating the amounts of toxic discharges into the environment, there is need to develop techniques that can detect and monitor these environmental pollutants in a sensitive and selective manner to enable effective remediation. Because of their integrated nature, biosensors are ideal for environmental monitoring and detection as they can be portable and provide selective and sensitive rapid responses in real time. In this review we discuss the main concepts behind the development of biosensors that have most relevant applications in the field of environmental monitoring and detection. We also review and document recent trends and challenges in biosensor research and development particularly in the detection of species of environmental significance such as organophosphate nerve agents, heavy metals, organic contaminants, pathogenic microorganisms and their toxins. Special focus will be given to the trends that have the most promising applications in environmental security. We conclude by highlighting the directions towards which future biosensors research in environmental security sector might proceed.

Photonic sensor opportunities for distributed and wireless systems in security applications

NASA Astrophysics Data System (ADS)

Krohn, David

2006-10-01

There are broad ranges of homeland security sensing applications that can be facilitated by distributed fiber optic sensors and photonics integrated wireless systems. These applications include [1]: Pipeline, (Monitoring, Security); Smart structures (Bridges, Tunnels, Dams, Public spaces); Power lines (Monitoring, Security); Transportation security; Chemical/biological detection; Wide area surveillance - perimeter; and Port Security (Underwater surveillance, Cargo container). Many vital assets which cover wide areas, such as pipeline and borders, are under constant threat of being attacked or breached. There is a rapidly emerging need to be able to provide identification of intrusion threats to such vital assets. Similar problems exit for monitoring the basic infrastructure such as water supply, power utilities, communications systems as well as transportation. There is a need to develop a coordinated and integrated solution for the detection of threats. From a sensor standpoint, consideration must not be limited to detection, but how does detection lead to intervention and deterrence. Fiber optic sensor technology must be compatible with other surveillance technologies such as wireless mote technology to facilitate integration. In addition, the multi-functionality of fiber optic sensors must be expanded to include bio-chemical detection. There have been a number of barriers for the acceptance and broad use of smart fiber optic sensors. Compared to telecommunications, the volume is low. This fact coupled with proprietary and custom specifications has kept the price of fiber optic sensors high. There is a general lack of a manufacturing infrastructure and lack of standards for packaging and reliability. Also, there are several competing technologies; some photonic based and other approaches based on conventional non-photonic technologies.

A preliminary cyber-physical security assessment of the Robot Operating System (ROS)

NASA Astrophysics Data System (ADS)

McClean, Jarrod; Stull, Christopher; Farrar, Charles; Mascareñas, David

2013-05-01

Over the course of the last few years, the Robot Operating System (ROS) has become a highly popular software framework for robotics research. ROS has a very active developer community and is widely used for robotics research in both academia and government labs. The prevalence and modularity of ROS cause many people to ask the question: "What prevents ROS from being used in commercial or government applications?" One of the main problems that is preventing this increased use of ROS in these applications is the question of characterizing its security (or lack thereof). In the summer of 2012, a crowd sourced cyber-physical security contest was launched at the cyber security conference DEF CON 20 to begin the process of characterizing the security of ROS. A small-scale, car-like robot was configured as a cyber-physical security "honeypot" running ROS. DEFFCON-20 attendees were invited to find exploits and vulnerabilities in the robot while network traffic was collected. The results of this experiment provided some interesting insights and opened up many security questions pertaining to deployed robotic systems. The Federal Aviation Administration is tasked with opening up the civil airspace to commercial drones by September 2015 and driverless cars are already legal for research purposes in a number of states. Given the integration of these robotic devices into our daily lives, the authors pose the following question: "What security exploits can a motivated person with little-to-no experience in cyber security execute, given the wide availability of free cyber security penetration testing tools such as Metasploit?" This research focuses on applying common, low-cost, low-overhead, cyber-attacks on a robot featuring ROS. This work documents the effectiveness of those attacks.

Effective information management and assurance for a modern organisation during a crisis.

PubMed

MacLeod, Andrew

2015-01-01

During a crisis, organisations face a major unpredictable event with potentially negative consequences. Effective information management and assurance can assist the organisation in making sure that they have the correct information in a secure format to make decisions to recover their operations. The main elements of effective information management and assurance are confidentiality, integrity and availability, combined with non-repudiation. Should an element of effective information management or assurance be removed it can have a detrimental effect on the other elements and render the information management and assurance practices of the organisation ineffectual.

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

Integrating nuclear weapons stockpile management and nuclear arms control to enable significant stockpile reductions

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanders, Lani Miyoshi; DeLand, Sharon M.; Pregenzer, Arian L.

2010-11-01

In his 2009 Prague speech and the 2010 Nuclear Posture Review, President Barack Obama committed the United States to take concrete steps toward nuclear disarmament while maintaining a safe, secure, and effective nuclear deterrent. There is an inherent tension between these two goals that is best addressed through improved integration of nuclear weapons objectives with nuclear arms control objectives. This article reviews historical examples of the interaction between the two sets of objectives, develops a framework for analyzing opportunities for future integration, and suggests specific ideas that could benefit the nuclear weapons enterprise as it undergoes transformation and that couldmore » make the future enterprise compatible with a variety of arms control futures.« less

Integrating international responses to complex emergencies, unconventional war, and terrorism.

PubMed

Burkle, Frederick M

2005-01-01

The world is experiencing unprecedented violence and threats of violence, taking the form of complex internal nation-state conflicts, unconventional or guerrilla warfare against established governments, and stateless threats of terrorism by potential biologic, chemical, and nuclear weapons. What happens locally has immediate ramifications internationally. Real and potential health consequences of these events have evoked global concerns and realization that capacities and capabilities to respond to such events require unparalleled integration, coordination, and cooperation of the international community. However, politics and the institutions singular governments form are inherently limited in their objectives and capability to effectively respond. Public health, broadly defined, must be recognized as a security and strategic requirement, one that serves to build a foundation for an international integrated response capacity.

Secure, Autonomous, Intelligent Controller for Integrating Distributed Emergency Response Satellite Operations

NASA Technical Reports Server (NTRS)

Ivancic, William D.; Paulsen, Phillip E.; Miller, Eric M.; Sage, Steen P.

2013-01-01

This report describes a Secure, Autonomous, and Intelligent Controller for Integrating Distributed Emergency Response Satellite Operations. It includes a description of current improvements to existing Virtual Mission Operations Center technology being used by US Department of Defense and originally developed under NASA funding. The report also highlights a technology demonstration performed in partnership with the United States Geological Service for Earth Resources Observation and Science using DigitalGlobe(Registered TradeMark) satellites to obtain space-based sensor data.

Security of the Five-Round KASUMI Type Permutation

NASA Astrophysics Data System (ADS)

Iwata, Tetsu; Yagi, Tohru; Kurosawa, Kaoru

KASUMI is a blockcipher that forms the heart of the 3GPP confidentiality and integrity algorithms. In this paper, we study the security of the five-round KASUMI type permutations, and derive a highly non-trivial security bound against adversaries with adaptive chosen plaintext and chosen ciphertext attacks. To derive our security bound, we heavily use the tools from graph theory. However the result does not show its super-pseudorandomness, this gives us a strong evidence that the design of KASUMI is sound.

Field test of quantum key distribution in the Tokyo QKD Network.

PubMed

Sasaki, M; Fujiwara, M; Ishizuka, H; Klaus, W; Wakui, K; Takeoka, M; Miki, S; Yamashita, T; Wang, Z; Tanaka, A; Yoshino, K; Nambu, Y; Takahashi, S; Tajima, A; Tomita, A; Domeki, T; Hasegawa, T; Sakai, Y; Kobayashi, H; Asai, T; Shimizu, K; Tokura, T; Tsurumaru, T; Matsui, M; Honjo, T; Tamaki, K; Takesue, H; Tokura, Y; Dynes, J F; Dixon, A R; Sharpe, A W; Yuan, Z L; Shields, A J; Uchikoga, S; Legré, M; Robyr, S; Trinkler, P; Monat, L; Page, J-B; Ribordy, G; Poppe, A; Allacher, A; Maurhart, O; Länger, T; Peev, M; Zeilinger, A

2011-05-23

A secure communication network with quantum key distribution in a metropolitan area is reported. Six different QKD systems are integrated into a mesh-type network. GHz-clocked QKD links enable us to demonstrate the world-first secure TV conferencing over a distance of 45km. The network includes a commercial QKD product for long-term stable operation, and application interface to secure mobile phones. Detection of an eavesdropper, rerouting into a secure path, and key relay via trusted nodes are demonstrated in this network.

Research in DRM architecture based on watermarking and PKI

NASA Astrophysics Data System (ADS)

Liu, Ligang; Chen, Xiaosu; Xiao, Dao-ju; Yi, Miao

2005-02-01

Analyze the virtue and disadvantage of the present digital copyright protecting system, design a kind of security protocol model of digital copyright protection, which equilibrium consider the digital media"s use validity, integrality, security of transmission, and trade equity, make a detailed formalize description to the protocol model, analyze the relationship of the entities involved in the digital work copyright protection. The analysis of the security and capability of the protocol model shows that the model is good at security and practicability.

Rapidly Deployable Security System Final Report CRADA No. TC-2030-01

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kohlhepp, V.; Whiteman, B.; McKibben, M. T.

The ultimate objective of the LEADER and LLNL strategic partnership was to develop and commercialize_a security-based system product and platform for the use in protecting the substantial physical and economic assets of the government and commerce of the United States. The primary goal of this project was to integrate video surveillance hardware developed by LLNL with a security software backbone developed by LEADER. Upon completion of the project, a prototype hardware/software security system that is highly scalable was to be demonstrated.

Peripherally InSerted CEntral catheter dressing and securement in patients with cancer: the PISCES trial. Protocol for a 2x2 factorial, superiority randomised controlled trial.

PubMed

Rickard, Claire M; Marsh, Nicole M; Webster, Joan; Gavin, Nicole C; Chan, Raymond J; McCarthy, Alexandra L; Mollee, Peter; Ullman, Amanda J; Kleidon, Tricia; Chopra, Vineet; Zhang, Li; McGrail, Matthew R; Larsen, Emily; Choudhury, Md Abu; Keogh, Samantha; Alexandrou, Evan; McMillan, David J; Mervin, Merehau Cindy; Paterson, David L; Cooke, Marie; Ray-Barruel, Gillian; Castillo, Maria Isabel; Hallahan, Andrew; Corley, Amanda; Geoffrey Playford, E

2017-06-15

Around 30% of peripherally inserted central catheters (PICCs) fail from vascular, infectious or mechanical complications. Patients with cancer are at highest risk, and this increases morbidity, mortality and costs. Effective PICC dressing and securement may prevent PICC failure; however, no large randomised controlled trial (RCT) has compared alternative approaches. We designed this RCT to assess the clinical and cost-effectiveness of dressing and securements to prevent PICC failure. Pragmatic, multicentre, 2×2 factorial, superiority RCT of (1) dressings (chlorhexidine gluconate disc (CHG) vs no disc) and (2) securements (integrated securement dressing (ISD) vs securement device (SED)). A qualitative evaluation using a knowledge translation framework is included. Recruitment of 1240 patients will occur over 3 years with allocation concealment until randomisation by a centralised service. For the dressing hypothesis, we hypothesise CHG discs will reduce catheter-associated bloodstream infection (CABSI) compared with no CHG disc. For the securement hypothesis, we hypothesise that ISD will reduce composite PICC failure (infection (CABSI/local infection), occlusion, dislodgement or thrombosis), compared with SED. types of PICC failure; safety; costs; dressing/securement failure; dwell time; microbial colonisation; reversible PICC complications and consumer acceptability. Relative incidence rates of CABSI and PICC failure/100 devices and/1000 PICC days (with 95% CIs) will summarise treatment impact. Kaplan-Meier survival curves (and log rank Mantel-Haenszel test) will compare outcomes over time. Secondary end points will be compared between groups using parametric/non-parametric techniques; p values <0.05 will be considered to be statistically significant. Ethical approval from Queensland Health (HREC/15/QRCH/241) and Griffith University (Ref. No. 2016/063). Results will be published. Trial registration number is: ACTRN12616000315415. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2017. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

Integrating QoS and security functions in an IP-VPN gateway

NASA Astrophysics Data System (ADS)

Fan, Kuo-Pao; Chang, Shu-Hsin; Lin, Kuan-Ming; Pen, Mau-Jy

2001-10-01

IP-based Virtual Private Network becomes more and more popular. It can not only reduce the enterprise communication cost but also increase the revenue of the service provider. The common IP-VPN application types include Intranet VPN, Extranet VPN, and remote access VPN. For the large IP-VPN market, some vendors develop dedicated IP-VPN devices; while some vendors add the VPN functions into their existing network equipment such as router, access gateway, etc. The functions in the IP-VPN device include security, QoS, and management. The common security functions supported are IPSec (IP Security), IKE (Internet Key Exchange), and Firewall. The QoS functions include bandwidth control and packet scheduling. In the management component, policy-based network management is under standardization in IETF. In this paper, we discuss issues on how to integrate the QoS and security functions in an IP-VPN Gateway. We propose three approaches to do this. They are (1) perform Qos first (2) perform IPSec first and (3) reserve fixed bandwidth for IPSec. We also compare the advantages and disadvantages of the three proposed approaches.

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Secure environment for real-time tele-collaboration on virtual simulation of radiation treatment planning.

PubMed

Ntasis, Efthymios; Maniatis, Theofanis A; Nikita, Konstantina S

2003-01-01

A secure framework is described for real-time tele-collaboration on Virtual Simulation procedure of Radiation Treatment Planning. An integrated approach is followed clustering the security issues faced by the system into organizational issues, security issues over the LAN and security issues over the LAN-to-LAN connection. The design and the implementation of the security services are performed according to the identified security requirements, along with the need for real time communication between the collaborating health care professionals. A detailed description of the implementation is given, presenting a solution, which can directly be tailored to other tele-collaboration services in the field of health care. The pilot study of the proposed security components proves the feasibility of the secure environment, and the consistency with the high performance demands of the application.

Defense Message System Way Ahead: Conclusions and Recommendations from the Industry Advisory Panel

DTIC Science & Technology

2000-03-01

access terminals • Increasing requirement for authentication and data security for conducting business • Mergers and acquisitions in Internet space...market, used to carry PKI certificates for all types of security services including access control, confidentiality, integrity, and non-repudiation...Wireless access widespread § Unified messaging pervasive § Security /privacy dependent on service provider Long-term § Highly reliable systems

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

PubMed Central

Müthing, Jannis; Jäschke, Thomas

2017-01-01

Background Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. Objective The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Methods Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Results Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. Conclusions The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable. PMID:29046271

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues.

PubMed

Müthing, Jannis; Jäschke, Thomas; Friedrich, Christoph M

2017-10-18

Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable. ©Jannis Müthing, Thomas Jäschke, Christoph M Friedrich. Originally published in JMIR Mhealth and Uhealth (http://mhealth.jmir.org), 18.10.2017.

Standardized access, display, and retrieval of medical video

NASA Astrophysics Data System (ADS)

Bellaire, Gunter; Steines, Daniel; Graschew, Georgi; Thiel, Andreas; Bernarding, Johannes; Tolxdorff, Thomas; Schlag, Peter M.

1999-05-01

The system presented here enhances documentation and data- secured, second-opinion facilities by integrating video sequences into DICOM 3.0. We present an implementation for a medical video server extended by a DICOM interface. Security mechanisms conforming with DICOM are integrated to enable secure internet access. Digital video documents of diagnostic and therapeutic procedures should be examined regarding the clip length and size necessary for second opinion and manageable with today's hardware. Image sources relevant for this paper include 3D laparoscope, 3D surgical microscope, 3D open surgery camera, synthetic video, and monoscopic endoscopes, etc. The global DICOM video concept and three special workplaces of distinct applications are described. Additionally, an approach is presented to analyze the motion of the endoscopic camera for future automatic video-cutting. Digital stereoscopic video sequences are especially in demand for surgery . Therefore DSVS are also integrated into the DICOM video concept. Results are presented describing the suitability of stereoscopic display techniques for the operating room.

Energy Systems Integration News | Energy Systems Integration Facility |

Science.gov Websites

-matter experts to develop cyber-physical systems security testing methodologies and resilience best the Energy Systems Integration Facility as part of NREL's work with SolarCity and the Hawaiian Electric Companies. Photo by Amy Glickson, NREL Welcome to Energy Systems Integration News, NREL's monthly

42 CFR 455.200 - Basis and scope.

Code of Federal Regulations, 2011 CFR

2011-10-01

... scope. (a) Statutory basis. This subpart implements section 1936 of the Social Security Act that... contract under the Medicaid Integrity Program and to carry out the Medicaid integrity audit program...

42 CFR 455.200 - Basis and scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... scope. (a) Statutory basis. This subpart implements section 1936 of the Social Security Act that... contract under the Medicaid Integrity Program and to carry out the Medicaid integrity audit program...

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Context-aware access control for pervasive access to process-based healthcare systems.

PubMed

Koufi, Vassiliki; Vassilacopoulos, George

2008-01-01

Healthcare is an increasingly collaborative enterprise involving a broad range of healthcare services provided by many individuals and organizations. Grid technology has been widely recognized as a means for integrating disparate computing resources in the healthcare field. Moreover, Grid portal applications can be developed on a wireless and mobile infrastructure to execute healthcare processes which, in turn, can provide remote access to Grid database services. Such an environment provides ubiquitous and pervasive access to integrated healthcare services at the point of care, thus improving healthcare quality. In such environments, the ability to provide an effective access control mechanism that meets the requirement of the least privilege principle is essential. Adherence to the least privilege principle requires continuous adjustments of user permissions in order to adapt to the current situation. This paper presents a context-aware access control mechanism for HDGPortal, a Grid portal application which provides access to workflow-based healthcare processes using wireless Personal Digital Assistants. The proposed mechanism builds upon and enhances security mechanisms provided by the Grid Security Infrastructure. It provides tight, just-in-time permissions so that authorized users get access to specific objects according to the current context. These permissions are subject to continuous adjustments triggered by the changing context. Thus, the risk of compromising information integrity during task executions is reduced.

46 CFR 111.50-2 - Systems integration.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Systems integration. 111.50-2 Section 111.50-2 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) ELECTRICAL ENGINEERING ELECTRIC SYSTEMS-GENERAL REQUIREMENTS Overcurrent Protection § 111.50-2 Systems integration. The electrical characteristics of each...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... subject to the Privacy Act be maintained with appropriate administrative, technical and physical...) Records security. Whether maintained in physical or electronic form, records subject to the Privacy Act... the system of records. The Privacy Act Officer will periodically review these security measures to...

Safeguarding Databases Basic Concepts Revisited.

ERIC Educational Resources Information Center

Cardinali, Richard

1995-01-01

Discusses issues of database security and integrity, including computer crime and vandalism, human error, computer viruses, employee and user access, and personnel policies. Suggests some precautions to minimize system vulnerability such as careful personnel screening, audit systems, passwords, and building and software security systems. (JKP)

17 CFR 38.604 - Financial surveillance.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Financial surveillance. 38.604 Section 38.604 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT MARKETS Financial Integrity of Transactions § 38.604 Financial surveillance. A designated contract market...

17 CFR 38.604 - Financial surveillance.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Financial surveillance. 38.604 Section 38.604 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT MARKETS Financial Integrity of Transactions § 38.604 Financial surveillance. A designated contract market...

Transitioning from analog to digital communications: An information security perspective

NASA Technical Reports Server (NTRS)

Dean, Richard A.

1990-01-01

A summary is given of the government's perspective on evolving digital communications as they affect secure voice users and approaches for operating during a transition period to an all digital world. An integrated architecture and a mobile satellite interface are discussed.

Interconnecting smartphone, image analysis server, and case report forms in clinical trials for automatic skin lesion tracking in clinical trials

NASA Astrophysics Data System (ADS)

Haak, Daniel; Doma, Aliaa; Gombert, Alexander; Deserno, Thomas M.

2016-03-01

Today, subject's medical data in controlled clinical trials is captured digitally in electronic case report forms (eCRFs). However, eCRFs only insufficiently support integration of subject's image data, although medical imaging is looming large in studies today. For bed-side image integration, we present a mobile application (App) that utilizes the smartphone-integrated camera. To ensure high image quality with this inexpensive consumer hardware, color reference cards are placed in the camera's field of view next to the lesion. The cards are used for automatic calibration of geometry, color, and contrast. In addition, a personalized code is read from the cards that allows subject identification. For data integration, the App is connected to an communication and image analysis server that also holds the code-study-subject relation. In a second system interconnection, web services are used to connect the smartphone with OpenClinica, an open-source, Food and Drug Administration (FDA)-approved electronic data capture (EDC) system in clinical trials. Once the photographs have been securely stored on the server, they are released automatically from the mobile device. The workflow of the system is demonstrated by an ongoing clinical trial, in which photographic documentation is frequently performed to measure the effect of wound incision management systems. All 205 images, which have been collected in the study so far, have been correctly identified and successfully integrated into the corresponding subject's eCRF. Using this system, manual steps for the study personnel are reduced, and, therefore, errors, latency and costs decreased. Our approach also increases data security and privacy.

Integrated Controlling System and Unified Database for High Throughput Protein Crystallography Experiments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gaponov, Yu.A.; Igarashi, N.; Hiraki, M.

2004-05-12

An integrated controlling system and a unified database for high throughput protein crystallography experiments have been developed. Main features of protein crystallography experiments (purification, crystallization, crystal harvesting, data collection, data processing) were integrated into the software under development. All information necessary to perform protein crystallography experiments is stored (except raw X-ray data that are stored in a central data server) in a MySQL relational database. The database contains four mutually linked hierarchical trees describing protein crystals, data collection of protein crystal and experimental data processing. A database editor was designed and developed. The editor supports basic database functions to view,more » create, modify and delete user records in the database. Two search engines were realized: direct search of necessary information in the database and object oriented search. The system is based on TCP/IP secure UNIX sockets with four predefined sending and receiving behaviors, which support communications between all connected servers and clients with remote control functions (creating and modifying data for experimental conditions, data acquisition, viewing experimental data, and performing data processing). Two secure login schemes were designed and developed: a direct method (using the developed Linux clients with secure connection) and an indirect method (using the secure SSL connection using secure X11 support from any operating system with X-terminal and SSH support). A part of the system has been implemented on a new MAD beam line, NW12, at the Photon Factory Advanced Ring for general user experiments.« less

Internet of Things (IoT) Based Design of a Secure and Lightweight Body Area Network (BAN) Healthcare System.

PubMed

Deng, Yong-Yuan; Chen, Chin-Ling; Tsaur, Woei-Jiunn; Tang, Yung-Wen; Chen, Jung-Hsuan

2017-12-15

As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT). At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN). These personal wireless devices collect and integrate patients' personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

Twenty-Five Year Site Plan FY2013 - FY2037

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jones, William H.

2012-07-12

Los Alamos National Laboratory (the Laboratory) is the nation's premier national security science laboratory. Its mission is to develop and apply science and technology to ensure the safety, security, and reliability of the United States (U.S.) nuclear stockpile; reduce the threat of weapons of mass destruction, proliferation, and terrorism; and solve national problems in defense, energy, and the environment. The fiscal year (FY) 2013-2037 Twenty-Five Year Site Plan (TYSP) is a vital component for planning to meet the National Nuclear Security Administration (NNSA) commitment to ensure the U.S. has a safe, secure, and reliable nuclear deterrent. The Laboratory also usesmore » the TYSP as an integrated planning tool to guide development of an efficient and responsive infrastructure that effectively supports the Laboratory's missions and workforce. Emphasizing the Laboratory's core capabilities, this TYSP reflects the Laboratory's role as a prominent contributor to NNSA missions through its programs and campaigns. The Laboratory is aligned with Nuclear Security Enterprise (NSE) modernization activities outlined in the NNSA Strategic Plan (May 2011) which include: (1) ensuring laboratory plutonium space effectively supports pit manufacturing and enterprise-wide special nuclear materials consolidation; (2) constructing the Chemistry and Metallurgy Research Replacement Nuclear Facility (CMRR-NF); (3) establishing shared user facilities to more cost effectively manage high-value, experimental, computational and production capabilities; and (4) modernizing enduring facilities while reducing the excess facility footprint. Th is TYSP is viewed by the Laboratory as a vital planning tool to develop an effi cient and responsive infrastructure. Long range facility and infrastructure development planning are critical to assure sustainment and modernization. Out-year re-investment is essential for sustaining existing facilities, and will be re-evaluated on an annual basis. At the same time, major modernization projects will require new line-item funding. This document is, in essence, a roadmap that defines a path forward for the Laboratory to modernize, streamline, consolidate, and sustain its infrastructure to meet its national security mission.« less

Implementation of the Web-based laboratory

NASA Astrophysics Data System (ADS)

Ying, Liu; Li, Xunbo

2005-12-01

With the rapid developments of Internet technologies, remote access and control via Internet is becoming a reality. A realization of the web-based laboratory (the W-LAB) was presented. The main target of the W-LAB was to allow users to easily access and conduct experiments via the Internet. While realizing the remote communication, a system, which adopted the double client-server architecture, was introduced. It ensures the system better security and higher functionality. The experimental environment implemented in the W-Lab was integrated by both virtual lab and remote lab. The embedded technology in the W-LAB system as an economical and efficient way to build the distributed infrastructural network was introduced. Furthermore, by introducing the user authentication mechanism in the system, it effectively secures the remote communication.

Watermarking requirements for Boeing digital cinema

NASA Astrophysics Data System (ADS)

Lixvar, John P.

2003-06-01

The enormous economic incentives for safeguarding intellectual property in the digital domain have made forensic watermarking a research topic of considerable interest. However, a recent examination of some of the leading product development efforts reveals that at present there is no effective watermarking implementation that addresses both the fidelity and security requirements of high definition digital cinema. If Boeing Digital Cinema (BDC, a business unit of Boeing Integrated Defense Systems) is to succeed in using watermarking as a deterrent to the unauthorized capture and distribution of high value cinematic material, the technology must be robust, transparent, asymmetric in its insertion/detection costs, and compatible with all the other elements of Boeing's multi-layered security system, including its compression, encryption, and key management services.

Report of the DHS Small Vessel Security Institute

DTIC Science & Technology

2007-10-19

sector interests are integral parts of the nation’s strategy of “layered security” in the face of hostile intent. Since the earliest days of the ...and secure as possible while simultaneously protecting our citizen’s enjoyment of their maritime heritage. Today, the Department of Homeland Security...of the discussions (in a neutral, non- attribution format) to serve as the starting point of an ongoing, unprecedented partnership by DHS and the

Security Controls in the Stockpoint Logistics Integrated Communications Environment (SPLICE).

DTIC Science & Technology

1985-03-01

call programs as authorized after checks by the Terminal Management Subsystem on SAS databases . SAS overlays the TANDEM GUARDIAN operating system to...Security Access Profile database (SAP) and a query capability generating various security reports. SAS operates with the System Monitor (SMON) subsystem...system to DDN and other components. The first SAS component to be reviewed is the SAP database . SAP is organized into two types of files. Relational

Exploring Factors Influencing Self-Efficacy in Information Security an Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies

ERIC Educational Resources Information Center

Reddy, Dinesh Sampangirama

2017-01-01

Cybersecurity threats confront the United States on a daily basis, making them one of the major national security challenges. One approach to meeting these challenges is to improve user cybersecurity behavior. End user security behavior hinges on end user acceptance and use of the protective information technologies such as anti-virus and…

Latin America in the 1980’s: The Strategic Environment and Inter-American Security.

DTIC Science & Technology

1981-06-15

Investigaciones socio-economicas (CISEC), Las Fuerzas Armadas en la Sociedad Civil, Santiago: Talleres Graficos , pages 143-229. 25. A 1976 International Monetary...Moreover, Latin American countries, notably Brazil, Peru, and Chile , have elaborated and implemented comprehensive national security doctrines that...equate development and social integration with national security. In the 1980’s Argentina, Brazil, Chile , Colombia, Mexico, Peru and Venezuela-the seven

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Statistical Analysis of Atmospheric Forecast Model Accuracy - A Focus on Multiple Atmospheric Variables and Location-Based Analysis

DTIC Science & Technology

2014-04-01

WRF ) model is a numerical weather prediction system designed for operational forecasting and atmospheric research. This report examined WRF model... WRF , weather research and forecasting, atmospheric effects 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR 18. NUMBER OF...and Forecasting ( WRF ) model. The authors would also like to thank Ms. Sherry Larson, STS Systems Integration, LLC, ARL Technical Publishing Branch

77 FR 62556 - Self-Regulatory Organizations; NASDAQ OMX PHLX LLC; Notice of Filing and Immediate Effectiveness...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-15

... integrated order display and execution system for all NMS stocks,\\4\\ as defined in SEC Rule 600(b)(47) under... (September 9, 2010), 75 FR 56633 (September 16, 2010) (SR-Phlx-2010-079). \\5\\ See 17 CFR 242.600(b)(47). \\6... Section 19(b)(1) of the Securities Exchange Act of 1934 (``Act''),\\1\\ and Rule 19b-4 \\2\\ thereunder...

Using secure web services to visualize poison center data for nationwide biosurveillance: a case study.

PubMed

Savel, Thomas G; Bronstein, Alvin; Duck, William; Rhodes, M Barry; Lee, Brian; Stinn, John; Worthen, Katherine

2010-01-01

Real-time surveillance systems are valuable for timely response to public health emergencies. It has been challenging to leverage existing surveillance systems in state and local communities, and, using a centralized architecture, add new data sources and analytical capacity. Because this centralized model has proven to be difficult to maintain and enhance, the US Centers for Disease Control and Prevention (CDC) has been examining the ability to use a federated model based on secure web services architecture, with data stewardship remaining with the data provider. As a case study for this approach, the American Association of Poison Control Centers and the CDC extended an existing data warehouse via a secure web service, and shared aggregate clinical effects and case counts data by geographic region and time period. To visualize these data, CDC developed a web browser-based interface, Quicksilver, which leveraged the Google Maps API and Flot, a javascript plotting library. Two iterations of the NPDS web service were completed in 12 weeks. The visualization client, Quicksilver, was developed in four months. This implementation of web services combined with a visualization client represents incremental positive progress in transitioning national data sources like BioSense and NPDS to a federated data exchange model. Quicksilver effectively demonstrates how the use of secure web services in conjunction with a lightweight, rapidly deployed visualization client can easily integrate isolated data sources for biosurveillance.

46 CFR 109.209 - Appliances for watertight integrity.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 4 2013-10-01 2013-10-01 false Appliances for watertight integrity. 109.209 Section 109.209 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.209 Appliances for watertight integrity. (a) Before getting...

46 CFR 109.209 - Appliances for watertight integrity.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Appliances for watertight integrity. 109.209 Section 109.209 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.209 Appliances for watertight integrity. (a) Before getting...

46 CFR 109.209 - Appliances for watertight integrity.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 4 2012-10-01 2012-10-01 false Appliances for watertight integrity. 109.209 Section 109.209 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.209 Appliances for watertight integrity. (a) Before getting...

46 CFR 109.209 - Appliances for watertight integrity.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 4 2011-10-01 2011-10-01 false Appliances for watertight integrity. 109.209 Section 109.209 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.209 Appliances for watertight integrity. (a) Before getting...

46 CFR 109.209 - Appliances for watertight integrity.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 4 2014-10-01 2014-10-01 false Appliances for watertight integrity. 109.209 Section 109.209 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS OPERATIONS Tests, Drills, and Inspections § 109.209 Appliances for watertight integrity. (a) Before getting...

75 FR 30159 - Automatic Dependent Surveillance-Broadcast (ADS-B) Out Performance Requirements To Support Air...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-28

...--Experimental Aircraft Association ELT--Emergency Locator Transmitter ES--Extended Squitter EUROCAE--European...--Security Certification and Accreditation Procedures SDA--System Design Assurance SIL--Source Integrity.... Surveillance Integrity Level 6. Source Integrity Level (SIL) and System Design Assurance (SDA) 7. Secondary...

46 CFR 108.665 - Appliances for watertight integrity.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 4 2010-10-01 2010-10-01 false Appliances for watertight integrity. 108.665 Section 108.665 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) A-MOBILE OFFSHORE DRILLING UNITS DESIGN AND EQUIPMENT Equipment Markings and Instructions § 108.665 Appliances for watertight integrity...

Decentralized State Estimation and Remedial Control Action for Minimum Wind Curtailment Using Distributed Computing Platform

DOE PAGES

Liu, Ren; Srivastava, Anurag K.; Bakken, David E.; ...

2017-08-17

Intermittency of wind energy poses a great challenge for power system operation and control. Wind curtailment might be necessary at the certain operating condition to keep the line flow within the limit. Remedial Action Scheme (RAS) offers quick control action mechanism to keep reliability and security of the power system operation with high wind energy integration. In this paper, a new RAS is developed to maximize the wind energy integration without compromising the security and reliability of the power system based on specific utility requirements. A new Distributed Linear State Estimation (DLSE) is also developed to provide the fast andmore » accurate input data for the proposed RAS. A distributed computational architecture is designed to guarantee the robustness of the cyber system to support RAS and DLSE implementation. The proposed RAS and DLSE is validated using the modified IEEE-118 Bus system. Simulation results demonstrate the satisfactory performance of the DLSE and the effectiveness of RAS. Real-time cyber-physical testbed has been utilized to validate the cyber-resiliency of the developed RAS against computational node failure.« less

Hand Grasping Synergies As Biometrics.

PubMed

Patel, Vrajeshri; Thukral, Poojita; Burns, Martin K; Florescu, Ionut; Chandramouli, Rajarathnam; Vinjamuri, Ramana

2017-01-01

Recently, the need for more secure identity verification systems has driven researchers to explore other sources of biometrics. This includes iris patterns, palm print, hand geometry, facial recognition, and movement patterns (hand motion, gait, and eye movements). Identity verification systems may benefit from the complexity of human movement that integrates multiple levels of control (neural, muscular, and kinematic). Using principal component analysis, we extracted spatiotemporal hand synergies (movement synergies) from an object grasping dataset to explore their use as a potential biometric. These movement synergies are in the form of joint angular velocity profiles of 10 joints. We explored the effect of joint type, digit, number of objects, and grasp type. In its best configuration, movement synergies achieved an equal error rate of 8.19%. While movement synergies can be integrated into an identity verification system with motion capture ability, we also explored a camera-ready version of hand synergies-postural synergies. In this proof of concept system, postural synergies performed well, but only when specific postures were chosen. Based on these results, hand synergies show promise as a potential biometric that can be combined with other hand-based biometrics for improved security.

Attachment theory and theory of planned behavior: an integrative model predicting underage drinking.

PubMed

Lac, Andrew; Crano, William D; Berger, Dale E; Alvaro, Eusebio M

2013-08-01

Research indicates that peer and maternal bonds play important but sometimes contrasting roles in the outcomes of children. Less is known about attachment bonds to these 2 reference groups in young adults. Using a sample of 351 participants (18 to 20 years of age), the research integrated two theoretical traditions: attachment theory and theory of planned behavior (TPB). The predictive contribution of both theories was examined in the context of underage adult alcohol use. Using full structural equation modeling, results substantiated the hypotheses that secure peer attachment positively predicted norms and behavioral control toward alcohol, but secure maternal attachment inversely predicted attitudes and behavioral control toward alcohol. Alcohol attitudes, norms, and behavioral control each uniquely explained alcohol intentions, which anticipated an increase in alcohol behavior 1 month later. The hypothesized processes were statistically corroborated by tests of indirect and total effects. These findings support recommendations for programs designed to curtail risky levels of underage drinking using the tenets of attachment theory and TPB. (PsycINFO Database Record (c) 2013 APA, all rights reserved).

Integrating quantum key distribution with classical communications in backbone fiber network.

PubMed

Mao, Yingqiu; Wang, Bi-Xiao; Zhao, Chunxu; Wang, Guangquan; Wang, Ruichun; Wang, Honghai; Zhou, Fei; Nie, Jimin; Chen, Qing; Zhao, Yong; Zhang, Qiang; Zhang, Jun; Chen, Teng-Yun; Pan, Jian-Wei

2018-03-05

Quantum key distribution (QKD) provides information-theoretic security based on the laws of quantum mechanics. The desire to reduce costs and increase robustness in real-world applications has motivated the study of coexistence between QKD and intense classical data traffic in a single fiber. Previous works on coexistence in metropolitan areas have used wavelength-division multiplexing, however, coexistence in backbone fiber networks remains a great experimental challenge, as Tbps data of up to 20 dBm optical power is transferred, and much more noise is generated for QKD. Here we present for the first time, to the best of our knowledge, the integration of QKD with a commercial backbone network of 3.6 Tbps classical data at 21 dBm launch power over 66 km fiber. With 20 GHz pass-band filtering and large effective core area fibers, real-time secure key rates can reach 4.5 kbps and 5.1 kbps for co-propagation and counter-propagation at the maximum launch power, respectively. This demonstrates feasibility and represents an important step towards building a quantum network that coexists with the current backbone fiber infrastructure of classical communications.

Decentralized State Estimation and Remedial Control Action for Minimum Wind Curtailment Using Distributed Computing Platform

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Ren; Srivastava, Anurag K.; Bakken, David E.

Intermittency of wind energy poses a great challenge for power system operation and control. Wind curtailment might be necessary at the certain operating condition to keep the line flow within the limit. Remedial Action Scheme (RAS) offers quick control action mechanism to keep reliability and security of the power system operation with high wind energy integration. In this paper, a new RAS is developed to maximize the wind energy integration without compromising the security and reliability of the power system based on specific utility requirements. A new Distributed Linear State Estimation (DLSE) is also developed to provide the fast andmore » accurate input data for the proposed RAS. A distributed computational architecture is designed to guarantee the robustness of the cyber system to support RAS and DLSE implementation. The proposed RAS and DLSE is validated using the modified IEEE-118 Bus system. Simulation results demonstrate the satisfactory performance of the DLSE and the effectiveness of RAS. Real-time cyber-physical testbed has been utilized to validate the cyber-resiliency of the developed RAS against computational node failure.« less

Novel technology for enhanced security and trust in communication networks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz

2011-06-01

A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.

The Design Process of Physical Security as Applied to a U.S. Border Point of Entry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wagner, G.G.

1998-10-26

This paper describes the design process of physical security as applied to a U.S. Border Port of Entry (PoE). Included in this paper are descriptions of the elements that compose U.S. border security. The physical security design will describe the various elements that make up the process as well as the considerations that must be taken into account when dealing with system integration of those elements. The distinctions between preventing unlawful entry and exit of illegal contraband will be emphasized.

Reducing software security risk through an integrated approach

NASA Technical Reports Server (NTRS)

Gilliam, D.; Powell, J.; Kelly, J.; Bishop, M.

2001-01-01

The fourth quarter delivery, FY'01 for this RTOP is a Property-Based Testing (PBT), 'Tester's Assistant' (TA). The TA tool is to be used to check compiled and pre-compiled code for potential security weaknesses that could be exploited by hackers. The TA Instrumenter, implemented mostly in C++ (with a small part in Java), parsels two types of files: Java and TASPEC. Security properties to be checked are written in TASPEC. The Instrumenter is used in conjunction with the Tester's Assistant Specification (TASpec)execution monitor to verify the security properties of a given program.

Design and Implementation of a Secure Modbus Protocol

NASA Astrophysics Data System (ADS)

Fovino, Igor Nai; Carcano, Andrea; Masera, Marcelo; Trombetta, Alberto

The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.

U29: commercial vehicle secure network for safety and mobility applications final report.

DOT National Transportation Integrated Search

2011-09-01

The main objective of this project is to develop a secure, reliable, high throughput and integrated wireless network for Vehicle-To-Vehicle (V2V), Vehicle-To-Infrastructure (V2I) and intra-vehicle communications. Novel techniques and communication pr...

Fighting Fire with Fire.

ERIC Educational Resources Information Center

Spoor, Dana L.

1996-01-01

School districts are integrating security and life-safety systems into school buildings to protect students and property. This proactive approach includes sprinkler systems, fire alarms, and security systems that monitor door movement. Some school districts that are incorporating the latest life-safety technology are in Missouri, Ohio, California,…

Visual identification system for homeland security and law enforcement support

NASA Astrophysics Data System (ADS)

Samuel, Todd J.; Edwards, Don; Knopf, Michael

2005-05-01

This paper describes the basic configuration for a visual identification system (VIS) for Homeland Security and law enforcement support. Security and law enforcement systems with an integrated VIS will accurately and rapidly provide identification of vehicles or containers that have entered, exited or passed through a specific monitoring location. The VIS system stores all images and makes them available for recall for approximately one week. Images of alarming vehicles will be archived indefinitely as part of the alarming vehicle"s or cargo container"s record. Depending on user needs, the digital imaging information will be provided electronically to the individual inspectors, supervisors, and/or control center at the customer"s office. The key components of the VIS are the high-resolution cameras that capture images of vehicles, lights, presence sensors, image cataloging software, and image recognition software. In addition to the cameras, the physical integration and network communications of the VIS components with the balance of the security system and client must be ensured.

Implementing a High-Assurance Smart-Card OS

NASA Astrophysics Data System (ADS)

Karger, Paul A.; Toll, David C.; Palmer, Elaine R.; McIntosh, Suzanne K.; Weber, Samuel; Edwards, Jonathan W.

Building a high-assurance, secure operating system for memory constrained systems, such as smart cards, introduces many challenges. The increasing power of smart cards has made their use feasible in applications such as electronic passports, military and public sector identification cards, and cell-phone based financial and entertainment applications. Such applications require a secure environment, which can only be provided with sufficient hardware and a secure operating system. We argue that smart cards pose additional security challenges when compared to traditional computer platforms. We discuss our design for a secure smart card operating system, named Caernarvon, and show that it addresses these challenges, which include secure application download, protection of cryptographic functions from malicious applications, resolution of covert channels, and assurance of both security and data integrity in the face of arbitrary power losses.

A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi; Wang, Chun-Cheng

2015-11-01

To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das's authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

Design and implementation of a secure workflow system based on PKI/PMI

NASA Astrophysics Data System (ADS)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

LANL Multiyear Strategy Performance Improvement (MYSPI), Fiscal Years 2017–2021

DOE Office of Scientific and Technical Information (OSTI.GOV)

Leasure, Craig Scott

2016-05-03

Los Alamos National Laboratory (LANL) protects the nation and the world using innovative science, technology, and engineering through an integrated approach that harnesses the strength of our people, capabilities, and operations. The Laboratory’s Strategic Plan and Purpose statement provide the framework for scientific excellence and operational excellence now and in the future. Our Strategic Plan and Purpose help position Los Alamos for continuing mission success that ensures the safety, security, and effectiveness of the nation’s deterrent; protects the nation from nuclear and emerging threats through our larger global security missions; provides energy security to the nation; and ensures that themore » nation’s scientific reputation and capabilities remain robust enough to assure our allies and deter our adversaries. Moreover, we use these principles and guidance to ensure that Los Alamos is successful in attracting, recruiting, and retaining the next generation of world-class talent, while creating an efficient, environmentally responsible workplace that provides our employees with access to modern scientific tools and resources. Using this guidance and its underlying principles, we are continuing to restore credibility and operational effectiveness to the Laboratory, deliver mission success and continuing scientific excellence, and protect our employees and the nation’s secrets.« less

LANL Multiyear Strategy Performance Improvement (MYSPI), Fiscal Years 2018-2022

DOE Office of Scientific and Technical Information (OSTI.GOV)

Leasure, Craig Scott

Los Alamos National Laboratory (LANL) protects the nation and the world using innovative science, technology, and engineering through an integrated approach that harnesses the strength of our people, capabilities, and operations. The Laboratory’s Strategic Plan and Purpose statement provide the framework for scientific excellence and operational excellence now and in the future. Our Strategic Plan and Purpose help position Los Alamos for continuing mission success that ensures the safety, security, and effectiveness of the nation’s deterrent; protects the nation from nuclear and emerging threats through our larger global security missions; provides energy security to the nation; and ensures that themore » nation’s scientific reputation and capabilities remain robust enough to assure our allies and deter our adversaries. Moreover, we use these principles and guidance to ensure that Los Alamos is successful in attracting, recruiting, and retaining the next generation of excellent talent, while creating an efficient, environmentally responsible workplace that provides our employees with access to modern scientific tools and resources. Using this guidance and its underlying principles, we are continuing to restore credibility and operational effectiveness to the Laboratory, deliver mission success and continuing scientific excellence, and protect our employees and the nation’s secrets.« less

Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Landine, Guy P.; Craig, Philip A.

Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the needmore » to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.« less

Climate, migration, and the local food security context: Introducing Terra Populus

PubMed Central

Schlak, Allison M.; Kugler, Tracy A.

2016-01-01

Studies investigating the connection between environmental factors and migration are difficult to execute because they require the integration of microdata and spatial information. In this article, we introduce the novel, publically available data extraction system Terra Populus (TerraPop), which was designed to facilitate population-environment studies. We showcase the use of TerraPop by exploring variations in the climate-migration association in Burkina Faso and Senegal based on differences in the local food security context. Food security was approximated using anthropometric indicators of child stunting and wasting derived from Demographic and Health Surveys (DHS) and linked to the TerraPop extract of climate and migration information. We find that an increase in heat waves was associated with a decrease in international migration from Burkina Faso, while excessive precipitation increased international moves from Senegal. Significant interactions reveal that the adverse effects of heat waves and droughts are strongly amplified in highly food insecure Senegalese departments. PMID:27974863

Enhancing Nutrition Security via India's National Food Security Act: Using an Axe instead of a Scalpel?§

PubMed Central

Desai, Sonalde; Vanneman, Reeve

2016-01-01

In September 2013, India passed a historic National Food Security Act. This paper examines the potential impact of the two central pillars of this act - expansion of the Public Distribution System and strengthening of the Integrated Child Development Schemes – on child nutrition. Using new data from the India Human Development Survey of 2011-12, this paper shows that access to subsidized grains via PDS is not related to improved child nutrition, and while ICDS seems to be related to lower child undernutrition, it has a limited reach in spite of the universalization of the program. The paper suggests that a tiered strategy in dealing with child undernutrition that starts with the identification of undernourished children and districts and follows through with different strategies for dealing with severe, acute malnutrition, followed by a focus on moderate malnutrition, could be more effective than the existing focus on cereal distribution rooted in the NFSA. PMID:27034596

J-PAKE: Authenticated Key Exchange without PKI

NASA Astrophysics Data System (ADS)

Hao, Feng; Ryan, Peter

Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

Attachment, self-esteem, worldviews, and terror management: evidence for a tripartite security system.

PubMed

Hart, Joshua; Shaver, Phillip R; Goldenberg, Jamie L

2005-06-01

On the basis of prior work integrating attachment theory and terror management theory, the authors propose a model of a tripartite security system consisting of dynamically interrelated attachment, self-esteem, and worldview processes. Four studies are presented that, combined with existing evidence, support the prediction derived from the model that threats to one component of the security system result in compensatory defensive activation of other components. Further, the authors predicted and found that individual differences in attachment style moderate the defenses. In Studies 1 and 2, attachment threats motivated worldview defense among anxiously attached participants and motivated self-enhancement (especially among avoidant participants), effects similar to those caused by mortality salience. In Studies 3 and 4, a worldview threat and a self-esteem threat caused attachment-related proximity seeking among fearful participants and avoidance of proximity among dismissing participants. The authors' model provides an overarching framework within which to study attachment, self-esteem, and worldviews.

A Novel Image Steganography Technique for Secured Online Transaction Using DWT and Visual Cryptography

NASA Astrophysics Data System (ADS)

Anitha Devi, M. D.; ShivaKumar, K. B.

2017-08-01

Online payment eco system is the main target especially for cyber frauds. Therefore end to end encryption is very much needed in order to maintain the integrity of secret information related to transactions carried online. With access to payment related sensitive information, which enables lot of money transactions every day, the payment infrastructure is a major target for hackers. The proposed system highlights, an ideal approach for secure online transaction for fund transfer with a unique combination of visual cryptography and Haar based discrete wavelet transform steganography technique. This combination of data hiding technique reduces the amount of information shared between consumer and online merchant needed for successful online transaction along with providing enhanced security to customer’s account details and thereby increasing customer’s confidence preventing “Identity theft” and “Phishing”. To evaluate the effectiveness of proposed algorithm Root mean square error, Peak signal to noise ratio have been used as evaluation parameters

Toward Improving Electrocardiogram (ECG) Biometric Verification using Mobile Sensors: A Two-Stage Classifier Approach

PubMed Central

Tan, Robin; Perkowski, Marek

2017-01-01

Electrocardiogram (ECG) signals sensed from mobile devices pertain the potential for biometric identity recognition applicable in remote access control systems where enhanced data security is demanding. In this study, we propose a new algorithm that consists of a two-stage classifier combining random forest and wavelet distance measure through a probabilistic threshold schema, to improve the effectiveness and robustness of a biometric recognition system using ECG data acquired from a biosensor integrated into mobile devices. The proposed algorithm is evaluated using a mixed dataset from 184 subjects under different health conditions. The proposed two-stage classifier achieves a total of 99.52% subject verification accuracy, better than the 98.33% accuracy from random forest alone and 96.31% accuracy from wavelet distance measure algorithm alone. These results demonstrate the superiority of the proposed algorithm for biometric identification, hence supporting its practicality in areas such as cloud data security, cyber-security or remote healthcare systems. PMID:28230745

Toward Improving Electrocardiogram (ECG) Biometric Verification using Mobile Sensors: A Two-Stage Classifier Approach.

PubMed

Tan, Robin; Perkowski, Marek

2017-02-20

Electrocardiogram (ECG) signals sensed from mobile devices pertain the potential for biometric identity recognition applicable in remote access control systems where enhanced data security is demanding. In this study, we propose a new algorithm that consists of a two-stage classifier combining random forest and wavelet distance measure through a probabilistic threshold schema, to improve the effectiveness and robustness of a biometric recognition system using ECG data acquired from a biosensor integrated into mobile devices. The proposed algorithm is evaluated using a mixed dataset from 184 subjects under different health conditions. The proposed two-stage classifier achieves a total of 99.52% subject verification accuracy, better than the 98.33% accuracy from random forest alone and 96.31% accuracy from wavelet distance measure algorithm alone. These results demonstrate the superiority of the proposed algorithm for biometric identification, hence supporting its practicality in areas such as cloud data security, cyber-security or remote healthcare systems.

Electric Power Infrastructure Reliability and Security (EPIRS) Reseach and Development Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rick Meeker; L. Baldwin; Steinar Dale

2010-03-31

Power systems have become increasingly complex and face unprecedented challenges posed by population growth, climate change, national security issues, foreign energy dependence and an aging power infrastructure. Increased demand combined with increased economic and environmental constraints is forcing state, regional and national power grids to expand supply without the large safety and stability margins in generation and transmission capacity that have been the rule in the past. Deregulation, distributed generation, natural and man-made catastrophes and other causes serve to further challenge and complicate management of the electric power grid. To meet the challenges of the 21st century while also maintainingmore » system reliability, the electric power grid must effectively integrate new and advanced technologies both in the actual equipment for energy conversion, transfer and use, and in the command, control, and communication systems by which effective and efficient operation of the system is orchestrated - in essence, the 'smart grid'. This evolution calls for advances in development, integration, analysis, and deployment approaches that ultimately seek to take into account, every step of the way, the dynamic behavior of the system, capturing critical effects due to interdependencies and interaction. This approach is necessary to better mitigate the risk of blackouts and other disruptions and to improve the flexibility and capacity of the grid. Building on prior Navy and Department of Energy investments in infrastructure and resources for electric power systems research, testing, modeling, and simulation at the Florida State University (FSU) Center for Advanced Power Systems (CAPS), this project has continued an initiative aimed at assuring reliable and secure grid operation through a more complete understanding and characterization of some of the key technologies that will be important in a modern electric system, while also fulfilling an education and outreach mission to provide future energy workforce talent and support the electric system stakeholder community. Building upon and extending portions of that research effort, this project has been focused in the following areas: (1) Building high-fidelity integrated power and controls hardware-in-the-loop research and development testbed capabilities (Figure 1). (2) Distributed Energy Resources Integration - (a) Testing Requirements and Methods for Fault Current Limiters, (b) Contributions to the Development of IEEE 1547.7, (c) Analysis of a STATCOM Application for Wind Resource Integration, (d) Development of a Grid-Interactive Inverter with Energy Storage Elements, (e) Simulation-Assisted Advancement of Microgrid Understanding and Applications; (3) Availability of High-Fidelity Dynamic Simulation Tools for Grid Disturbance Investigations; (4) HTS Material Characterization - (a) AC Loss Studies on High Temperature Superconductors, (b) Local Identification of Current-Limiting Mechanisms in Coated Conductors; (5) Cryogenic Dielectric Research; and (6) Workshops, education, and outreach.« less

Civil-Military Integration: The Politics of Outsourcing National Security

ERIC Educational Resources Information Center

Lavallee, Tara M.

2010-01-01

The post 9/11 environment has been characterized by domestic policy actors being incorporated into a globalizing defense industrial sector through the concept of civil-military integration. From administration to administration, the push for increased civil-military integration has spread beyond its original boundaries and has reached the…

Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

PubMed

Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

2015-08-01

Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

The Security Email Based on Smart Card

NASA Astrophysics Data System (ADS)

Lina, Zhang; Jiang, Meng Hai.

Email has become one of the most important communication tools in modern internet society, and its security is an important issue that can't be ignored. The security requirements of Email can be summarized as confidentiality, integrity, authentication and non-repudiation. Recently many researches on IBE (identify based encrypt) have been carried out to solve these security problems. However, because of IBE's fatal flaws and great advantages of PKI (Public Key Infrastructure), PKI is found to be still irreplaceable especially in the applications based on smart card. In this paper, a construction of security Email is presented, then the design of relatively cryptography algorithms and the configuration of certificates are elaborated, and finally the security for the proposed system is discussed.

Evaluating the effect of integrated microfinance and health interventions: an updated review of the evidence.

PubMed

Lorenzetti, Lara M J; Leatherman, Sheila; Flax, Valerie L

2017-06-01

Solutions delivered within firm sectoral boundaries are inadequate in achieving income security and better health for poor populations. Integrated microfinance and health interventions leverage networks of women to promote financial inclusion, build livelihoods, and safeguard against high cost illnesses. Our understanding of the effect of integrated interventions has been limited by variability in intervention, outcome, design, and methodological rigour. This systematic review synthesises the literature through 2015 to understand the effect of integrated microfinance and health programs. We searched PubMed, Scopus, Embase, EconLit, and Global Health databases and sourced bibliographies, identifying 964 articles exclusive of duplicates. Title, abstract, and full text review yielded 35 articles. Articles evaluated the effect of intentionally integrated microfinance and health programs on client outcomes. We rated the quality of evidence for each article. Most interventions combined microfinance with health education, which demonstrated positive effects on health knowledge and behaviours, though not health status. Among programs that integrated microfinance with other health components ( i.e. health micro-insurance, linkages to health providers, and access to health products), results were generally positive but mixed due to the smaller number and quality of studies. Interventions combining multiple health components in a given study demonstrated positive effects, though it was unclear which component was driving the effect. Most articles (57%) were moderate in quality. Integrated microfinance and health education programs were effective, though longer intervention periods are necessary to measure more complex pathways to health status. The effect of microfinance combined with other health components was less clear. Stronger randomized research designs with multiple study arms are required to improve evidence and disentangle the effects of multiple component microfinance and health interventions. Few studies attempted to understand changes in economic outcomes, limiting our understanding of the relationship between health and income effects. © The Author 2017. Published by Oxford University Press in association with The London School of Hygiene and Tropical Medicine. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com

Flexible Energy Scheduling Tool for Integrating Variable Generation | Grid

Science.gov Websites

, security-constrained economic dispatch, and automatic generation control programs. DOWNLOAD PAPER Electric commitment, security-constrained economic dispatch, and automatic generation control sub-models. Each sub resolutions and operating strategies can be explored. FESTIV produces not only economic metrics but also

49 CFR 228.203 - Program components.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Program components. (a) System security. The integrity of the program and database must be protected by a security system that utilizes an employee identification number and password, or a comparable method, to... system to pre-populate fields of the hours of service record provided that— (A) The recordkeeping system...

22 CFR 1507.7 - Contents of records systems.

Code of Federal Regulations, 2010 CFR

2010-04-01

... physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm..., access controls, retention, and disposal of the record; (6) The title and business address of the...

38 CFR 1.602 - Utilization of access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... individual and organization will comply with all security requirements VBA deems necessary to ensure the integrity and confidentiality of the data and VBA's automated computer systems. (b) An organization granted... regular, adequate training on proper security, including the items listed in § 1.603(a). Where an...

38 CFR 1.602 - Utilization of access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... individual and organization will comply with all security requirements VBA deems necessary to ensure the integrity and confidentiality of the data and VBA's automated computer systems. (b) An organization granted... regular, adequate training on proper security, including the items listed in § 1.603(a). Where an...

38 CFR 1.602 - Utilization of access.

Code of Federal Regulations, 2014 CFR

2014-07-01

... individual and organization will comply with all security requirements VBA deems necessary to ensure the integrity and confidentiality of the data and VBA's automated computer systems. (b) An organization granted... regular, adequate training on proper security, including the items listed in § 1.603(a). Where an...

38 CFR 1.602 - Utilization of access.

Code of Federal Regulations, 2012 CFR

2012-07-01

... individual and organization will comply with all security requirements VBA deems necessary to ensure the integrity and confidentiality of the data and VBA's automated computer systems. (b) An organization granted... regular, adequate training on proper security, including the items listed in § 1.603(a). Where an...

Indirect effect of management support on users' compliance behaviour towards information security policies.

PubMed

Humaidi, Norshima; Balakrishnan, Vimala

2018-01-01

Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management-user values and the nature of compliance towards ISPs among selected health professionals, this study has made a unique contribution to the literature.

Supplemental irrigation as an initiative to support water and food security: A global evaluation of the potential to support and increase precipitation-fed wheat production

NASA Astrophysics Data System (ADS)

Smilovic, M.; Gleeson, T. P.; Adamowski, J. F.; Langhorn, C.; Kienzle, S. W.

2016-12-01

Supplemental irrigation is the practice of supporting precipitation-fed agriculture with limited irrigation. Precipitation-fed agriculture dominates the agricultural landscape, but is vulnerable to intraseasonal and interannual variability in precipitation and climate. The interplay between food security, water resources, ecosystem health, energy, and livelihoods necessitates evaluating and integrating initiatives that increase agricultural production while reducing demands on water resources. Supplemental irrigation is the practice of minimally irrigating in an effort to stabilize and increase agricultural production, as well as increase water productivity - the amount of crop produced per unit of water. The potential of supplemental irrigation to support both water and food security has yet to be evaluated at regional and global scales. We evaluate whether supplemental irrigation could stabilize and increase agricultural production of wheat by determining locally-calibrated water use-crop yield relationships, known as crop-water production functions. Crop-water production functions are functions of seasonal water use and crop yield, and previous efforts have largely ignored the effects of the temporal distribution of water use throughout the growing season. We significantly improve upon these efforts and provide an opportunity to evaluate supplemental irrigation that appropriately acknowledges the effects of irrigation scheduling. Integrating agroclimatic and crop data with the crop-water model Aquacrop, we determine the increases in wheat production achieved by maximizing water productivity, sharing limited water between different years, and other irrigation scenarios. The methodology presented and evaluation of supplemental irrigation provides water mangers, policy makers, governments, and non-governmental organizations the tools to appropriately understand and determine the potential of this initiative to support precipitation-fed agriculture.

Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Water Security

NASA Technical Reports Server (NTRS)

Hakimdavar, Raha; Wood, Danielle; Eylander, John; Peters-Lidard, Christa; Smith, Jane; Doorn, Brad; Green, David; Hummel, Corey; Moore, Thomas C.

2018-01-01

River basins for which transboundary coordination and governance is a factor are of concern to US national security, yet there is often a lack of sufficient data-driven information available at the needed time horizons to inform transboundary water decision-making for the intelligence, defense, and foreign policy communities. To address this need, a two-day workshop entitled Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Global Water Security was held in August 2017 in Maryland. The committee that organized and convened the workshop (the Organizing Committee) included representatives from the National Aeronautics and Space Administration (NASA), the US Army Corps of Engineers Engineer Research and Development Center (ERDC), and the US Air Force. The primary goal of the workshop was to advance knowledge on the current US Government and partners' technical information needs and gaps to support national security interests in relation to transboundary water. The workshop also aimed to identify avenues for greater communication and collaboration among the scientific, intelligence, defense, and foreign policy communities. The discussion around transboundary water was considered in the context of the greater global water challenges facing US national security.

An ethernet/IP security review with intrusion detection applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Laughter, S. A.; Williams, R. D.

2006-07-01

Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IPmore » networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)« less

Design, Development and Utilization Perspectives on Database Management Systems

ERIC Educational Resources Information Center

Shneiderman, Ben

1977-01-01

This paper reviews the historical development of integrated data base management systems and examines competing approaches. Topics include management and utilization, implementation and design, query languages, security, integrity, privacy and concurrency. (Author/KP)

Measuring Global Water Security Towards Sustainable Development Goals

NASA Technical Reports Server (NTRS)

Gain, Animesh K.; Giupponi, Carlo; Wada, Yoshihide

2016-01-01

Water plays an important role in underpinning equitable, stable and productive societies and ecosystems. Hence, United Nations recognized ensuring water security as one (Goal 6) of the seventeen sustainable development goals (SDGs). Many international river basins are likely to experience 'low water security' over the coming decades. Water security is rooted not only in the physical availability of freshwater resources relative to water demand, but also on social and economic factors (e.g. sound water planning and management approaches, institutional capacity to provide water services, sustainable economic policies). Until recently, advanced tools and methods are available for the assessment of water scarcity. However, quantitative and integrated-physical and socio-economic-approaches for spatial analysis of water security at global level are not available yet. In this study, we present a spatial multi-criteria analysis framework to provide a global assessment of water security. The selected indicators are based on Goal 6 of SDGs. The term 'security' is conceptualized as a function of 'availability', 'accessibility to services', 'safety and quality', and 'management'. The proposed global water security index (GWSI) is calculated by aggregating indicator values on a pixel-by-pixel basis, using the ordered weighted average method, which allows for the exploration of the sensitivity of final maps to different attitudes of hypothetical policy makers. Our assessment suggests that countries of Africa, South Asia and Middle East experience very low water security. Other areas of high water scarcity, such as some parts of United States, Australia and Southern Europe, show better GWSI values, due to good performance of management, safety and quality, and accessibility. The GWSI maps show the areas of the world in which integrated strategies are needed to achieve water related targets of the SDGs particularly in the African and Asian continents.

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

The Dynamic Community of Interest and Its Realization in ZODIAC

DTIC Science & Technology

2009-10-01

the ZODIAC project. ZODIAC is a network architecture that puts security first and foremost, with security broken down into confidentiality, integrity...hosts, a unified solution for MANETs will work for hosts or routers as well. DYNAMIC COMMUNITIES OF INTEREST The basis of the ZODIAC design is a new dis...narrow scope of each DCoI limits attack propagation, and supports confidentiality ABSTRACT The ZODIAC project has been exploring a security first

Leveraging Trade Agreements to Meet U.S. Security Aims

DTIC Science & Technology

2016-04-08

TO MEET U.S. SECURITY AIMS 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Sd. PROJECT NUMBER LTC Allysa A. Kropp (USARNG) Se. TASK NUMBER 5f...Sanctions Programs and Country Information,” under “Resource Center, Financial Sanctions, Programs ,” https’.//wwiv.treasurv.gov/resource center/sanctions... Program , and economic integration of former adversaries through U.S. trade policy.7 In the National Security Strategy, President Obama underscored the

Emergency Support Function 15: Communication Synchronization during Defense Support of Civil Authorities Operations

DTIC Science & Technology

2015-06-12

Security Strategy to integrate government security agency participation for increased national security.33 Morris , Morris , and Jones posit ICA occurs...New National Strategy Takes Whole-of-Government Approach,” American Forces Press Services (Washington, DC: DoD News, 2010), 1. 34 John C. Morris ...Elizabeth D. Morris , and Dale M. Jones, “Reaching for the Philosopher’s Stone: Contingent Coordination and the Military’s Response to Hurricane Katrina

Remodeling: A Way to Strengthen the Department of Homeland Security Internal Management and Partnering Capability

DTIC Science & Technology

2013-05-24

Secretary of Homeland Security also has the responsibility for establishing International Security Cooperation with the countries of Canada and Mexico ...and goals”84 to improve its culture and morale issues. However, further study is required to determine ways to: de -conflict the overlap of...National Preparedness Description is one of the requirements for Presidental Policy Directive-8. 55 the Joint Staff integrates internal and external

The Impact on Quality of Service When Using Security-Enabling Filters to Provide for the Security of Run-Time Virtual Environments

DTIC Science & Technology

2002-09-01

Secure Multicast......................................................................24 i. Message Digests and Message Authentication Codes ( MACs ...that is, the needs of the VE will determine what the design will look like (e.g., reliable vs . unreliable data communications). In general, there...Molva00] and [Abdalla00]. i. Message Digests and Message Authentication Codes ( MACs ) Message digests and MACs are used for data integrity verification

Plasmonic rack-and-pinion gear with chiral metasurface

NASA Astrophysics Data System (ADS)

Gorodetski, Yuri; Karabchevsky, Alina

2016-04-01

The effect of circularly polarized beaming excited by traveling surface plasmons, via chiral metasurface is experimentally studied. Here we show that the propagation direction of the plasmonic wave, evanescently excited on the thin gold film affects the handedness of the scattered beam polarization. Nanostructured metasurface leads to excitation of localized plasmonic modes whose relative spatial orientation induces overall spin-orbit interaction. This effect is analogical to the rack-and-pinion gear: the rotational motion into the linear motion converter. From the practical point of view, the observed effect can be utilized in integrated optical circuits for communication systems, cyber security and sensing.

A GIS-based decision support system for regional eco-security assessment and its application on the Tibetan Plateau.

PubMed

Xiaodan, Wang; Xianghao, Zhong; Pan, Gao

2010-10-01

Regional eco-security assessment is an intricate, challenging task. In previous studies, the integration of eco-environmental models and geographical information systems (GIS) usually takes two approaches: loose coupling and tight coupling. However, the present study used a full coupling approach to develop a GIS-based regional eco-security assessment decision support system (ESDSS). This was achieved by merging the pressure-state-response (PSR) model and the analytic hierarchy process (AHP) into ArcGIS 9 as a dynamic link library (DLL) using ArcObjects in ArcGIS and Visual Basic for Applications. Such an approach makes it easy to capitalize on the GIS visualization and spatial analysis functions, thereby significantly supporting the dynamic estimation of regional eco-security. A case study is presented for the Tibetan Plateau, known as the world's "third pole" after the Arctic and Antarctic. Results verified the usefulness and feasibility of the developed method. As a useful tool, the ESDSS can also help local managers to make scientifically-based and effective decisions about Tibetan eco-environmental protection and land use. Copyright (c) 2010 Elsevier Ltd. All rights reserved.