Report: EPA’s Information Security Program Is Established, but Improvements Are Needed to Strengthen Its Processes

EPA Pesticide Factsheets

Report #18-P-0031, October 30, 2017. Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

76 FR 82314 - Agency Information Collection Activities: Small Vessel Reporting System

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-30

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Security. ACTION: 30-Day notice and request for comments; Establishment of a new collection of information. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security will be...

76 FR 30150 - Establishment of a New System of Records for Personal Information Collected by the Environmental...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... the entire information system with respect to computer security, prohibition and detection of any.... Safeguards: --Computer-stored information is protected in accordance with the Agency's security requirements..., loaner car agreement, cash incentives agreement (includes social security number for mandatory tax...

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

Department of Veterans Affairs' Implementation of Information Security Education Assistance Program. GAO-10-170R

ERIC Educational Resources Information Center

Wilshusen, Gregory C.; Melvin, Valerie C.

2009-01-01

The Veterans Benefits, Health Care, and Information Technology Act of 2006 authorizes the Secretary of Veterans Affairs to establish an educational assistance program for information security. The Information Security Education Assistance Program is envisioned as a means for the Department of Veterans Affairs (VA) to attract and retain individuals…

32 CFR 2700.14 - Challenges to classification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... NEGOTIATIONS SECURITY INFORMATION REGULATIONS Original Classification § 2700.14 Challenges to classification. If holders of classified information believe the information is improperly or unnecessarily... the OMSN Information Security Oversight Committee, established pursuant to § 2700.51. Action on such...

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

49 CFR 806.2 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.2 Applicability. This rule supplements Executive Order 12065 within the Board with regard to national security information. It establishes general policies and certain procedures for the classification and declassification of information...

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... reports; or (B) Blind data, such as payment history on accounts that are not personally identifiable, that... technology, the sensitivity of your customer information, internal or external threats to information, and... Information Technology Examination Handbook, Information Security Booklet, Dec. 2002 available at http://www...

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2013 CFR

2013-01-01

... dated February 14, 1984. (2) An established “need-to-know” for the matter (See Definitions, § 95.5). (3... 10 Energy 2 2013-01-01 2013-01-01 false Access to matter classified as National Security... Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2014 CFR

2014-01-01

... dated February 14, 1984. (2) An established “need-to-know” for the matter (See Definitions, § 95.5). (3... 10 Energy 2 2014-01-01 2014-01-01 false Access to matter classified as National Security... Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Information Assurance and Cyber Defence (Assurance de l’information et cyberdefense)

DTIC Science & Technology

2010-11-01

project is that knowledge exchange in a timely fashion is highly significant. Authentication and Authorisation of Users and Services in Federated...Detection, Protection and Countermeasures; • Security Models and Architectures; • Security Policies, Evaluation, Authorisation and Access Control; and...Evaluation, Authorisation and Access Control • Network and Information Security Awareness The topics for the symposium had been established

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-07-01

... physical security requirements for the protection of personal information and ensure that such requirements... NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The... Associate Director for Human Resources Services or designee shall: (1) Establish the physical security...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

32 CFR 2001.42 - Standards for security equipment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION... Administration (GSA) shall, in coordination with agency heads originating classified information, establish and publish uniform standards, specifications, qualified product lists or databases, and supply schedules for...

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

78 FR 34161 - Proposed Collection: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-06

... Time Deposits. PD F 4144-1--Account Information for U.S. Treasury Securities State and Local Government.... Abstract: The information is requested to establish and maintain accounts for the owners of securities of... agencies to take this opportunity to comment on proposed and/or continuing information collections, as...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

.... You shall: 1. Design your information security program to control the identified risks, commensurate... Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board G... information does not include: (A) Aggregate information, such as the mean credit score, derived from a group...

Understanding Information Security Culture in an Organization: An Interpretive Case Study

ERIC Educational Resources Information Center

Bess, Donald Arlo

2012-01-01

Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information…

A bill to establish the Small Business Information Security Task Force to address information security concerns relating to credit card data and other proprietary information.

THOMAS, 111th Congress

Sen. Snowe, Olympia J. [R-ME

2009-05-19

Senate - 05/19/2009 Read twice and referred to the Committee on Small Business and Entrepreneurship. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

78 FR 16520 - Agency Information Collection Activities: Application To Establish a Centralized Examination Station

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Protection, Department of Homeland Security. ACTION: 30-Day notice and request for comments; Extension of an existing information collection: 1651-0061. SUMMARY: U.S. Customs and Border Protection (CBP) of the...

76 FR 15368 - Minimum Security Devices and Procedures

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-21

... DEPARTMENT OF THE TREASURY Office of Thrift Supervision Minimum Security Devices and Procedures... concerning the following information collection. Title of Proposal: Minimum Security Devices and Procedures... establish a written security program is necessitated by the Bank Protection Act (12 U.S.C. 1881-1884), which...

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2011 CFR

2011-07-01

... ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Security Education and Training § 2001.71 Coverage. (a) General. Each department or agency shall establish and maintain a formal security education and training program which provides for initial training, refresher training...

75 FR 30893 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-02

... persons will be able to make changes to such information through their submission accounts established in... information for investors and would further enhance transparency in the municipal securities market. RBDA... information is expected to be provided.\\20\\ The MSRB stated that investors and other market participants would...

Development of an Internet Security Policy for health care establishments.

PubMed

Ilioudis, C; Pangalos, G

2000-01-01

The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

17 CFR 200.504 - Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Classification and Declassification of National Security... chairmanship of the Executive Director, with the following responsibilities: (a) Establish a security education...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... must establish and implement privacy and security standards that are consistent with the following...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

Matching food security analysis to context: the experience of the Somalia food security assessment unit.

PubMed

Hemrich, Günter

2005-06-01

This case study reviews the experience of the Somalia Food Security Assessment Unit (FSAU) of operating a food security information system in the context of a complex emergency. In particular, it explores the linkages between selected features of the protracted crisis environment in Somalia and conceptual and operational aspects of food security information work. The paper specifically examines the implications of context characteristics for the establishment and operations of the FSAU field monitoring component and for the interface with information users and their diverse information needs. It also analyses the scope for linking food security and nutrition analysis and looks at the role of conflict and gender analysis in food security assessment work. Background data on the food security situation in Somalia and an overview of some key features of the FSAU set the scene for the case study. The paper is targeted at those involved in designing, operating and funding food security information activities.

10 CFR 25.5 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... establish an industrial security program for the purpose of safeguarding classified information under the... Agent for the National Industrial Security Program. Commission means the Nuclear Regulatory Commission... designated by the Executive Director for Operations, is eligible for a security clearance for access to...

75 FR 68849 - Privacy Act of 1974: System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-09

... processing of personal information is conducted within established FAA computer security regulations. A risk... SECURITY CLASSIFICATION: Sensitive, unclassified SYSTEM LOCATION: Federal Aviation Administration (FAA... Enforcement Centers of the Drug Abatement Division; Office of Security and Hazardous Materials; Flight...

14 CFR 1203a.102 - Establishment, maintenance, and revocation of security areas.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Establishment, maintenance, and revocation of security areas. 1203a.102 Section 1203a.102 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE... persons either to: (i) Obtain knowledge of classified information, (ii) Damage or remove property, or to...

14 CFR 1203a.102 - Establishment, maintenance, and revocation of security areas.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Establishment, maintenance, and revocation of security areas. 1203a.102 Section 1203a.102 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE... persons either to: (i) Obtain knowledge of classified information, (ii) Damage or remove property, or to...

77 FR 14572 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-12

... disseminating information products to purchasers. B. Self-Regulatory Organization's Statement on Burden on...-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of Proposed Rule Change Consisting of Establishment of a Subscription to Historical Information and Documents Submitted to the MSRB's...

77 FR 26061 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-02

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of Proposed Rule Change Consisting of Establishment of a Subscription to Historical Information and Documents Submitted to... historical information and documents submitted to the MSRB's Short-Term Obligation Rate Transparency System...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

14 CFR 1203a.101 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.101 Definitions. For the purpose of this part, the following definitions apply: (a) Security area. A physically defined area, established for the protection or security of facilities, property, or classfied information...

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Understand the Big Picture So You Can Plan for Network Security

ERIC Educational Resources Information Center

Cervone, Frank

2005-01-01

This article discusses network security for libraries. It indicates that there were only six exploit (security exposure) problems, worldwide, reported to the CERT Coordination Center back in 1988. In that year, the CERT had just been established to provide a clearinghouse for exchanging information about network security problems. By 2003, the…

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2009-05-27

technology network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional...A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .65 As part of its integration...information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-10

...; Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity Reporting... Environment Suspicious Activity Reporting Initiative System of Records'' and this proposed rulemaking. In this... establish a new DHS system of records titled, ``DHS/ALL-031 Information Sharing Environment (ISE) Suspicious...

78 FR 2416 - Agency Information Collection Activities: Application To Establish a Centralized Examination Station

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-11

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Protection, Department of Homeland Security. ACTION: 60-Day notice and request for comments; Extension of an...: Direct all written comments to U.S. Customs and Border Protection, Attn: Tracey Denning, Office of...

Session Initiation Protocol Network Encryption Device Plain Text Domain Discovery Service

DTIC Science & Technology

2007-12-07

MONITOR’S REPORT NUMBER(S) 12. DISTRIBUTION / AVAILABILITY STATEMENT 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: a...such as the TACLANE, have developed unique discovery methods to establish Plain Text Domain (PTD) Security Associations (SA). All of these techniques...can include network and host Internet Protocol (IP) addresses, Information System Security Office (ISSO) point of contact information and PTD status

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

75 FR 2053 - Establishment of the Council of Governors

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-14

... with the Secretary of Defense; the Secretary of Homeland Security; the Assistant to the President for... Public Engagement; the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs... by the Secretary of Defense or the Secretary of Homeland Security. Such views, information, or advice...

78 FR 69527 - Proposed Information Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... Identification Number (PTIN) will have a social security number, which will be used to help establish their identity. However, paid preparers that are nonresident aliens and cannot get a social security number will...: 55,900. Title: PTIN Supplemental Application For Foreign Persons Without a Social Security Number...

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2010-03-19

network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional Fusion Center...of reports; the I&A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .73 As part of its...comprehensive information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

77 FR 5747 - Security Zones, Seattle's Seafair Fleet Week Moving Vessels, Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... establishment of security zones. We seek any comments or information that may lead to the discovery of a... This proposed rule would call for no new collection of information under the Paperwork Reduction Act of..., design, or operation; test methods; sampling procedures; and related management systems practices) that...

76 FR 6596 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

.... The Food Security Act of 1985 permits the states to establish ``central filing systems.'' These... in section 1324 of the Food Security Act of 1985. The information received from the State is... responsibility for the Clear Title Program (Section 1324 of the Food Security Act of 1985. Clear Title Program...

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

PubMed Central

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

2015-01-01

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements. PMID:25599627

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

PubMed

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan; Sunyaev, Ali

2015-01-19

Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. We assessed apps available in English and offered in the categories "Medical" and "Health & Fitness" in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.

76 FR 51048 - Notice of Submission of Proposed Information Collection to OMB Ginnie Mae Mortgage-Backed...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-17

...-Backed Securities programs and to monitor performance and compliance with established rules and... issuers/customers in its Mortgage-Backed Securities programs and to monitor performance and compliance...

Developing measures of food and nutrition security within an Australian context.

PubMed

Archer, Claire; Gallegos, Danielle; McKechnie, Rebecca

2017-10-01

To develop a measure of food and nutrition security for use among an Australian population that measures all pillars of food security and to establish its content validity. The study consisted of two phases. Phase 1 involved focus groups with experts working in the area of food security. Data were assessed using content analysis and results informed the development of a draft tool. Phase 2 consisted of a series of three online surveys using the Delphi technique. Findings from each survey were used to establish content validity and progressively modify the tool until consensus was reached for all items. Australia. Phase 1 focus groups involved twenty-five experts working in the field of food security, who were attending the Dietitians Association of Australia National Conference, 2013. Phase 2 included twenty-five experts working in food security, who were recruited via email. Findings from Phase 1 supported the need for an Australian-specific tool and highlighted the failure of current tools to measure across all pillars of food security. Participants encouraged the inclusion of items to measure barriers to food acquisition and the previous single item to enable comparisons with previous data. Phase 2 findings informed the selection and modification of items for inclusion in the final tool. The results led to the development of a draft tool to measure food and nutrition security, and supported its content validity. Further research is needed to validate the tool among the Australian population and to establish inter- and intra-rater reliability.

Arrangement on the Recognition of Common Criteria Certificates In the Field of Information Technology Security

DTIC Science & Technology

2000-05-01

Security Establishment from Canada and Ministry of Finance from Finland and Service Central de la Sécurité des Systèmes d’Information from France and...Nazionale per la Sicurezza CESIS III Reparto - UCSi from Italy and Ministry of the Interior and Kingdom Relations from The Netherlands and Page 3 of...39 HQ Defence Command Norway/Security Division from Norway and Ministerio de Administraciones Públicas from Spain and Communications-Electronics

76 FR 21373 - Privacy Act of 1974; Report of a New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-15

... Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... established by State law; (3) support litigation involving the Agency; (4) combat fraud, waste, and abuse in...

76 FR 58007 - Privacy Act of 1974; Report of a New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-19

... Social Security Act (the Act). The system of records will contain personally identifiable information... and Medicaid Innovation, Centers for Medicare & Medicaid Services, 7500 Security Boulevard, Mailstop... Social Security Act (the Act) (42 U.S.C. 1395 et seq.) by adding new section 1899 to the Act to establish...

A Network Centric Warfare (NCW) Compliance Process for Australian Defence

DTIC Science & Technology

2006-08-01

discovery and access by a wide range of authorised Defence users. The information could be used to simplify future NCW Compliance Assessments by re-using...Security standards 1. General Security Services - General Table 5.1 2. General Security services - Authentication Table 5.2 3. General Security...Personnel Positions in an authorised establishment must be filled by individuals who satisfy the necessary individual readiness requirements

75 FR 33701 - Security Zone; Escorted U.S. Navy Submarines in Sector Honolulu Captain of the Port Zone

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... information about the vessel or persons on board, whether they pose a threat to the submarine. The security...-AA87 Security Zone; Escorted U.S. Navy Submarines in Sector Honolulu Captain of the Port Zone AGENCY... establishing a moving security zone around all U.S. Navy submarines that are operating in the Sector Honolulu...

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

3 CFR - Classified Information and Controlled Unclassified Information

Code of Federal Regulations, 2010 CFR

2010-01-01

... declassification of information in the electronic environment, as recommended by the Commission on the Intelligence... need in recent years to enhance national security by establishing an information sharing environment... information within the information sharing environment. In the absence of a single, comprehensive framework...

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

NASA Technical Reports Server (NTRS)

Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

2012-01-01

This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

78 FR 73202 - Review and Revision of the National Critical Infrastructure Security and Resilience (NCISR...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-05

...This Request for Information (RFI) notice informs the public that the Department of Homeland Security's (DHS) Science and Technology Directorate (S&T) is currently developing a National Critical Infrastructure Security and Resilience Research and Development Plan (NCISR R&D Plan) to conform to the requirements of Presidential Policy Directive 21, Critical Infrastructure Security and Resilience. As part of a comprehensive national review process, DHS solicits public comment on issues or language in the NCISR R&D Plan that need to be included. Critical infrastructure includes both cyber and physical components, systems, and networks for the sixteen established ``critical infrastructures''.

77 FR 24748 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Order Granting...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... establish a real-time market data set for disseminated Asset-Backed Security transaction information (``ABS Data Set'') and to amend Rule 7730(d) to establish a historic data set for such information (``Historic ABS Data Set'').\\16\\ The provisions of Rule 7730 that currently apply to the two existing real-time...

Methodology development for quantitative optimization of security enhancement in medical information systems -Case study in a PACS and a multi-institutional radiotherapy database-.

PubMed

Haneda, Kiyofumi; Umeda, Tokuo; Koyama, Tadashi; Harauchi, Hajime; Inamura, Kiyonari

2002-01-01

The target of our study is to establish the methodology for analyzing level of security requirements, for searching suitable security measures and for optimizing security distribution to every portion of medical practice. Quantitative expression must be introduced to our study as possible for the purpose of easy follow up of security procedures and easy evaluation of security outcomes or results. Results of system analysis by fault tree analysis (FTA) clarified that subdivided system elements in detail contribute to much more accurate analysis. Such subdivided composition factors very much depended on behavior of staff, interactive terminal devices, kinds of service, and routes of network. As conclusion, we found the methods to analyze levels of security requirements for each medical information systems employing FTA, basic events for each composition factor and combination of basic events. Methods for searching suitable security measures were found. Namely risk factors for each basic event, number of elements for each composition factor and candidates of security measure elements were found. Method to optimize the security measures for each medical information system was proposed. Namely optimum distribution of risk factors in terms of basic events were figured out, and comparison of them between each medical information systems became possible.

[Assessment on ecological security spatial differences of west areas of Liaohe River based on GIS].

PubMed

Wang, Geng; Wu, Wei

2005-09-01

Ecological security assessment and early warning research have spatiality; non-linearity; randomicity, it is needed to deal with much spatial information. Spatial analysis and data management are advantages of GIS, it can define distribution trend and spatial relations of environmental factors, and show ecological security pattern graphically. The paper discusses the method of ecological security spatial differences of west areas of Liaohe River based on GIS and ecosystem non-health. First, studying on pressure-state-response (P-S-R) assessment indicators system, investigating in person and gathering information; Second, digitizing the river, applying fuzzy AHP to put weight, quantizing and calculating by fuzzy comparing; Last, establishing grid data-base; expounding spatial differences of ecological security by GIS Interpolate and Assembly.

Safe teleradiology: information assurance as project planning methodology

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2003-05-01

This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.

Unconditional security of time-energy entanglement quantum key distribution using dual-basis interferometry.

PubMed

Zhang, Zheshen; Mower, Jacob; Englund, Dirk; Wong, Franco N C; Shapiro, Jeffrey H

2014-03-28

High-dimensional quantum key distribution (HDQKD) offers the possibility of high secure-key rate with high photon-information efficiency. We consider HDQKD based on the time-energy entanglement produced by spontaneous parametric down-conversion and show that it is secure against collective attacks. Its security rests upon visibility data-obtained from Franson and conjugate-Franson interferometers-that probe photon-pair frequency correlations and arrival-time correlations. From these measurements, an upper bound can be established on the eavesdropper's Holevo information by translating the Gaussian-state security analysis for continuous-variable quantum key distribution so that it applies to our protocol. We show that visibility data from just the Franson interferometer provides a weaker, but nonetheless useful, secure-key rate lower bound. To handle multiple-pair emissions, we incorporate the decoy-state approach into our protocol. Our results show that over a 200-km transmission distance in optical fiber, time-energy entanglement HDQKD could permit a 700-bit/sec secure-key rate and a photon information efficiency of 2 secure-key bits per photon coincidence in the key-generation phase using receivers with a 15% system efficiency.

75 FR 54662 - Privacy Act of 1974: Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-08

..., Chief Privacy Officer, Office of Information Technology, 202-551-7209. In the Federal Register of August... SECURITIES AND EXCHANGE COMMISSION [Release No. PA-44A; File No. S7-17-10] Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice to establish systems of...

78 FR 21661 - Self-Regulatory Organizations; Miami International Securities Exchange LLC; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-11

...-Regulatory Organizations; Miami International Securities Exchange LLC; Notice of Filing and Immediate Effectiveness of a Proposed Rule Change To Establish an Administrative Information Subscriber (AIS) and AIS Port...-Regulatory Organization's Statement of the Terms of Substance of the Proposed Rule Change The Exchange is...

Cryptographic Research and NSA: Report of the Public Cryptography Study Group.

ERIC Educational Resources Information Center

Davida, George I.

1981-01-01

The Public Cryptography Study Group accepted the claim made by the National Security Agency that some information in some publications concerning cryptology could be inimical to national security, and is allowing the establishment of a voluntary mechanism, on an experimental basis, for NSA to review cryptology manuscripts. (MLW)

A Goal VPN Protection Profile for Protecting Sensitive Information

DTIC Science & Technology

2000-07-10

security for the systems in which they are used. Nothing could be further from the truth . There are no perfect security solutions, and no...establishment/termination, failures, and errors); • provide for directly connected (local hard -wire connection) and remote (over the network) interfaces... the TOERU is left unattended procedures such as media encryption or secure storage of the hard drive, will be used to insure the protection of stored

A Framework for Resilient Remote Monitoring

DTIC Science & Technology

2014-08-01

of low-level observables are availa- ble, audited , and recorded. This establishes the need for a re- mote monitoring framework that can integrate with...Security, WS-Policy, SAML, XML Signature, and XML Encryption. Pearson Higher Education, 2004. [3] OMG, “Common Secure Interoperability Protocol...www.darpa.mil/Our_Work/I2O/Programs/Integrated_Cyb er_Analysis_System_%28ICAS%29.aspx. [8] D. Miller and B. Pearson , Security information and event man

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

49 CFR 89.29 - Disclosure to commercial credit bureaus and consumer reporting agencies.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... (b) The information that may be disclosed is the debtor's name, address, social security number or taxpayer identification number, and any other information to establish the identity and location of the...

A New Approach To Secure Federated Information Bases Using Agent Technology.

ERIC Educational Resources Information Center

Weippi, Edgar; Klug, Ludwig; Essmayr, Wolfgang

2003-01-01

Discusses database agents which can be used to establish federated information bases by integrating heterogeneous databases. Highlights include characteristics of federated information bases, including incompatible database management systems, schemata, and frequently changing context; software agent technology; Java agents; system architecture;…

Informing Food Protection Education: A Project to Define and Classify Resources for a Cross-Disciplinary Expert Community

ERIC Educational Resources Information Center

Schenck-Hamlin, Donna; Pierquet, Jennifer; McClellan, Chuck

2011-01-01

In the wake of the September 2001 attacks, the U.S. government founded the Department of Homeland Security (DHS) with responsibility to develop a National Infrastructure Protection Plan for securing critical infrastructures and key resources. DHS established interdisciplinary networks of academic expertise administered through Centers of…

An Analysis of China’s Information Technology Strategies and their Implication for US National Security

DTIC Science & Technology

2006-06-01

environment of Web-enabled database searches, online shopping , e-business, and daily credit-card use, which are very common in the United States. Cyberspace...establishing credibility for data exchange such as online shopping . Present regulations stipulate that security chips used by the Chinese government and

Server-Controlled Identity-Based Authenticated Key Exchange

NASA Astrophysics Data System (ADS)

Guo, Hua; Mu, Yi; Zhang, Xiyong; Li, Zhoujun

We present a threshold identity-based authenticated key exchange protocol that can be applied to an authenticated server-controlled gateway-user key exchange. The objective is to allow a user and a gateway to establish a shared session key with the permission of the back-end servers, while the back-end servers cannot obtain any information about the established session key. Our protocol has potential applications in strong access control of confidential resources. In particular, our protocol possesses the semantic security and demonstrates several highly-desirable security properties such as key privacy and transparency. We prove the security of the protocol based on the Bilinear Diffie-Hellman assumption in the random oracle model.

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means. b. Access... records storage facilities to permit access only to authorized individuals; c. Encryption of electronic...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means. b. Access... records storage facilities to permit access only to authorized individuals; c. Encryption of electronic...

Complex method to calculate objective assessments of information systems protection to improve expert assessments reliability

NASA Astrophysics Data System (ADS)

Abdenov, A. Zh; Trushin, V. A.; Abdenova, G. A.

2018-01-01

The paper considers the questions of filling the relevant SIEM nodes based on calculations of objective assessments in order to improve the reliability of subjective expert assessments. The proposed methodology is necessary for the most accurate security risk assessment of information systems. This technique is also intended for the purpose of establishing real-time operational information protection in the enterprise information systems. Risk calculations are based on objective estimates of the adverse events implementation probabilities, predictions of the damage magnitude from information security violations. Calculations of objective assessments are necessary to increase the reliability of the proposed expert assessments.

Identifying a National Death Index Match

PubMed Central

Burchett, Bruce M.; Blazer, Dan G.

2009-01-01

Data from the National Death Index (NDI) are frequently used to determine survival status in epidemiologic or clinical studies. On the basis of selected information submitted by the investigator, NDI returns a file containing a set of candidate matches. Although NDI deems some matches as perfect, multiple candidate matches may be available for other cases. Working across data from the Duke University site of the Established Populations for Epidemiologic Studies of the Elderly (EPESE), NDI, and the Social Security Death Index (SSDI), the authors found that, for this Established Populations for Epidemiologic Studies of the Elderly cohort of 1,896 cases born before 1922 and alive as of January 1, 1999, a match on Social Security number plus additional personal information (specific combinations of last name, first name, month of birth, day of birth) resulted in agreement between NDI and Social Security Death Index dates of death 94.7% of the time, while comparable agreement was found for only 12.3% of candidate decedents who did not have the required combination of information. Thus, an easy to apply algorithm facilitates accurate identification of NDI matches. PMID:19567777

E-Commerce and Security Governance in Developing Countries

NASA Astrophysics Data System (ADS)

Sanayei, Ali.; Rajabion, Lila

Security is very often mentioned as one of the preconditions for the faster growth of e-commerce. Without a secure and reliable internet, customer will continue to be reluctant to provide confidential information online, such as credit card number. Moreover, organizations of all types and sizes around the world rely heavily on technologies of electronic commerce (e-commerce) for conducting their day-to-day business transaction. Providing organizations with a secure e-commerce environment is a major issue and challenging one especially in Middle Eastern countries. Without secure e-commerce, it is almost impossible to take advantage of the opportunities offered by e-commerce technologies. E-commerce can create opportunities for small entrepreneurs in Middle Eastern countries. This requires removing infrastructure blockages in telecommunications and logistics alongside the governance of e-commerce with policies on consumer protection, security of transactions, privacy of records and intellectual property. In this paper, we will explore the legal implications of e-commerce security governance by establishing who is responsible for ensuring compliance with this discipline, demonstrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline. Our main focus will be on analyzing the importance and implication of e-commerce security governance in developing countries.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... charge of the branch or agency. b. Consumer information means any record about an individual, whether in... personally identify an individual. i. Examples: (1) Consumer information includes: (A) A consumer report that...) information from a consumer report that the bank obtains about an individual who applies for but does not...

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... charge of the branch or agency. b. Consumer information means any record about an individual, whether in... personally identify an individual. i. Examples: (1) Consumer information includes: (A) A consumer report that...) information from a consumer report that the bank obtains about an individual who applies for but does not...

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... charge of the branch or agency. b. Consumer information means any record about an individual, whether in... personally identify an individual. i. Examples: (1) Consumer information includes: (A) A consumer report that...) information from a consumer report that the bank obtains about an individual who applies for but does not...

Secure quantum communication using classical correlated channel

NASA Astrophysics Data System (ADS)

Costa, D.; de Almeida, N. G.; Villas-Boas, C. J.

2016-10-01

We propose a secure protocol to send quantum information from one part to another without a quantum channel. In our protocol, which resembles quantum teleportation, a sender (Alice) and a receiver (Bob) share classical correlated states instead of EPR ones, with Alice performing measurements in two different bases and then communicating her results to Bob through a classical channel. Our secure quantum communication protocol requires the same amount of classical bits as the standard quantum teleportation protocol. In our scheme, as in the usual quantum teleportation protocol, once the classical channel is established in a secure way, a spy (Eve) will never be able to recover the information of the unknown quantum state, even if she is aware of Alice's measurement results. Security, advantages, and limitations of our protocol are discussed and compared with the standard quantum teleportation protocol.

Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems.

PubMed

Lee, Tian-Fu

2014-12-01

Telecare medicine information systems provide a communicating platform for accessing remote medical resources through public networks, and help health care workers and medical personnel to rapidly making correct clinical decisions and treatments. An authentication scheme for data exchange in telecare medicine information systems enables legal users in hospitals and medical institutes to establish a secure channel and exchange electronic medical records or electronic health records securely and efficiently. This investigation develops an efficient and secure verified-based three-party authentication scheme by using extended chaotic maps for data exchange in telecare medicine information systems. The proposed scheme does not require server's public keys and avoids time-consuming modular exponential computations and scalar multiplications on elliptic curve used in previous related approaches. Additionally, the proposed scheme is proven secure in the random oracle model, and realizes the lower bounds of messages and rounds in communications. Compared to related verified-based approaches, the proposed scheme not only possesses higher security, but also has lower computational cost and fewer transmissions. Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.

78 FR 24273 - Self-Regulatory Organizations; International Securities Exchange, LLC; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-24

... Exchange shall establish and maintain procedures and internal controls reasonably designed to adequately... controls designed to protect confidential and proprietary information, which should help ensure that the... that are reasonably designed to prevent trade-throughs and establish, maintain and enforce written...

32 CFR 2700.41 - General restrictions on access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... NEGOTIATIONS SECURITY INFORMATION REGULATIONS Safeguarding § 2700.41 General restrictions on access. (a) Determination of need-to-know. Classified information shall be made available to a person only when the possessor of the classified information establishes in each instance, except as provided in section 4-3 of E...

78 FR 56234 - Multi-Agency Informational Meeting Concerning Compliance with the Select Agent Regulations...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... Informational Meeting Concerning Compliance with the Select Agent Regulations; Public Webcast AGENCY: Centers... purpose of the webcast is to provide guidance related to the select agent regulations established under... Justice Information Services. Changes to Section 11(Security) of the select agent regulations including...

9 CFR 204.1 - Introduction.

Code of Federal Regulations, 2011 CFR

2011-01-01

... STOCKYARDS PROGRAMS), DEPARTMENT OF AGRICULTURE ORGANIZATION AND FUNCTIONS Public Information § 204.1...) hereby describes its central and field organization; indicates the established places at which, and methods whereby, the public may secure information; directs attention to the general course and method by...

9 CFR 204.1 - Introduction.

Code of Federal Regulations, 2013 CFR

2013-01-01

... STOCKYARDS PROGRAMS), DEPARTMENT OF AGRICULTURE ORGANIZATION AND FUNCTIONS Public Information § 204.1...) hereby describes its central and field organization; indicates the established places at which, and methods whereby, the public may secure information; directs attention to the general course and method by...

9 CFR 204.1 - Introduction.

Code of Federal Regulations, 2014 CFR

2014-01-01

... STOCKYARDS PROGRAMS), DEPARTMENT OF AGRICULTURE ORGANIZATION AND FUNCTIONS Public Information § 204.1...) hereby describes its central and field organization; indicates the established places at which, and methods whereby, the public may secure information; directs attention to the general course and method by...

9 CFR 204.1 - Introduction.

Code of Federal Regulations, 2012 CFR

2012-01-01

... STOCKYARDS PROGRAMS), DEPARTMENT OF AGRICULTURE ORGANIZATION AND FUNCTIONS Public Information § 204.1...) hereby describes its central and field organization; indicates the established places at which, and methods whereby, the public may secure information; directs attention to the general course and method by...

9 CFR 204.1 - Introduction.

Code of Federal Regulations, 2010 CFR

2010-01-01

... STOCKYARDS PROGRAMS), DEPARTMENT OF AGRICULTURE ORGANIZATION AND FUNCTIONS Public Information § 204.1...) hereby describes its central and field organization; indicates the established places at which, and methods whereby, the public may secure information; directs attention to the general course and method by...

77 FR 40371 - Agency Information Collection Activities: Submission for Review; Information Collection Extension...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-09

... Community of Practice (FRCoP): User Registration Page (DHS Form 10059 (9/09)). The FRCoP web based tool... Security Act of 2002 (PL 107-296) established this requirement. This notice and request for comments is...

A systematic approach for analysis and design of secure health information systems.

PubMed

Blobel, B; Roger-France, F

2001-06-01

A toolset using object-oriented techniques including the nowadays popular unified modelling language (UML) approach has been developed to facilitate the different users' views for security analysis and design of health care information systems. Paradigm and concepts used are based on the component architecture of information systems and on a general layered security model. The toolset was developed in 1996/1997 within the ISHTAR project funded by the European Commission as well as through international standardisation activities. Analysing and systematising real health care scenarios, only six and nine use case types could be found in the health and the security-related view, respectively. By combining these use case types, the analysis and design of any thinkable system architecture can be simplified significantly. Based on generic schemes, the environment needed for both communication and application security can be established by appropriate sets of security services and mechanisms. Because of the importance and the basic character of electronic health care record (EHCR) systems, the understanding of the approach is facilitated by (incomplete) examples for this application.

75 FR 63192 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

... programs, security threat assessments (STA), known shipper data via the Known Shipper Management System... baggage, and other articles, that will be carried aboard a passenger aircraft; and (2) to establish a system to screen, inspect, report, or otherwise ensure the security of all cargo that is to be...

42 CFR 401.126 - Information or records that are not available.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... Pursuant to paragraph (b) of 5 U.S.C. 552, certain classes of records are exempt from disclosure. For some... matter to be withheld: (1) Reports described in sections 1106 (d) and (e) of the Social Security Act... of the health programs established by titles XVIII and XIX of the Social Security Act (Medicare and...

22 CFR 5.2 - Central and field organization, established places at which, the officers from whom, and the...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 22 Foreign Relations 1 2012-04-01 2012-04-01 false Central and field organization, established places at which, the officers from whom, and the methods whereby the public may secure information, make... ORGANIZATION § 5.2 Central and field organization, established places at which, the officers from whom, and the...

22 CFR 5.2 - Central and field organization, established places at which, the officers from whom, and the...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Central and field organization, established places at which, the officers from whom, and the methods whereby the public may secure information, make... ORGANIZATION § 5.2 Central and field organization, established places at which, the officers from whom, and the...

22 CFR 5.2 - Central and field organization, established places at which, the officers from whom, and the...

Code of Federal Regulations, 2013 CFR

2013-04-01

... 22 Foreign Relations 1 2013-04-01 2013-04-01 false Central and field organization, established places at which, the officers from whom, and the methods whereby the public may secure information, make... ORGANIZATION § 5.2 Central and field organization, established places at which, the officers from whom, and the...

22 CFR 5.2 - Central and field organization, established places at which, the officers from whom, and the...

Code of Federal Regulations, 2014 CFR

2014-04-01

... 22 Foreign Relations 1 2014-04-01 2014-04-01 false Central and field organization, established places at which, the officers from whom, and the methods whereby the public may secure information, make... ORGANIZATION § 5.2 Central and field organization, established places at which, the officers from whom, and the...

Establishing and Maintaining a Writing Center in the Junior or Community College.

ERIC Educational Resources Information Center

Olson, Gary A.

Practical information and advice are presented on l6 considerations in the establishment of a campus writing center. First, six concerns related to planning are discussed: obtaining administrative and departmental support; securing funds from various internal and external sources; obtaining furniture, supplies, and instructional materials;…

78 FR 45256 - Intent To Request Approval From OMB of One New Public Collection of Information: TSA Pre✓TM

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-26

...-begins . TSA seeks to establish enrollment sites and implement a mobile enrollment capability. Those... by submitting biographic information and paying the fee using a secure web portal (or by money order...

Understanding the Value of a Computer Emergency Response Capability for Nuclear Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gasper, Peter Donald; Rodriguez, Julio Gallardo

The international nuclear community has a great understanding of the physical security needs relating to the prevention, detection, and response of malicious acts associated with nuclear facilities and radioactive material. International Atomic Energy Agency (IAEA) Nuclear Security Recommendations (INFCIRC_225_Rev 5) outlines specific guidelines and recommendations for implementing and maintaining an organization’s nuclear security posture. An important element for inclusion into supporting revision 5 is the establishment of a “Cyber Emergency Response Team (CERT)” focused on the international communities cybersecurity needs to maintain a comprehensive nuclear security posture. Cybersecurity and the importance of nuclear cybersecurity require that there be a specificmore » focus on developing an International Nuclear CERT (NS-CERT). States establishing contingency plans should have an understanding of the cyber threat landscape and the potential impacts to systems in place to protect and mitigate malicious activities. This paper will outline the necessary components, discuss the relationships needed within the international community, and outline a process by which the NS-CERT identifies, collects, processes, and reports critical information in order to establish situational awareness (SA) and support decision-making« less

Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment.

PubMed

Das, Ashok Kumar; Wazid, Mohammad; Kumar, Neeraj; Khan, Muhammad Khurram; Choo, Kim-Kwang Raymond; Park, YoungHo

2017-09-18

Wearable devices are used in various applications to collect information including step information, sleeping cycles, workout statistics, and health related information. Due to the nature and richness of the data collected by such devices, it is important to ensure the security of the collected data. This paper presents a new lightweight authentication scheme suitable for wearable device deployment. The scheme allows a user to mutually authenticate his/her wearable device(s) and the mobile terminal (e.g., Android and iOS device) and establish a session key among these devices (worn and carried by the same user) for secure communication between the wearable device and the mobile terminal. The security of the proposed scheme is then demonstrated through the broadly-accepted Real-Or-Random model, as well as using the popular formal security verification tool, known as the Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, we present a comparative summary of the proposed scheme in terms of the overheads such as computation and communication costs, security and functionality features of the proposed scheme and related schemes, and also the evaluation findings from the NS2 simulation.

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... arrangements in place to control risks. C. Manage and Control Risk. You shall: 1. Design your information... Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board G... include: (A) Aggregate information, such as the mean credit score, derived from a group of consumer...

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... arrangements in place to control risks. C. Manage and Control Risk. You shall: 1. Design your information... Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board G... include: (A) Aggregate information, such as the mean credit score, derived from a group of consumer...

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... arrangements in place to control risks. C. Manage and Control Risk. You shall: 1. Design your information... Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board G... include: (A) Aggregate information, such as the mean credit score, derived from a group of consumer...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... branch or agency. b. Consumer information means any record about an individual, whether in paper... an individual. i. Examples. (1) Consumer information includes: (A) A consumer report that a bank... consumer report that the bank obtains about an individual who applies for but does not receive a loan...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... branch or agency. b. Consumer information means any record about an individual, whether in paper... an individual. i. Examples. (1) Consumer information includes: (A) A consumer report that a bank... consumer report that the bank obtains about an individual who applies for but does not receive a loan...

Security of a single-state semi-quantum key distribution protocol

NASA Astrophysics Data System (ADS)

Zhang, Wei; Qiu, Daowen; Mateus, Paulo

2018-06-01

Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some "classical" or "semi-quantum" operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.

An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2014-06-01

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

Workshop on Education in Computer Security (WECS6) (6th): Avoiding Fear, Uncertainty and Doubt Through Effective Security Education, Held in Monterey, California on 12-16 July 2004

DTIC Science & Technology

2004-07-01

Melissa ) is created in the controlled environment and propagated. The students learn how viruses are written, how they are propagated via mediums like...vulnerabilities and threats, establishing disaster response and recovery procedures. Joseph Giordano , Technical Advisor, Information Warfare Branch, AFRL 60 The

Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report

DTIC Science & Technology

2011-08-24

REPORT Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: The...goal of this program is to establish a fundamental information-theoretic understand of quantum secure communication and to devise a practical...scalable implementation of quantum key distribution protocols in an integrated photonic architecture. We report our progress on experimental and

75 FR 44804 - Privacy Act of 1974; Notice of a New Privacy Act System of Records (SORN), Ginnie Mae Mortgage...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

...The Department proposes to establish a new Privacy Act SORN subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, entitled Ginnie Mae Mortgage-Backed Security Unclaimed Funds System. The new record system will be used to track unclaimed security holder payments. Such unclaimed payments are owed to certificate holders of Ginnie Mae-guaranteed mortgage-backed securities who cannot be located by the Ginnie Mae servicer. Ginnie Mae tracks this information to ensure that security holders are paid properly.

Collaborating to optimize nursing students' agency information technology use.

PubMed

Fetter, Marilyn S

2009-01-01

As the learning laboratory for gaining actual patient care experience, clinical agencies play an essential role in nursing education. With an information technology revolution transforming healthcare, nursing programs are eager for their students to learn the latest informatics systems and technologies. However, many healthcare institutions are struggling to meet their own information technology needs and report limited resources and other as barriers to nursing student training. In addition, nursing students' information technology access and use raise security and privacy concerns. With the goal of a fully electronic health record by 2014, it is imperative that agencies and educational programs collaborate. They need to establish educationally sound, cost-effective, and secure policies and procedures for managing students' use of information technology systems. Strategies for evaluating options, selecting training methods, and ensuring data security are shared, along with strategies that may reap clinical, economic, and educational benefits. Students' information technology use raises numerous issues that the nursing profession must address to participate in healthcare's transformation into the digital age.

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Simple group password-based authenticated key agreements for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Solis, John Hector

In this paper, we present a modular framework for constructing a secure and efficient program obfuscation scheme. Our approach, inspired by the obfuscation with respect to oracle machines model of [4], retains an interactive online protocol with an oracle, but relaxes the original computational and storage restrictions. We argue this is reasonable given the computational resources of modern personal devices. Furthermore, we relax the information-theoretic security requirement for computational security to utilize established cryptographic primitives. With this additional flexibility we are free to explore different cryptographic buildingblocks. Our approach combines authenticated encryption with private information retrieval to construct a securemore » program obfuscation framework. We give a formal specification of our framework, based on desired functionality and security properties, and provide an example instantiation. In particular, we implement AES in Galois/Counter Mode for authenticated encryption and the Gentry-Ramzan [13]constant communication-rate private information retrieval scheme. We present our implementation results and show that non-trivial sized programs can be realized, but scalability is quickly limited by computational overhead. Finally, we include a discussion on security considerations when instantiating specific modules.« less

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities.

PubMed

Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min; Yoo, Sooyoung

2012-06-01

The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another.

78 FR 31962 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-28

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-1066] Collection of Information... Labour Convention (MLC) Navigation and Vessel Inspection Circular (NVIC). The Coast Guard will publish a... Maritime Labour Convention, 2006. The Coast Guard plans to establish a voluntary inspection program for...

17 CFR 229.1002 - (Item 1002) Subject company information.

Code of Federal Regulations, 2013 CFR

2013-04-01

... person has more current information. (c) Trading market and price. Identify the principal market in which... in the principal market (or, if there is no principal market, the range of high and low bid... established trading market for the securities (except for limited or sporadic quotations), so state. (d...

17 CFR 229.1002 - (Item 1002) Subject company information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... person has more current information. (c) Trading market and price. Identify the principal market in which... in the principal market (or, if there is no principal market, the range of high and low bid... established trading market for the securities (except for limited or sporadic quotations), so state. (d...

17 CFR 229.1002 - (Item 1002) Subject company information.

Code of Federal Regulations, 2012 CFR

2012-04-01

... person has more current information. (c) Trading market and price. Identify the principal market in which... in the principal market (or, if there is no principal market, the range of high and low bid... established trading market for the securities (except for limited or sporadic quotations), so state. (d...

17 CFR 229.1002 - (Item 1002) Subject company information.

Code of Federal Regulations, 2010 CFR

2010-04-01

... person has more current information. (c) Trading market and price. Identify the principal market in which... in the principal market (or, if there is no principal market, the range of high and low bid... established trading market for the securities (except for limited or sporadic quotations), so state. (d...

17 CFR 229.1002 - (Item 1002) Subject company information.

Code of Federal Regulations, 2014 CFR

2014-04-01

... person has more current information. (c) Trading market and price. Identify the principal market in which... in the principal market (or, if there is no principal market, the range of high and low bid... established trading market for the securities (except for limited or sporadic quotations), so state. (d...

76 FR 72426 - Agency Information Collection Activities: Submission for Review; Information Collection Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-23

... (DHS), Science and Technology, Protected Repository for the Defense of Infrastructure Against Cyber... the Defense of Infrastructure against Cyber Threats (PREDICT) program, and is a revision of a... operational data for use in cyber security research and development through the establishment of distributed...

75 FR 23223 - Multi-Agency Informational Meeting Concerning Compliance With the Federal Select Agent Program...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

...] Multi-Agency Informational Meeting Concerning Compliance With the Federal Select Agent Program; Public... Select Agent Program established under the Public Health Security and Bioterrorism Preparedness and... Roberson, Veterinary Permit Examiner, APHIS Select Agent Program, VS, ASAP, APHIS, 4700 River Road Unit 2...

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

PubMed

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Policing men: militarised masculinity, youth livelihoods, and security in conflict-affected northern Uganda.

PubMed

Tapscott, Rebecca

2018-01-01

Relations between militaries and masculinities-and hegemonic masculinity and the state-are well-established in the literature on gender and development. However, there is less research on how militarised masculinities relate to state governance strategies. This paper, based on qualitative research conducted in northern Uganda between 2014 and 2017, offers a gender analysis of youths participating in informal security arrangements. Civilian male youths accept poorly paid or unpaid work in the informal security sector in the hope of gaining access to livelihoods that will enable them to fulfil masculine ideal-types. However, this arrangement denies them the resources necessary to achieve the ideal-type of civilian masculinity, as well as the state's military masculinity, which produces young men as subjects of the ruling regime. To reconfigure this relationship between civilian and militarised masculinities, one should understand informal security organisations in the context of alternative livelihood arrangements and take a long-term approach to the demilitarisation of the Ugandan state. © 2018 The Author(s). Disasters © Overseas Development Institute, 2018.

Security Techniques for the Electronic Health Records.

PubMed

Kruse, Clemens Scott; Smith, Brenna; Vanderlinden, Hannah; Nealand, Alexandra

2017-08-01

The privacy of patients and the security of their information is the most imperative barrier to entry when considering the adoption of electronic health records in the healthcare industry. Considering current legal regulations, this review seeks to analyze and discuss prominent security techniques for healthcare organizations seeking to adopt a secure electronic health records system. Additionally, the researchers sought to establish a foundation for further research for security in the healthcare industry. The researchers utilized the Texas State University Library to gain access to three online databases: PubMed (MEDLINE), CINAHL, and ProQuest Nursing and Allied Health Source. These sources were used to conduct searches on literature concerning security of electronic health records containing several inclusion and exclusion criteria. Researchers collected and analyzed 25 journals and reviews discussing security of electronic health records, 20 of which mentioned specific security methods and techniques. The most frequently mentioned security measures and techniques are categorized into three themes: administrative, physical, and technical safeguards. The sensitive nature of the information contained within electronic health records has prompted the need for advanced security techniques that are able to put these worries at ease. It is imperative for security techniques to cover the vast threats that are present across the three pillars of healthcare.

22 CFR 5.2 - Central and field organization, established places at which, the officers from whom, and the...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Central and field organization, established places at which, the officers from whom, and the methods whereby the public may secure information, make... functions are channeled and determined. 5.2 Section 5.2 Foreign Relations DEPARTMENT OF STATE GENERAL...

Security Economics and European Policy

NASA Astrophysics Data System (ADS)

Anderson, Ross; Böhme, Rainer; Clayton, Richard; Moor, Tyler

In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This paper presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.

SPECIAL PURPOSE IT DERAILED: UNINTENDED CONSEQUENCES OF UNIVERSAL IT LAWS AND POLICIES

DTIC Science & Technology

2017-10-26

Information Services Division ........................ 3 Figure 2: iNET Instrumentation Telemetry Ground Station...consolidate local Information Technology (IT) networks into an enterprise architecture to reduce costs and to increase security. Leadership coined this...IT network was established to link Air Force and contractor sites to seamlessly share program information . So when Air Force IT leadership tried to

Clinical audit of emergency unit before and after establishment of the emergency medicine department.

PubMed

Amini, Afshin; Dindoost, Payam; Moghimi, Mehrdad; Kariman, Hamid; Shahrami, Ali; Dolatabadi, Ali Arhami; Ali-Mohammadi, Hossein; Alavai-Moghaddam, Mostafa; Derakhshanfar, Hojjat; Hatamabadi, HamidReza; Heidari, Kamran; Alamdari, Shahram; Meibodi, Mohammad Kalantar; Shojaee, Majid; Foroozanfar, Mohammad Mehdi; Hashemi, Behrooz; Sabzeghaba, Anita; Kabir, Ali

2012-02-01

To assess the deficiencies and potential areas through a medical audit of the emergency departments, in six general hospitals affiliated to Shahid Beheshti University of Medical Sciences at Tehran, Iran, after preparing specific wards-based international standards. A checklist was completed for all hospitals which met our eligibility criteria mainly observation and interviews with head nurses and managers of the emergency medicine unit of the hospitals before (2003) and after (2008) the establishment of emergency departments there. Domains studied included staffing, education and continuing professional development (CPD), facility (design), equipment, ancillary services, medical records, manuals and references, research, administration, pre-hospital care, information systems, disaster planning, bench-marking and hospital accreditation. Education and CPD (p = 0.042), design and facility (p = 0.027), equipment (p = 0.028), and disaster (p = 0.026) had significantly improved after the establishment of emergency departments. Nearly all domains showed a positive change though it was non-significant in a few. In terms of observation, better improvement was seen in disaster, security, design, and research. According to the score for each domain compared to what it was in the earlier phase, better improvement was observed in hospital accreditation, information systems, security, disaster planning, and research. Security, disaster planning, research, design and facility had improved in hospitals that wave studied, while equipment, records, ancillary services, administration and bench-marking had the lowest improvement even after the establishment of emergency department, and, hence, needed specific attention.

The Double-System Architecture for Trusted OS

NASA Astrophysics Data System (ADS)

Zhao, Yong; Li, Yu; Zhan, Jing

With the development of computer science and technology, current secure operating systems failed to respond to many new security challenges. Trusted operating system (TOS) is proposed to try to solve these problems. However, there are no mature, unified architectures for the TOS yet, since most of them cannot make clear of the relationship between security mechanism and the trusted mechanism. Therefore, this paper proposes a double-system architecture (DSA) for the TOS to solve the problem. The DSA is composed of the Trusted System (TS) and the Security System (SS). We constructed the TS by establishing a trusted environment and realized related SS. Furthermore, we proposed the Trusted Information Channel (TIC) to protect the information flow between TS and SS. In a word, the double system architecture we proposed can provide reliable protection for the OS through the SS with the supports provided by the TS.

The enhancement of security in healthcare information systems.

PubMed

Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

2012-06-01

With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

75 FR 66101 - Agency Information Collection Request. 30-Day Public Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-27

... Medicaid Fraud Control Units' Reports--OMB No. 0990-0162-Extension--Office of Inspector General (OIG... collection of information to specifically comply with the requirements in Title 19 of the Social Security Act... Inspector General (OIG) by the fifty established State Medicaid Fraud Control Units (Units). OIG uses the...

78 FR 9098 - Self-Regulatory Organizations; Miami International Securities Exchange LLC; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-07

... executed contract for the MIAX Clearing Trade Drop (``CTD''), a messaging interface that will provide real... proposes to establish a new Port Fee for the MIAX CTD. CTD provides Exchange Members, their clearing firms... are routed to a CTD connection containing certain information. The information includes, among other...

Laboratory Information Management System Chain of Custody: Reliability and Security

PubMed Central

Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

2006-01-01

A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623

Secure alignment of coordinate systems using quantum correlation

NASA Astrophysics Data System (ADS)

Rezazadeh, F.; Mani, A.; Karimipour, V.

2017-08-01

We show that two parties far apart can use shared entangled states and classical communication to align their coordinate systems with a very high fidelity. Moreover, compared with previous methods proposed for such a task, i.e., sending parallel or antiparallel pairs or groups of spin states, our method has the extra advantages of using single-qubit measurements and also being secure, so that third parties do not extract any information about the aligned coordinate system established between the two parties. The latter property is important in many other quantum information protocols in which measurements inevitably play a significant role.

Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities

PubMed Central

Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min

2012-01-01

Objectives The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. Methods The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. Results From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. Conclusions This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another. PMID:22844648

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

Homeland Security 2002: Evolving the Homeland Defense Infrastructure. Executive Summary Report (Conference Proceedings June 25 - 26, 2002) Volume 1, No. 2)

DTIC Science & Technology

2002-09-01

ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER Egov 9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING...initiatives. The federal government has 55 databases that deal with security threats, but inter- agency access depends on establishing agreements through...which that information can be shared. True cooperation also will require government -wide commitment to enterprise architecture, integrated

HIPAA's Role in E-Mail Communications between Doctors and Patients: Privacy, Security, and Implications of the Bill

ERIC Educational Resources Information Center

Stephens, James H.; Parrillo, Anthony V.

2011-01-01

The confidentiality of a patient's information has been sacred since the days of Hippocrates, the Father of Medicine. Today, however, merely taking an oath to respect a patient's privacy has been overshadowed by regulations governing how certain healthcare establishments handle an individual's health information on the web. Consequently, if a…

12 CFR Appendix B to Subpart B of... - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... apply: a. Consumer information means any record about an individual, whether in paper, electronic, or... compilation of such records. The term does not include any record that does not identify an individual. i... report that you obtain about an individual who applies for but does not receive a loan, including any...

12 CFR Appendix B to Subpart B of... - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... apply: a. Consumer information means any record about an individual, whether in paper, electronic, or... compilation of such records. The term does not include any record that does not identify an individual. i... report that you obtain about an individual who applies for but does not receive a loan, including any...

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... apply: a. Consumer information means any record about an individual, whether in paper, electronic, or... compilation of such records. The term does not include any record that does not identify an individual. i... obtain about an individual who applies for but does not receive a loan, including any loan sought by an...

75 FR 4066 - Agency Information Collection Activities; Submission to OMB for Review and Approval; Comment...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-26

..., access the index listing of the contents of the docket, and to access those documents in the docket that... of the funding. The information is organized by programmatic goal and desired result, which aligns... organization is assigned a user ID and password. Security measures have been established to protect data that...

CERT Resilience Management Model, Version 1.0

DTIC Science & Technology

2010-05-01

practice such as ISO 27000 , COBIT, or ITIL. If you are a member of an established process improvement community, particularly one centered on CMMI...Systems Audit and Control Association ISO International Organization for Standardization ISSA Information Systems Security Association IT

78 FR 77135 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-20

... Security Act provides that a CAH may establish and operate a psychiatric or rehabilitation DPU. Each DPU... A, B, C, and D of part 482. Presently, 105 CAHs have rehabilitation or psychiatric DPUs. The burden...

18 CFR 3a.91 - Data index system.

Code of Federal Regulations, 2011 CFR

2011-04-01

.... A data index system shall be established for Top Secret, Secret, and Confidential information in selected categories prescribed by the Interagency Classification Review Committee, in accordance with section VII of the National Security Council Directive Governing the Classification, Downgrading...

Quantified Trust Levels for Authentication

NASA Astrophysics Data System (ADS)

Thomas, Ivonne; Menzel, Michael; Meinel, Christoph

Service-oriented Architectures (SOAs) facilitate applications to integrate seamlessly services from collaborating business partners regardless of organizational borders. In order to secure access to these services, mechanisms for authentication and authorisation must be deployed that control the access based on identity-related information. To enable a business partners’ users to access the provided services, an identity federation is often established that enables the brokering of identity information across organisational borders. The establishment of such a federation requires complex agreements and contracts that define common policies, obligations and procedures. Generally, this includes obligations on the authentication process as well.

The Safe and Effective Use of Shared Data Underpinned by Stakeholder Engagement and Evaluation Practice.

PubMed

Georgiou, Andrew; Magrabi, Farah; Hypponen, Hannele; Wong, Zoie Shui-Yee; Nykänen, Pirkko; Scott, Philip J; Ammenwerth, Elske; Rigby, Michael

2018-04-22

 The paper draws attention to: i) key considerations involving the confidentiality, privacy, and security of shared data; and ii) the requirements needed to build collaborative arrangements encompassing all stakeholders with the goal of ensuring safe, secure, and quality use of shared data.  A narrative review of existing research and policy approaches along with expert perspectives drawn from the International Medical Informatics Association (IMIA) Working Group on Technology Assessment and Quality Development in Health Care and the European Federation for Medical Informatics (EFMI) Working Group for Assessment of Health Information Systems.  The technological ability to merge, link, re-use, and exchange data has outpaced the establishment of policies, procedures, and processes to monitor the ethics and legality of shared use of data. Questions remain about how to guarantee the security of shared data, and how to establish and maintain public trust across large-scale shared data enterprises. This paper identifies the importance of data governance frameworks (incorporating engagement with all stakeholders) to underpin the management of the ethics and legality of shared data use. The paper also provides some key considerations for the establishment of national approaches and measures to monitor compliance with best practice. Data sharing endeavours can help to underpin new collaborative models of health care which provide shared information, engagement, and accountability amongst all stakeholders. We believe that commitment to rigorous evaluation and stakeholder engagement will be critical to delivering health data benefits and the establishment of collaborative models of health care into the future. Georg Thieme Verlag KG Stuttgart.

Cooperative Monitoring Center Occasional Paper/8: Cooperative Border Security for Jordan: Assessment and Options

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qojas, M.

1999-03-01

This document is an analysis of options for unilateral and cooperative action to improve the security of Jordan's borders. Sections describe the current political, economic, and social interactions along Jordan's borders. Next, the document discusses border security strategy for cooperation among neighboring countries and the adoption of confidence-building measures. A practical cooperative monitoring system would consist of hardware for early warning, command and control, communications, and transportation. Technical solutions can expand opportunities for the detection and identification of intruders. Sensors (such as seismic, break-wire, pressure-sensing, etc.) can warn border security forces of intrusion and contribute to the identification of themore » intrusion and help formulate the response. This document describes conceptual options for cooperation, offering three scenarios that relate to three hypothetical levels (low, medium, and high) of cooperation. Potential cooperative efforts under a low cooperation scenario could include information exchanges on military equipment and schedules to prevent misunderstandings and the establishment of protocols for handling emergency situations or unusual circumstances. Measures under a medium cooperation scenario could include establishing joint monitoring groups for better communications, with hot lines and scheduled meetings. The high cooperation scenario describes coordinated responses, joint border patrols, and sharing border intrusion information. Finally, the document lists recommendations for organizational, technical, and operational initiatives that could be applicable to the current situation.« less

Space Shuttle security policies and programs

NASA Astrophysics Data System (ADS)

Keith, E. L.

The Space Shuttle vehicle consists of the orbiter, external tank, and two solid rocket boosters. In dealing with security two major protective categories are considered, taking into account resource protection and information protection. A review is provided of four basic programs which have to be satisfied. Aspects of science and technology transfer are discussed. The restrictions for the transfer of science and technology information are covered under various NASA Management Instructions (NMI's). There were two major events which influenced the protection of sensitive and private information on the Space Shuttle program. The first event was a manned space flight accident, while the second was the enactment of a congressional bill to establish the rights of privacy. Attention is also given to national resource protection and national defense classified operations.

Space Shuttle security policies and programs

NASA Technical Reports Server (NTRS)

Keith, E. L.

1985-01-01

The Space Shuttle vehicle consists of the orbiter, external tank, and two solid rocket boosters. In dealing with security two major protective categories are considered, taking into account resource protection and information protection. A review is provided of four basic programs which have to be satisfied. Aspects of science and technology transfer are discussed. The restrictions for the transfer of science and technology information are covered under various NASA Management Instructions (NMI's). There were two major events which influenced the protection of sensitive and private information on the Space Shuttle program. The first event was a manned space flight accident, while the second was the enactment of a congressional bill to establish the rights of privacy. Attention is also given to national resource protection and national defense classified operations.

Finding the Funds for Health Resources.

ERIC Educational Resources Information Center

Osorio, Jenny; Marx, Eva; Bauer, Louise

2000-01-01

Identifying, securing, and sustaining funding are the greatest challenges to establishing and maintaining school health programs. A federal/state government alliance (the School Health Program Finance Project) provides funding information; foundations and businesses provide substantial financial support. Districts should employ resource mapping to…

Analysis of health professional security behaviors in a real clinical setting: an empirical study.

PubMed

Fernández-Alemán, José Luis; Sánchez-Henarejos, Ana; Toval, Ambrosio; Sánchez-García, Ana Belén; Hernández-Hernández, Isabel; Fernandez-Luque, Luis

2015-06-01

The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=0.085, P=0.254). Age was weakly correlated with good security practices (Pearson's r=-0.169, P=0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (U=2536, P=0.792, n=178). The results of the study suggest that more efforts are required to improve security education for health personnel. It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Thresholds of information leakage for speech security outside meeting rooms.

PubMed

Robinson, Matthew; Hopkins, Carl; Worrall, Ken; Jackson, Tim

2014-09-01

This paper describes an approach to provide speech security outside meeting rooms where a covert listener might attempt to extract confidential information. Decision-based experiments are used to establish a relationship between an objective measurement of the Speech Transmission Index (STI) and a subjective assessment relating to the threshold of information leakage. This threshold is defined for a specific percentage of English words that are identifiable with a maximum safe vocal effort (e.g., "normal" speech) used by the meeting participants. The results demonstrate that it is possible to quantify an offset that links STI with a specific threshold of information leakage which describes the percentage of words identified. The offsets for male talkers are shown to be approximately 10 dB larger than for female talkers. Hence for speech security it is possible to determine offsets for the threshold of information leakage using male talkers as the "worst case scenario." To define a suitable threshold of information leakage, the results show that a robust definition can be based upon 1%, 2%, or 5% of words identified. For these percentages, results are presented for offset values corresponding to different STI values in a range from 0.1 to 0.3.

Future Autonomous Robotic Systems in the Pacific Theater

DTIC Science & Technology

2015-05-06

areas to inform the friendly units behind of what potential threats lurk within. Once secure supply routes are established, driverless vehicles can...developing new ARS, from driverless vehicles to handheld medical devices that dispense personal diagnoses, tailored to that individual’s medical

EDITORIAL: LINKAGES AMONG LANDSCAPE ASSESSMENT, QUALITY OF LIFE AND ENVIRONMENTAL SECURITY

EPA Science Inventory

The purpose and scope of the landscape sciences pilot study is to establish a working group representative of NATO Member and Partner nations to exchange information about landscape science approaches useful for environmental assessment and to transfer landscape assessment techno...

Secure Dynamic access control scheme of PHR in cloud computing.

PubMed

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

Establishing rational networking using the DL04 quantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Qin, Huawang; Tang, Wallace K. S.; Tso, Raylin

2018-06-01

The first rational quantum secure direct communication scheme is proposed, in which we use the game theory with incomplete information to model the rational behavior of the participant, and give the strategy space and utility function. The rational participant can get his maximal utility when he performs the protocol faithfully, and then the Nash equilibrium of the protocol can be achieved. Compared to the traditional schemes, our scheme will be more practical in the presence of rational participant.

Secure communication in fiber optic systems via transmission of broad-band optical noise.

PubMed

Buskila, O; Eyal, A; Shtaif, M

2008-03-03

We propose a new scheme for data encryption in the physical layer. Our scheme is based on the distribution of a broadband optical noise-like signal between Alice and Bob. The broadband signal is used for the establishment of a secret key that can be used for the secure transmission of information by using the one-time-pad method. We characterize the proposed scheme and study its applicability to the existing fiber-optics communications infrastructure.

75 FR 58421 - Notice of Submission of Proposed Information Collection to OMB Ginnie Mae Mortgage-Backed...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-24

...The proposed information collection requirement described below has been submitted to the Office of Management and Budget (OMB) for review, as required by the Paperwork Reduction Act. The Department is soliciting public comments on the subject proposal. This information is collected by Ginnie Mae from issuers/customers that participate in its Mortgage-Backed Securities programs to monitor performance and compliance with established rules and regulations.

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Coverage. 2001.71 Section 2001.71 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL... Training § 2001.71 Coverage. (a) General. Each department or agency shall establish and maintain a formal...

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Coverage. 2001.71 Section 2001.71 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL... Training § 2001.71 Coverage. (a) General. Each department or agency shall establish and maintain a formal...

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Coverage. 2001.71 Section 2001.71 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL... Training § 2001.71 Coverage. (a) General. Each department or agency shall establish and maintain a formal...

Improving the Quality and Scope of EIA Data

EIA Publications

2011-01-01

Section 805(a) of the Energy Independence and Security Act of 2007 (EISA), Public Law 110-1401 requires the U.S. Energy Information Administration (EIA) to establish a five-year plan to enhance the quality and scope of its data collection necessary to ensure that the scope, accuracy, and timeliness of the information needed for efficient functioning of energy markets and related financial operations. This report is in response to section 805(b) of EISA which calls on EIA to submit to Congress the plan established under subsection (a), including a description of any improvements needed to enhance the ability of the Administrator to collect and process energy information in a manner consistent with the needs of energy markets.

An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System).

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Kuwata, Shigeki; Nakano, Hirohiko; Shanmai, Ji; Qiyan, Zhang; Yufen, Chen; Kusuoka, Hideo; Matsuoka, Masaki

2004-03-31

To enhance medical cooperation between the hospitals and clinics around Osaka local area, the healthcare network system, named Osaka Community Healthcare Information System (OCHIS), was established with support of a supplementary budget from the Japanese government in fiscal year 2002. Although the system has been based on healthcare public key infrastructure (PKI), there remain security issues to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority in contract with the Japanese Medical Information Systems Organization (MEDIS) in 2003. This paper describes the experimental design and the results of the study concerning message security.

Security Considerations for E-Mental Health Interventions

PubMed Central

Bennett, Anthony James; Griffiths, Kathleen Margaret

2010-01-01

Security considerations are an often overlooked and underfunded aspect of the development, delivery, and evaluation of e-mental health interventions although they are crucial to the overall success of any eHealth project. The credibility and reliability of eHealth scientific research and the service delivery of eHealth interventions rely on a high standard of data security. This paper describes some of the key methodological, technical, and procedural issues that need to be considered to ensure that eHealth research and intervention delivery meet adequate security standards. The paper concludes by summarizing broad strategies for addressing the major security risks associated with eHealth interventions. These include involving information technology (IT) developers in all stages of the intervention process including its development, evaluation, and ongoing delivery; establishing a wide-ranging discourse about relevant security issues; and familiarizing researchers and providers with the security measures that must be instituted in order to protect the integrity of eHealth interventions. PMID:21169173

Radioactive source security: the cultural challenges.

PubMed

Englefield, Chris

2015-04-01

Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 10 2010-01-01 2010-01-01 false Performance security. 1494.401 Section 1494.401... Program Operations § 1494.401 Performance security. (a) Requirement to establish performance security... establish performance security, in a form which is acceptable to CCC, in order to guarantee the eligible...

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 10 2011-01-01 2011-01-01 false Performance security. 1494.401 Section 1494.401... Program Operations § 1494.401 Performance security. (a) Requirement to establish performance security... establish performance security, in a form which is acceptable to CCC, in order to guarantee the eligible...

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 10 2013-01-01 2013-01-01 false Performance security. 1494.401 Section 1494.401... Performance security. (a) Requirement to establish performance security. Prior to the submission of an offer to CCC in response to an Invitation, an eligible exporter must establish performance security, in a...

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 10 2012-01-01 2012-01-01 false Performance security. 1494.401 Section 1494.401... Performance security. (a) Requirement to establish performance security. Prior to the submission of an offer to CCC in response to an Invitation, an eligible exporter must establish performance security, in a...

32 CFR 2003.2 - Authority (Article II).

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Authority (Article II). 2003.2 Section 2003.2 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE...) BYLAWS, RULES, AND APPEAL PROCEDURES Bylaws § 2003.2 Authority (Article II). ISCAP was established by...

32 CFR 2003.2 - Authority (Article II).

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Authority (Article II). 2003.2 Section 2003.2 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE...) BYLAWS, RULES, AND APPEAL PROCEDURES Bylaws § 2003.2 Authority (Article II). ISCAP was established by...

Sentinel-2a: multi-spectral instrument first in-orbit performance

NASA Astrophysics Data System (ADS)

Fernandez, Valerie; Isola, Claudia; Hoersch, Bianca; Gascon, Ferran; Tréma, Thierry

2017-09-01

Copernicus is a European Union (EU) led initiative designed to establish a European capacity for the provision and use of operational monitoring information for environment and security applications. Within the Copernicus program, ESA is responsible for the development of the Space Component and Ground Segment..

78 FR 31555 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-24

... mitigate adverse selection and provide stability for health insurance issuers in the individual and small... State Children's Health Insurance Programs, Title XXI of the Social Security Act, established by the... DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Medicare & Medicaid Services [Document...

Patching the Wetware: Addressing the Human Factor in Information Security

DTIC Science & Technology

2011-06-01

using deceptive psychological methods to influence the human user. In addressing this need, this research effort analyzes the psychological ...link between those psychological foundations and a body of research on persuasion. Once this connection is established, several psychological ...21 2.8 Psychological Foundations ...................................................................................22

A novel interacting multiple model based network intrusion detection scheme

NASA Astrophysics Data System (ADS)

Xin, Ruichi; Venkatasubramanian, Vijay; Leung, Henry

2006-04-01

In today's information age, information and network security are of primary importance to any organization. Network intrusion is a serious threat to security of computers and data networks. In internet protocol (IP) based network, intrusions originate in different kinds of packets/messages contained in the open system interconnection (OSI) layer 3 or higher layers. Network intrusion detection and prevention systems observe the layer 3 packets (or layer 4 to 7 messages) to screen for intrusions and security threats. Signature based methods use a pre-existing database that document intrusion patterns as perceived in the layer 3 to 7 protocol traffics and match the incoming traffic for potential intrusion attacks. Alternately, network traffic data can be modeled and any huge anomaly from the established traffic pattern can be detected as network intrusion. The latter method, also known as anomaly based detection is gaining popularity for its versatility in learning new patterns and discovering new attacks. It is apparent that for a reliable performance, an accurate model of the network data needs to be established. In this paper, we illustrate using collected data that network traffic is seldom stationary. We propose the use of multiple models to accurately represent the traffic data. The improvement in reliability of the proposed model is verified by measuring the detection and false alarm rates on several datasets.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

PubMed Central

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

77 FR 55512 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-10

... Securities and Exchange Commission (``Commission'') has submitted to the Office of Management and Budget a...''). The Commission plans to submit this existing collection of information to the Office of Management and...-Leach-Bliley Act (``GLBA''), which include the requirement that at the time of establishing a customer...

77 FR 32179 - Proposed Collection: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-31

... Certificate of Identity. DATES: Written comments should be received on or before July 30, 2012 to be assured...: Title: Certificate of Identity. OMB Number: 1535-0048. Form Number: PD F 0385. Abstract: The information is requested to establish the identity of the owner of the United States Savings Securities. Current...

CERT(Restricted) Resilience Management Model (CERT(Restricted)-RMM) V1.1: NIST Special Publication 800-66 Crosswalk

DTIC Science & Technology

2013-10-01

Technology Assets • EXD:SG2 Manage Risks Due to External Dependencies (SP1-SP2) • EXD:SG3.SP4 Formalize Relationships 5 . Data Backup Plan and...Information Access Management (C.E.R. § 164.308(a)(4)) 11 4.5. Security Awareness and Training (C.E.R. § 164.308(a)( 5 )) 13 4.6. Security Incident Procedures...for managing operational resilience. It has two primary objectives: • Establish the convergence of operational risk and resilience management

Informed use of patients' records on trusted health care services.

PubMed

Sahama, Tony; Miller, Evonne

2011-01-01

Health care is an information-intensive business. Sharing information in health care processes is a smart use of data enabling informed decision-making whilst ensuring. the privacy and security of patient information. To achieve this, we propose data encryption techniques embedded Information Accountability Framework (IAF) that establishes transitions of the technological concept, thus enabling understanding of shared responsibility, accessibility, and efficient cost effective informed decisions between health care professionals and patients. The IAF results reveal possibilities of efficient informed medical decision making and minimisation of medical errors. Of achieving this will require significant cultural changes and research synergies to ensure the sustainability, acceptability and durability of the IAF.

Secure quantum private information retrieval using phase-encoded queries

NASA Astrophysics Data System (ADS)

Olejnik, Lukasz

2011-08-01

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.100.230502 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

Secure quantum private information retrieval using phase-encoded queries

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olejnik, Lukasz

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offersmore » substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.« less

DoD Identity Matching Engine for Security and Analysis (IMESA) Access to Criminal Justice Information (CJI) and Terrorist Screening Databases (TSDB)

DTIC Science & Technology

2016-05-04

IMESA) Access to Criminal Justice Information (CJI) and Terrorist Screening Databases (TSDB) References: See Enclosure 1 1. PURPOSE. In...CJI database mirror image files. (3) Memorandums of understanding with the FBI CJIS as the data broker for DoD organizations that need access ...not for access determinations. (3) Legal restrictions established by the Sex Offender Registration and Notification Act (SORNA) jurisdictions on

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-22

... 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major... public comment to establish capital, margin, and segregation requirements for security-based swap dealers... soliciting comment on proposed rules and rule amendments establishing capital, margin, and segregation...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... arrangements in place to control risks. C. Manage and Control Risk. Each bank holding company shall: 1. Design... GOVERNORS OF THE FEDERAL RESERVE SYSTEM (CONTINUED) BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL.... Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F...

77 FR 74201 - Customs Brokers User Fee Payment for 2013

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-13

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Customs Brokers User Fee... of the 2013 Customs Broker User Fee is due February 15, 2013. FOR FURTHER INFORMATION CONTACT: Craig... establish that effective April 1, 2007, an annual user fee of $138 is to be assessed for each customs broker...

76 FR 54776 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-02

... Collection: Hospice Voluntary Quality Data Reporting Program; Use: Section 1814(i)(5) of the Social Security..., enacted on March 23, 2010 (Affordable Care Act), authorizes the Secretary to establish a quality reporting... reporting requirements for hospices, as set forth in the proposed Hospice Wage Index for Fiscal Year 2012...

78 FR 2363 - Notification of Deletion of a System of Records; Automated Trust Funds Database

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-11

... Database AGENCY: Animal and Plant Health Inspection Service, USDA. ACTION: Notice of deletion of a system... establishing the Automated Trust Funds (ATF) database system of records. The Federal Information Security... Integrity Act of 1982, Public Law 97-255, provided authority for the system. The ATF database has been...

78 FR 16507 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

...'s Health Insurance Programs, Title XXI of the Social Security Act, established by the Balanced... Medicare Improvement of Patients and Providers Act (MIPPA) amended Section 1861(t)(2)(B) of the Social... that is the subject of a future request for inclusion on the list of recognized compendia will be...

75 FR 32360 - Proposed Information Collection; Comment Request; Licensing of Private Remote-Sensing Space Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-08

... Collection; Comment Request; Licensing of Private Remote-Sensing Space Systems AGENCY: National Oceanic and.... Abstract NOAA has established requirements for the licensing of private operators of remote-sensing space... Land Remote- Sensing Policy Act of 1992 and with the national security and international obligations of...

48 CFR 239.7102-2 - Compromising emanations-TEMPEST or other standard.

Code of Federal Regulations, 2010 CFR

2010-10-01

...-TEMPEST or other standard. 239.7102-2 Section 239.7102-2 Federal Acquisition Regulations System DEFENSE... INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-2 Compromising emanations—TEMPEST or....e., an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by...

48 CFR 239.7102-2 - Compromising emanations-TEMPEST or other standard.

Code of Federal Regulations, 2014 CFR

2014-10-01

...-TEMPEST or other standard. 239.7102-2 Section 239.7102-2 Federal Acquisition Regulations System DEFENSE... INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-2 Compromising emanations—TEMPEST or....e., an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by...

48 CFR 239.7102-2 - Compromising emanations-TEMPEST or other standard.

Code of Federal Regulations, 2011 CFR

2011-10-01

...-TEMPEST or other standard. 239.7102-2 Section 239.7102-2 Federal Acquisition Regulations System DEFENSE... INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-2 Compromising emanations—TEMPEST or....e., an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by...

48 CFR 239.7102-2 - Compromising emanations-TEMPEST or other standard.

Code of Federal Regulations, 2012 CFR

2012-10-01

...-TEMPEST or other standard. 239.7102-2 Section 239.7102-2 Federal Acquisition Regulations System DEFENSE... INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-2 Compromising emanations—TEMPEST or....e., an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by...

48 CFR 239.7102-2 - Compromising emanations-TEMPEST or other standard.

Code of Federal Regulations, 2013 CFR

2013-10-01

...-TEMPEST or other standard. 239.7102-2 Section 239.7102-2 Federal Acquisition Regulations System DEFENSE... INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-2 Compromising emanations—TEMPEST or....e., an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by...

The Research on Safety Management Information System of Railway Passenger Based on Risk Management Theory

NASA Astrophysics Data System (ADS)

Zhu, Wenmin; Jia, Yuanhua

2018-01-01

Based on the risk management theory and the PDCA cycle model, requirements of the railway passenger transport safety production is analyzed, and the establishment of the security risk assessment team is proposed to manage risk by FTA with Delphi from both qualitative and quantitative aspects. The safety production committee is also established to accomplish performance appraisal, which is for further ensuring the correctness of risk management results, optimizing the safety management business processes and improving risk management capabilities. The basic framework and risk information database of risk management information system of railway passenger transport safety are designed by Ajax, Web Services and SQL technologies. The system realizes functions about risk management, performance appraisal and data management, and provides an efficient and convenient information management platform for railway passenger safety manager.

How to Establish Security Awareness in Schools

NASA Astrophysics Data System (ADS)

Beyer, Anja; Westendorf, Christiane

The internet is a fast changing medium and comprises several websites fraught with risk. In this context especially young age groups are endangered. They have less experience using the media and little knowledge on existing internet risks. There are a number of initiatives, which are engaged in the topic of internet safety. They provide information about measures on how to prevent and to deal with internet risks. However it is not certain if these initiatives do reach their target group (children and adolescents). In this regard schools bear a special relevance, since they have the knowledge about didactic methods and the chance to address measures directly to children and adolescents. The authors of this paper provide an overview of current security education in German schools, problems and open questions. Finally the authors make recommendations on how to establish internet safety in schools.

Implementing an electronic medication overview in Belgium.

PubMed

Storms, Hannelore; Marquet, Kristel; Nelissen, Katherine; Hulshagen, Leen; Lenie, Jan; Remmen, Roy; Claes, Neree

2014-12-16

An accurate medication overview is essential to reduce medication errors. Therefore, it is essential to keep the medication overview up-to-date and to exchange healthcare information between healthcare professionals and patients. Digitally shared information yields possibilities to improve communication. However, implementing a digitally shared medication overview is challenging. This articles describes the development process of a secured, electronic platform designed for exchanging medication information as executed in a pilot study in Belgium, called "Vitalink". The goal of "Vitalink" is to improve the exchange of medication information between professionals working in healthcare and patients in order to achieve a more efficient cooperation and better quality of care. Healthcare professionals of primary and secondary health care and patients of four Belgian regions participated in the project. In each region project groups coordinated implementation and reported back to the steering committee supervising the pilot study. The electronic medication overview was developed based on consensus in the project groups. The steering committee agreed to establish secured and authorized access through the use of electronic identity documents (eID) and a secured, eHealth-platform conform prior governmental regulations regarding privacy and security of healthcare information. A successful implementation of an electronic medication overview strongly depends on the accessibility and usability of the tool for healthcare professionals. Coordinating teams of the project groups concluded, based on their own observations and on problems reported to them, that secured and quick access to medical data needed to be pursued. According to their observations, the identification process using the eHealth platform, crucial to ensure secured data, was very time consuming. Secondly, software packages should meet the needs of their users, thus be adapted to daily activities of healthcare professionals. Moreover, software should be easy to install and run properly. The project would have benefited from a cost analysis executed by the national bodies prior to implementation.

The SAIL Databank: building a national architecture for e-health research and evaluation.

PubMed

Ford, David V; Jones, Kerina H; Verplancke, Jean-Philippe; Lyons, Ronan A; John, Gareth; Brown, Ginevra; Brooks, Caroline J; Thompson, Simon; Bodger, Owen; Couch, Tony; Leake, Ken

2009-09-04

Vast quantities of electronic data are collected about patients and service users as they pass through health service and other public sector organisations, and these data present enormous potential for research and policy evaluation. The Health Information Research Unit (HIRU) aims to realise the potential of electronically-held, person-based, routinely-collected data to conduct and support health-related studies. However, there are considerable challenges that must be addressed before such data can be used for these purposes, to ensure compliance with the legislation and guidelines generally known as Information Governance. A set of objectives was identified to address the challenges and establish the Secure Anonymised Information Linkage (SAIL) system in accordance with Information Governance. These were to: 1) ensure data transportation is secure; 2) operate a reliable record matching technique to enable accurate record linkage across datasets; 3) anonymise and encrypt the data to prevent re-identification of individuals; 4) apply measures to address disclosure risk in data views created for researchers; 5) ensure data access is controlled and authorised; 6) establish methods for scrutinising proposals for data utilisation and approving output; and 7) gain external verification of compliance with Information Governance. The SAIL databank has been established and it operates on a DB2 platform (Data Warehouse Edition on AIX) running on an IBM 'P' series Supercomputer: Blue-C. The findings of an independent internal audit were favourable and concluded that the systems in place provide adequate assurance of compliance with Information Governance. This expanding databank already holds over 500 million anonymised and encrypted individual-level records from a range of sources relevant to health and well-being. This includes national datasets covering the whole of Wales (approximately 3 million population) and local provider-level datasets, with further growth in progress. The utility of the databank is demonstrated by increasing engagement in high quality research studies. Through the pragmatic approach that has been adopted, we have been able to address the key challenges in establishing a national databank of anonymised person-based records, so that the data are available for research and evaluation whilst meeting the requirements of Information Governance.

The SAIL Databank: building a national architecture for e-health research and evaluation

PubMed Central

Ford, David V; Jones, Kerina H; Verplancke, Jean-Philippe; Lyons, Ronan A; John, Gareth; Brown, Ginevra; Brooks, Caroline J; Thompson, Simon; Bodger, Owen; Couch, Tony; Leake, Ken

2009-01-01

Background Vast quantities of electronic data are collected about patients and service users as they pass through health service and other public sector organisations, and these data present enormous potential for research and policy evaluation. The Health Information Research Unit (HIRU) aims to realise the potential of electronically-held, person-based, routinely-collected data to conduct and support health-related studies. However, there are considerable challenges that must be addressed before such data can be used for these purposes, to ensure compliance with the legislation and guidelines generally known as Information Governance. Methods A set of objectives was identified to address the challenges and establish the Secure Anonymised Information Linkage (SAIL) system in accordance with Information Governance. These were to: 1) ensure data transportation is secure; 2) operate a reliable record matching technique to enable accurate record linkage across datasets; 3) anonymise and encrypt the data to prevent re-identification of individuals; 4) apply measures to address disclosure risk in data views created for researchers; 5) ensure data access is controlled and authorised; 6) establish methods for scrutinising proposals for data utilisation and approving output; and 7) gain external verification of compliance with Information Governance. Results The SAIL databank has been established and it operates on a DB2 platform (Data Warehouse Edition on AIX) running on an IBM 'P' series Supercomputer: Blue-C. The findings of an independent internal audit were favourable and concluded that the systems in place provide adequate assurance of compliance with Information Governance. This expanding databank already holds over 500 million anonymised and encrypted individual-level records from a range of sources relevant to health and well-being. This includes national datasets covering the whole of Wales (approximately 3 million population) and local provider-level datasets, with further growth in progress. The utility of the databank is demonstrated by increasing engagement in high quality research studies. Conclusion Through the pragmatic approach that has been adopted, we have been able to address the key challenges in establishing a national databank of anonymised person-based records, so that the data are available for research and evaluation whilst meeting the requirements of Information Governance. PMID:19732426

Information security: from classical to quantum

NASA Astrophysics Data System (ADS)

Barnett, Stephen M.; Brougham, Thomas

2012-09-01

Quantum cryptography was designed to provide a new approach to the problem of distributing keys for private-key cryptography. The principal idea is that security can be ensured by exploiting the laws of quantum physics and, in particular, by the fact that any attempt to measure a quantum state will change it uncontrollably. This change can be detected by the legitimate users of the communication channel and so reveal to them the presence of an eavesdropper. In this paper I explain (briefly) how quantum key distribution works and some of the progress that has been made towards making this a viable technology. With the principles of quantum communication and quantum key distribution firmly established, it is perhaps time to consider how efficient it can be made. It is interesting to ask, in particular, how many bits of information might reasonably be encoded securely on each photon. The use of photons entangled in their time of arrival might make it possible to achieve data rates in excess of 10 bits per photon.

Three-step semiquantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Zou, XiangFu; Qiu, DaoWen

2014-09-01

Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first. In the existing schemes, quantum secure direct communication is possible only when both parties are quantum. In this paper, we construct a three-step semiquantum secure direct communication (SQSDC) protocol based on single photon sources in which the sender Alice is classical. In a semiquantum protocol, a person is termed classical if he (she) can measure, prepare and send quantum states only with the fixed orthogonal quantum basis {|0>, |1>}. The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption. Therefore, the proposed SQSDC protocol is also completely robust. Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol. In the proposed protocol, we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed. Moreover, the proposed SQSDC protocol can be implemented with the existing techniques. Compared with many quantum secure direct communication protocols, the proposed SQSDC protocol has two merits: firstly the sender only needs classical capabilities; secondly to check Eves disturbing after the transmission of quantum states, no additional classical information is needed.

A noise immunity controlled quantum teleportation protocol

NASA Astrophysics Data System (ADS)

Li, Dong-fen; Wang, Rui-jin; Zhang, Feng-li; Baagyere, Edward; Qin, Zhen; Xiong, Hu; Zhan, Huayi

2016-11-01

With the advent of the Internet and information and communication technology, quantum teleportation has become an important field in information security and its application areas. This is because quantum teleportation has the ability to attain a timely secret information delivery and offers unconditional security. And as such, the field of quantum teleportation has become a hot research topic in recent years. However, noise has serious effect on the safety of quantum teleportation within the aspects of information fidelity, channel capacity and information transfer. Therefore, the main purpose of this paper is to address these problems of quantum teleportation. Firstly, in order to resist collective noise, we construct a decoherence-free subspace under different noise scenarios to establish a two-dimensional fidelity quantum teleportation models. And also create quantum teleportation of multiple degree of freedom, and these models ensure the accuracy and availability of the exchange of information and in multiple degree of freedom. Secondly, for easy preparation, measurement and implementation, we use super dense coding features to build an entangled quantum secret exchange channel. To improve the channel utilization and capacity, an efficient super dense coding method based on ultra-entanglement exchange is used. Thirdly, continuous variables of the controlled quantum key distribution were designed for quantum teleportation; in addition, we perform Bell-basis measurement under the collective noise and also prepare the storage technology of quantum states to achieve one-bit key by three-photon encoding to improve its security and efficiency. We use these two methods because they conceal information, resist a third party attack and can detect eavesdropping. Our proposed methods, according to the security analysis, are able to solve the problems associated with the quantum teleportation under various noise environments.

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

PubMed Central

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

PubMed

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

Safety and privacy outcomes from a moderated online social therapy for young people with first-episode psychosis.

PubMed

Gleeson, John F; Lederman, Reeva; Wadley, Greg; Bendall, Sarah; McGorry, Patrick D; Alvarez-Jimenez, Mario

2014-04-01

Internet-based treatments for early psychosis offer considerable promise, but safety and security need to be established. This study pilot tested Horyzons, a novel online treatment application that integrates purpose-built moderated social networking with psychoeducation for recovery from early psychosis. Safety, privacy, and security were evaluated during a one-month single-group trial with 20 young consumers recovering from early psychosis who were recruited in Melbourne, Australia. Known clinical risk factors informed the safety protocol. Safety, privacy, and security were evaluated with respect to relapse and self-harm, users' perceptions of safety and privacy, and activity using Horyzons. No clinical or security problems with use of Horyzons were noted. Participants described feeling safe and trusting Horyzons. Private moderated online social networking combined with psychoeducation was a safe and secure therapeutic environment for consumers recovering from a first episode of psychosis. Testing the intervention in a randomized controlled trial is warranted.

Design principles in the development of (public) health information infrastructures.

PubMed

Neame, Roderick

2012-01-01

In this article the author outlines the key issues in the development of a regional health information infrastructure suitable for public health data collections. A set of 10 basic design and development principles as used and validated in the development of the successful New Zealand National Health Information Infrastructure in 1993 are put forward as a basis for future developments. The article emphasises the importance of securing clinical input into any health data that is collected, and suggests strategies whereby this may be achieved, including creating an information economy alongside the care economy. It is suggested that the role of government in such developments is to demonstrate leadership, to work with the sector to develop data, messaging and security standards, to establish key online indexes, to develop data warehouses and to create financial incentives for adoption of the infrastructure and the services it delivers to users. However experience suggests that government should refrain from getting involved in local care services data infrastructure, technology and management issues.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... arrangements in place to control risks. C. Manage and Control Risk. Each bank holding company shall: 1. Design... GOVERNORS OF THE FEDERAL RESERVE SYSTEM BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL (REGULATION Y) Pt.... Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F...

3 CFR 13526 - Executive Order 13526 of December 29, 2009. Classified National Security Information

Code of Federal Regulations, 2010 CFR

2010-01-01

... of weapons of mass destruction. Sec. 1.5. Duration of Classification. (a) At the time of original... intelligence source or key design concepts of weapons of mass destruction, the date or event shall not exceed the time frame established in paragraph (b) of this section. (b) If the original classification...

17 CFR 401.9 - Exemption for certain foreign government securities brokers or dealers.

Code of Federal Regulations, 2010 CFR

2010-04-01

... modified to read as follows: “(iii) If the foreign broker or dealer has established a relationship with a... relationship is disclosed in all research reports and all transactions with the foreign broker or dealer in... legally necessary, its customers (with respect to customer information) to permit the foreign broker or...

A Molecular Framework for Understanding DCIS

DTIC Science & Technology

2016-10-01

well. Pathologic and Clinical Annotation Database A clinical annotation database titled the Breast Oncology Database has been established to...complement the procured SPORE sample characteristics and annotated pathology data. This Breast Oncology Database is an offsite clinical annotation...database adheres to CSMC Enterprise Information Services (EIS) research database security standards. The Breast Oncology Database consists of: 9 Baseline

Genetically Guided Statin Therapy

DTIC Science & Technology

2017-03-01

prevent cardiovascular disease . Long-term adherence is a challenge, due, in part, to statin intolerance due to musculoskeletal side effects. In objective...Statins, cholesterol, LDL, cardiovascular disease , genetic-informed strategy, statin prescription, statin adherence 16. SECURITY CLASSIFICATION OF: 17...28 Mar 2017. 1.0 SUMMARY Statins are well established for lowering cholesterol and preventing cardiovascular disease . High rates of statin

Establishing Viable and Effective Information-Warfare Capability in Developing Nations Based on the U.S. Model

DTIC Science & Technology

2012-12-01

include law enforcement and intelligence capabilities in the lineup . However, national security strategy reflects the first four only. Figure 1...Term Joint Doctrine Identification Air Force Doctrine Identification Army Doctrine Identification Navy Doctrine Identification EW...59 Ibid., 39. 34 Term Joint Doctrine Identification Air Force Doctrine Identification Army Doctrine Identification Navy

VA and DOD Health Care: First Federal Health Care Center Established, but Implementation Concerns Need to Be Addressed

DTIC Science & Technology

2011-07-01

procedures for the reporting of information security incidents. However, VA and DOD did not meet designated deadlines for the three capabilities that were...addition to the contact named above, Marcia A. Mann, Assistant Director; Jill K. Center; Kaycee M. Glavich; E. Jane Whipple ; and Malissa G. Winograd

VOCATIONAL EDUCATION AND TRAINING IN THE SOVIET UNION, REPORT OF THE BACIE DELEGATIONS VISIT, 5-23 MAY, 1963.

ERIC Educational Resources Information Center

PERRY, PETER

A SUMMARY OF INDUSTRIAL AND COMMERCIAL TRAINING INFORMATION SECURED BY A DELEGATION OF FIVE BRITISH EDUCATORS WHO VISITED 19 VOCATIONAL TECHNICAL SCHOOLS, INDUSTRIAL ESTABLISHMENTS, INSTITUTES OF HIGHER EDUCATION, AND VARIOUS LEVELS OF MINISTRIES AND GOVERNMENT DEPARTMENTS IN MOSCOW, LENINGRAD, AND TBILISC (GEORGIA) IS PRESENTED. IN 45 YEARS, THE…

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... any record about an individual, whether in paper, electronic, or other form, that is a consumer report... term does not include any record that does not identify an individual. i. Examples. (1) Consumer... individual who applies for but does not receive a loan, including any loan sought by an individual for a...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... any record about an individual, whether in paper, electronic, or other form, that is a consumer report... term does not include any record that does not identify an individual. i. Examples. (1) Consumer... individual who applies for but does not receive a loan, including any loan sought by an individual for a...

76 FR 10342 - Availability of Fiscal Years 2011-2016 Draft Strategic Plan and Request for Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-24

... ">[email protected] hq.doe.gov . Michael Holland, Office of the Under Secretary for Science at (202) 586-0505, or e-mail [email protected]science.doe.gov . SUPPLEMENTARY INFORMATION: The DOE was established in... clear goals for DOE's four main business lines: nuclear security, environmental clean-up, science and...

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

Exploring health information technology education: an analysis of the research.

PubMed

Virgona, Thomas

2012-01-01

This article is an analysis of the Health Information Technology Education published research. The purpose of this study was to examine selected literature using variables such as journal frequency, keyword analysis, universities associated with the research and geographic diversity. The analysis presented in this paper has identified intellectually significant studies that have contributed to the development and accumulation of intellectual wealth of Health Information Technology. The keyword analysis suggests that Health Information Technology research has evolved from establishing concepts and domains of health information systems, technology and management to contemporary issues such as education, outsourcing, web services and security. The research findings have implications for educators, researchers, journal.

NetWall distributed firewall in the use of campus network

NASA Astrophysics Data System (ADS)

He, Junhua; Zhang, Pengshuai

2011-10-01

Internet provides a modern means of education but also non-mainstream consciousness and poor dissemination of information opens the door, network and moral issues have become prominent, poor dissemination of information and network spread rumors and negative effects of new problems, ideological and political education in schools had a huge impact, poses a severe challenge. This paper presents a distributed firewall will NetWall deployed in a campus network solution. The characteristics of the campus network, using technology to filter out bad information on the means of control, of sensitive information related to the record, establish a complete information security management platform for the campus network.

Evaluation research of small and medium-sized enterprise informatization on big data

NASA Astrophysics Data System (ADS)

Yang, Na

2017-09-01

Under the background of big data, key construction of small and medium-sized enterprise informationization level was needed, but information construction cost was large, while information cost of inputs can bring benefit to small and medium-sized enterprises. This paper established small and medium-sized enterprise informatization evaluation system from hardware and software security level, information organization level, information technology application and the profit level, and information ability level. The rough set theory was used to brief indexes, and then carry out evaluation by support vector machine (SVM) model. At last, examples were used to verify the theory in order to prove the effectiveness of the method.

Implementation of data security and data privacy provisions will bring sweeping changes to laboratory service providers.

PubMed

Boothe, J F

2000-01-01

The Health Insurance Portability and Accountability Act included substantial changes involving handling of health information by establishing national standards for electronic transactions, data privacy, and data security. The first final rule for electronic transaction standards was published August 17, 2000. The remaining final rules are expected to be published in Winter 2000. Providers, such as clinical laboratories, will have 26 months from the data of publication to comply. The civil monetary fines for noncompliance are substantial. This article will review the key provisions of the data security and data privacy proposed rules. These provisions will touch virtually every aspect of electronic claims submissions, electronic data transactions, and the electronic storage of medical information. The proposed rules will require a coordinated approach by providers to develop the policies and procedures, and the technical and physical infrastructure to protect health information. Moreover, providers will need to identify a privacy officer, to review existing privacy policies to compare the proposed rule with any existing state laws to determine which may be more stringent, and to develop new policies to address the particular requirements of the final rule.

Use of a secure Internet Web site for collaborative medical research.

PubMed

Marshall, W W; Haley, R W

2000-10-11

Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849.

Improving newborn screening laboratory test ordering and result reporting using health information exchange

PubMed Central

van Dyck, Peter C; Rinaldo, Piero; McDonald, Clement; Howell, R Rodrey; Zuckerman, Alan; Downing, Gregory

2010-01-01

Capture, coding and communication of newborn screening (NBS) information represent a challenge for public health laboratories, health departments, hospitals, and ambulatory care practices. An increasing number of conditions targeted for screening and the complexity of interpretation contribute to a growing need for integrated information-management strategies. This makes NBS an important test of tools and architecture for electronic health information exchange (HIE) in this convergence of individual patient care and population health activities. For this reason, the American Health Information Community undertook three tasks described in this paper. First, a newborn screening use case was established to facilitate standards harmonization for common terminology and interoperability specifications guiding HIE. Second, newborn screening coding and terminology were developed for integration into electronic HIE activities. Finally, clarification of privacy, security, and clinical laboratory regulatory requirements governing information exchange was provided, serving as a framework to establish pathways for improving screening program timeliness, effectiveness, and efficiency of quality patient care services. PMID:20064796

Integrated assessment and scenarios simulation of urban water security system in the southwest of China with system dynamics analysis.

PubMed

Yin, Su; Dongjie, Guan; Weici, Su; Weijun, Gao

2017-11-01

The demand for global freshwater is growing, while global freshwater available for human use is limited within a certain time and space. Its security has significant impacts on both the socio-economic system and ecological system. Recently, studies have focused on the urban water security system (UWSS) in terms of either water quantity or water quality. In this study, water resources, water environment, and water disaster issues in the UWSS were combined to establish an evaluation index system with system dynamics (SD) and geographic information systems (GIS). The GIS method performs qualitative analysis from the perspective of the spatial dimension; meanwhile, the SD method performs quantitative calculation about related water security problems from the perspective of the temporal dimension. We established a UWSS model for Guizhou province, China to analyze influencing factors, main driving factors, and system variation law, by using the SD method. We simulated the water security system from 2005 to 2025 under four scenarios (Guiyang scenario, Zunyi scenario, Bijie scenario and combined scenario). The results demonstrate that: (1) the severity of water security in cities is ranked as follows: three cities are secure in Guizhou province, four cities are in basic security and two cities are in a situation of insecurity from the spatial dimension of GIS through water security synthesis; and (2) the major driving factors of UWSS in Guizhou province include agricultural irrigation water demand, soil and water losses area, a ratio increase to the standard of water quality, and investment in environmental protection. A combined scenario is the best solution for UWSS by 2025 in Guizhou province under the four scenarios from the temporal dimension of SD. The results of this study provide a useful suggestion for the management of freshwater for the cities of Guizhou province in southwest China.

78 FR 48029 - Improving Chemical Facility Safety and Security

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... responding to risks in chemical facilities (including during pre-inspection, inspection execution, post.... Sec. 2. Establishment of the Chemical Facility Safety and Security Working Group. (a) There is established a Chemical Facility Safety and Security Working Group (Working Group) co-chaired by the Secretary...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Independent Validation and Verification of automated information systems in the Department of Energy

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hunteman, W.J.; Caldwell, R.

1994-07-01

The Department of Energy (DOE) has established an Independent Validation and Verification (IV&V) program for all classified automated information systems (AIS) operating in compartmented or multi-level modes. The IV&V program was established in DOE Order 5639.6A and described in the manual associated with the Order. This paper describes the DOE IV&V program, the IV&V process and activities, the expected benefits from an IV&V, and the criteria and methodologies used during an IV&V. The first IV&V under this program was conducted on the Integrated Computing Network (ICN) at Los Alamos National Laboratory and several lessons learned are presented. The DOE IV&Vmore » program is based on the following definitions. An IV&V is defined as the use of expertise from outside an AIS organization to conduct validation and verification studies on a classified AIS. Validation is defined as the process of applying the specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an AIS by one or more departments or agencies and their contractors. Verification is the process of comparing two levels of an AIS specification for proper correspondence (e.g., security policy model with top-level specifications, top-level specifications with source code, or source code with object code).« less

75 FR 21689 - Self-Regulatory Organizations; NASDAQ OMX PHLX, Inc.; Order Granting Accelerated Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-26

... To Establish Strike Price Intervals and Trading Hours for Options on Index-Linked Securities April 20... establish strike-price intervals for options on Index-Linked Securities and to establish trading hours for... exchange-traded notes (``ETN'')), Phlx has proposed to establish strike price intervals and trading hours...

Gifts, bribes and solicitions: print media and the social construction of informal payments to doctors in Taiwan.

PubMed

Chiu, Yu-Chan; Smith, Katherine Clegg; Morlock, Laura; Wissow, Lawrence

2007-02-01

The Taiwanese practice of patients giving informal payments to physicians to secure services is deeply rooted in social and cultural factors. This study examines the portrayal of informal payments by Taiwanese print news media over a period of 12 years-from prior to until after the implementation of national health insurance (NHI) in Taiwan in 1995. The goal of the study was to examine how the advent of NHI changed the rationale for and use of informal payments. Both before and after the introduction of NHI, Taiwanese newspapers portrayed informal payments as appropriate means to secure access to better health care. Newspaper accounts established that, although NHI reduced patients' financial barriers to care, it did not change deeply held cultural beliefs that good care depended on the development of a reciprocal sense of obligation between patients and physicians. Physicians may have also encouraged the ongoing use of informal payments to make up revenue lost when NHI standardized fees and limited income from dispensing medications. In 2002, seven years after the implementation of NHI, the use of informal payments, though illegal, was still being justified in the print media through allusions to its role in traditional Taiwanese culture.

10 CFR 1016.23 - Establishment of security areas.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Establishment of security areas. 1016.23 Section 1016.23 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016... safeguard documents and material containing Restricted Data in accordance with the provisions of §§ 1016.21...

10 CFR 1016.23 - Establishment of security areas.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Establishment of security areas. 1016.23 Section 1016.23 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016... safeguard documents and material containing Restricted Data in accordance with the provisions of §§ 1016.21...

A bill to amend the Ethics in Government Act of 1978 to establish criminal penalties for knowingly and willfully falsifying or failing to file or report certain information required to be reported under that Act.

THOMAS, 111th Congress

Sen. Vitter, David [R-LA

2009-01-06

Senate - 01/06/2009 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

76 FR 66949 - Privacy Act of 1974; Notification of the Establishment of a Privacy Act System of Records, HUD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-28

... collect and store vendor Taxpayer Identification Numbers (TINs), vendor names, and associated point-of-contacts information: such as names, Social Security numbers when used in lieu of TINs, Dun and Bradstreet... government to supply TINs under 31 U.S.C. 7701(c). Vendor SSNs are supplied under Clause 52.222-8, Payrolls...

77 FR 15827 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-16

...(c) to establish the Asset- Backed Security data set (``ABS Data Set'') as the third Real-Time TRACE market data set. The ABS Data Set will be limited to information disseminated immediately upon receipt of... rates currently in effect for similar Real-Time TRACE market data sets (i.e., for the Corporate Bond...

Access and Use of FIA Data Through FIA Spatial Data Services

Treesearch

Elizabeth LaPoint

2005-01-01

Forest Inventory and Analysis (FIA) Spatial Data Services (SDS) was established in May 2002 to facilitate outside access to FIA data and allow use of georeferenced plot data while protecting the confidentiality of plot locations. Modification of the Food Security Act of 1985 legislated the protection of information on plot location and ownership. Penalties were put in...

Quantum-key-distribution protocol with pseudorandom bases

NASA Astrophysics Data System (ADS)

Trushechkin, A. S.; Tregubov, P. A.; Kiktenko, E. O.; Kurochkin, Y. V.; Fedorov, A. K.

2018-01-01

Quantum key distribution (QKD) offers a way for establishing information-theoretical secure communications. An important part of QKD technology is a high-quality random number generator for the quantum-state preparation and for post-processing procedures. In this work, we consider a class of prepare-and-measure QKD protocols, utilizing additional pseudorandomness in the preparation of quantum states. We study one of such protocols and analyze its security against the intercept-resend attack. We demonstrate that, for single-photon sources, the considered protocol gives better secret key rates than the BB84 and the asymmetric BB84 protocols. However, the protocol strongly requires single-photon sources.

Management of the Defense Technology Security Administration Year 2000 Program

DTIC Science & Technology

1998-11-03

caller is fully protected Acronyms DTSA Defense Technology Security Administration Y2K Year 2000 INSPECTOR GENERAL DEPARTMENT OF DEFENSE 400 ARMY NAVY...accordance with the DoD Management Plan Defense Technology Security Administration. The Defense Technology Security Administration ( DTSA ) was established...in 1985 as a field activity of the Office of the Secretary of Defense By establishing DTSA , the DoD role in export controls was centralized and

COPERNICUS - The European Union Earth Observation Programme - State of play and way ahead

NASA Astrophysics Data System (ADS)

Koch, Astrid-Christina

2015-04-01

Copernicus is the new name of the European Earth Observation Programme, GMES (Global Monitoring for Environment and Security). Copernicus or rather its predecessor was established as an EU programme. It covers all the activities for ensuring an uninterrupted provision of accurate and reliable data and information on environmental issues and security matters to users in charge of policy making, implementation and monitoring, in the EU and its Member States. Copernicus aims at providing Europe with a continuous, independent and reliable access to observation data and information. The EU investment aims at filling the observation gaps, providing access to existing assets and developing operational services. The data policy of the Copernicus programme supports an open, full and free of charge data access that is in line with the data sharing principles of the Group for Earth Observation (GEO). Copernicus is structured in six Services: Marine, Atmosphere, Land and Climate change monitoring as well as support to Emergency and Security. Copernicus uses data from satellites and in-situ sensors such as buoys, balloons or air sensors to provide timely and reliable added-value information and forecasting to support for example, agriculture and fisheries, land use and urban planning, the fight against forest fires, disaster response, maritime transport or air pollution monitoring. The need for continuing such observations is becoming critical, considering the increasing political pressure on public authorities to take informed decisions in the field of environment, security and climate change and the need to respect international agreements. Copernicus also contributes to economic stability and growth by boosting commercial applications (the so-called downstream services) in many different sectors through a full and open access to Copernicus observation data and information products. KEY WORDS: Sentinels, big data, data access, Emergency, Marine, Atmosphere.

Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.

2009-10-14

The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators ofmore » the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).« less

Personal control of privacy and data: Estonian experience.

PubMed

Priisalu, Jaan; Ottis, Rain

2017-01-01

The Republic of Estonia leads Europe in the provision of public digital services. The national communications and transactions platform allows for twenty-first century governance by allowing for transparency, e-safety (inter alia privacy), e-security, entrepreneurship and, among other things, rising levels of prosperity, and well-being for all its Citizens. However, a series of Information Infrastructure attacks against the Estonian e-society infrastructure in 2007 became one of best known incidents and experiences that fundamentally changed both Estonian and international discussions about Cyber Security and Privacy. Estonian experience shows that an open and transparent attitude provides a good foundation for trust between the Citizen and the State, and gives more control to the real owner of the data - the Citizen. Another important lesson is that the Citizen needs to be confident in the government's ability to keep their data safe -- in terms of confidentiality, integrity and availability - establishing a strong link between privacy and information security. This paper discusses certain critical choices, context, and events connected to the birth and growth of the Estonian e-society in terms of Privacy.

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., specialized training, and termination briefings. This subpart establishes fundamental security education and... authorities, security managers, classification management officers, security specialists, and all other.... Classification management officers, security managers, security specialists, declassification authorities, and...

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

26 CFR 1.884-5 - Qualified resident.

Code of Federal Regulations, 2014 CFR

2014-04-01

... established securities market (within the meaning of paragraph (d) of this section) in that country or the... securities market (within the meaning of paragraph (d) of this section) in the United States; (D) A not-for... class of stock is listed on an established securities market in the United States or in the country of...

26 CFR 1.884-5 - Qualified resident.

Code of Federal Regulations, 2013 CFR

2013-04-01

... established securities market (within the meaning of paragraph (d) of this section) in that country or the... securities market (within the meaning of paragraph (d) of this section) in the United States; (D) A not-for... class of stock is listed on an established securities market in the United States or in the country of...

26 CFR 1.884-5 - Qualified resident.

Code of Federal Regulations, 2012 CFR

2012-04-01

... established securities market (within the meaning of paragraph (d) of this section) in that country or the... securities market (within the meaning of paragraph (d) of this section) in the United States; (D) A not-for... class of stock is listed on an established securities market in the United States or in the country of...

33 CFR 103.300 - Area Maritime Security (AMS) Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Area Maritime Security (AMS... SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Committee § 103.300 Area Maritime Security (AMS) Committee. (a) The AMS Committee is established under the...

Secure steganography designed for mobile platforms

NASA Astrophysics Data System (ADS)

Agaian, Sos S.; Cherukuri, Ravindranath; Sifuentes, Ronnie R.

2006-05-01

Adaptive steganography, an intelligent approach to message hiding, integrated with matrix encoding and pn-sequences serves as a promising resolution to recent security assurance concerns. Incorporating the above data hiding concepts with established cryptographic protocols in wireless communication would greatly increase the security and privacy of transmitting sensitive information. We present an algorithm which will address the following problems: 1) low embedding capacity in mobile devices due to fixed image dimensions and memory constraints, 2) compatibility between mobile and land based desktop computers, and 3) detection of stego images by widely available steganalysis software [1-3]. Consistent with the smaller available memory, processor capabilities, and limited resolution associated with mobile devices, we propose a more magnified approach to steganography by focusing adaptive efforts at the pixel level. This deeper method, in comparison to the block processing techniques commonly found in existing adaptive methods, allows an increase in capacity while still offering a desired level of security. Based on computer simulations using high resolution, natural imagery and mobile device captured images, comparisons show that the proposed method securely allows an increased amount of embedding capacity but still avoids detection by varying steganalysis techniques.

Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems.

PubMed

Zhang, Liping; Zhu, Shaohui

2015-05-01

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

Social climate along the pathway of care in women's secure mental health service: variation with level of security, patient motivation, therapeutic alliance and level of disturbance.

PubMed

Long, C G; Anagnostakis, K; Fox, E; Silaule, P; Somers, J; West, R; Webster, A

2011-07-01

Social climate has been measured in a variety of therapeutic settings, but there is little information about it in secure mental health services, or how it may vary along a gender specific care pathway. To assess social climate in women's secure wards and its variation by level of security and ward type, therapeutic alliance, patient motivation, treatment engagement and disturbed behaviour. Three-quarters (80, 76%) of staff and nearly all (65, 92%) of patients in the two medium-security wards and two low-security wards that comprised the unit completed the Essen Climate Evaluation Schema (EssenCES) and the California Psychotherapy Alliance Scale (CALPAS); patients also completed the Patient Motivation Inventory (PMI). Pre-assessment levels of disturbed behaviour and treatment engagement were recorded. Social climate varied according to ward type and level of security. EssenCES ratings indicative of positive social climate were associated with lower levels of security; such ratings were also associated with lower behavioural disturbance and with higher levels of motivation, treatment engagement and therapeutic alliance. This serial cross-sectional survey indicated that use of the EssenCES alone might be a good practical measure of treatment progress/responsivity. A longitudinal study would be an important next step in establishing the extent to which it would be useful in this regard. Copyright © 2010 John Wiley & Sons, Ltd.

Risks and responses to universal drinking water security.

PubMed

Hope, Robert; Rouse, Michael

2013-11-13

Risks to universal drinking water security are accelerating due to rapid demographic, climate and economic change. Policy responses are slow, uneven and largely inadequate to address the nature and scale of the global challenges. The challenges relate both to maintaining water security in increasingly fragile supply systems and to accelerating reliable access to the hundreds of millions who remain water-insecure. A conceptual framework illustrates the relationship between institutional, operational and financial risks and drinking water security outcomes. We apply the framework to nine case studies from rural and urban contexts in South Asia and sub-Saharan Africa. Case studies are purposively selected based on established and emerging examples of political, technological or institutional reforms that address water security risks. We find broad evidence that improved information flows reduce institutional costs and promote stronger and more transparent operational performance to increase financial sustainability. However, political barriers need to be overcome in all cases through internal or external interventions that require often decadal time frames and catalytic investments. No single model exists, though there is sufficient evidence to demonstrate that risks to drinking water security can be reduced even in the most difficult and challenging contexts.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Establishing Information Security Systems via Optical Imaging

DTIC Science & Technology

2015-08-11

SLM, spatial light modulator; BSC, non - polarizing beam splitter cube; CCD, charge-coupled device. In computational ghost imaging, a series of...Laser Object Computer Fig. 5. A schematic setup for the proposed method using holography: BSC, Beam splitter cube; CCD, Charge-coupled device. The...interference between reference and object beams . (a) (e) (d) (c) (b) Distribution Code A: Approved for public release, distribution is unlimited

Serbia and the NATO Partnership for Peace Program

DTIC Science & Technology

2008-03-01

Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management ...For the first time, principles for democratic control of the military were established and clearly stated in the constitutional text and the tasks...book announced all principles driving the decision making process in Serbia related to national security and defense. The defense budget procedures

Chemical Industry Security: Voluntary or Mandatory Approach?

DTIC Science & Technology

2007-03-01

reasonably ask ourselves whether we run the risk of comparing apples and oranges when trying to learn something new from them.35 The main...Myriam Dunn’s caution of comparing apples and oranges in CIP strategies. The European Union strategy of classifying CI information does not appear...level to establish an effective oversight program. SWOT Analysis – New Jersey Department of Environmental Protection Strengths: • Existing

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Determining Home Range and Preferred Habitat of Feral Horses on the Nevada National Security Site Using Geographic Information Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Burns, Ashley V.

2014-05-30

Feral horses (Equus caballus) are free-roaming descendants of domesticated horses and legally protected by the Wild and Free-Roaming Horses and Burros Act of 1971, which mandates how feral horses and burros should be managed and protected on federal lands. Using a geographic information system to determine the home range and suitable habitat of feral horses on the federally managed Nevada National Security Site can enable wildlife biologists in making best management practice recommendations. Home range was estimated at 88.1 square kilometers. Site suitability was calculated for elevation, forage, slope, water presence and horse observations. These variables were combined in successivemore » iterations into one polygon. Suitability rankings established that 85 square kilometers are most suitable habitat, with 2,052 square kilometers of good habitat 1,252 square kilometers of fair habitat and 122 square kilometers of least suitable habitat.« less

Demonstration of Monogamy Relations for Einstein-Podolsky-Rosen Steering in Gaussian Cluster States.

PubMed

Deng, Xiaowei; Xiang, Yu; Tian, Caixing; Adesso, Gerardo; He, Qiongyi; Gong, Qihuang; Su, Xiaolong; Xie, Changde; Peng, Kunchi

2017-06-09

Understanding how quantum resources can be quantified and distributed over many parties has profound applications in quantum communication. As one of the most intriguing features of quantum mechanics, Einstein-Podolsky-Rosen (EPR) steering is a useful resource for secure quantum networks. By reconstructing the covariance matrix of a continuous variable four-mode square Gaussian cluster state subject to asymmetric loss, we quantify the amount of bipartite steering with a variable number of modes per party, and verify recently introduced monogamy relations for Gaussian steerability, which establish quantitative constraints on the security of information shared among different parties. We observe a very rich structure for the steering distribution, and demonstrate one-way EPR steering of the cluster state under Gaussian measurements, as well as one-to-multimode steering. Our experiment paves the way for exploiting EPR steering in Gaussian cluster states as a valuable resource for multiparty quantum information tasks.

Demonstration of Monogamy Relations for Einstein-Podolsky-Rosen Steering in Gaussian Cluster States

NASA Astrophysics Data System (ADS)

Deng, Xiaowei; Xiang, Yu; Tian, Caixing; Adesso, Gerardo; He, Qiongyi; Gong, Qihuang; Su, Xiaolong; Xie, Changde; Peng, Kunchi

2017-06-01

Understanding how quantum resources can be quantified and distributed over many parties has profound applications in quantum communication. As one of the most intriguing features of quantum mechanics, Einstein-Podolsky-Rosen (EPR) steering is a useful resource for secure quantum networks. By reconstructing the covariance matrix of a continuous variable four-mode square Gaussian cluster state subject to asymmetric loss, we quantify the amount of bipartite steering with a variable number of modes per party, and verify recently introduced monogamy relations for Gaussian steerability, which establish quantitative constraints on the security of information shared among different parties. We observe a very rich structure for the steering distribution, and demonstrate one-way EPR steering of the cluster state under Gaussian measurements, as well as one-to-multimode steering. Our experiment paves the way for exploiting EPR steering in Gaussian cluster states as a valuable resource for multiparty quantum information tasks.

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study.

PubMed

Papoutsi, Chrysanthi; Reed, Julie E; Marston, Cicely; Lewis, Ruth; Majeed, Azeem; Bell, Derek

2015-10-14

Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Patient and public worries about the security risks associated with integrated EHRs highlight the need for intensive public awareness and engagement initiatives, together with the establishment of trustworthy security and privacy mechanisms for health information sharing.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 326.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Security program. 326.3 Section 326.3 Banks and... SECURITY DEVICES AND PROCEDURES AND BANK SECRECY ACT 1 COMPLIANCE Minimum Security Procedures § 326.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures...

12 CFR 326.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Security program. 326.3 Section 326.3 Banks and... SECURITY DEVICES AND PROCEDURES AND BANK SECRECY ACT 1 COMPLIANCE Minimum Security Procedures § 326.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures...

HIPAA Privacy 101: essentials for case management practice.

PubMed

DiBenedetto, Deborah V

2003-01-01

The Health Insurance Portability and Accountability Act (HIPAA) has significant impact on the delivery of healthcare in the United States. The Administrative Simplification (AS) requirements of HIPAA are aimed at reducing administrative costs and burdens in the healthcare industry. The core components of HIPAA's AS requirements address healthcare transactions, code sets, security, unique identifiers, and privacy of health information. HIPAA's privacy standard limits the nonconsensual use and release of private health information, gives patients new rights to access their medical records and to know who else has accessed them, restricts most disclosure of health information to the minimum needed for the intended purpose, establishes new criminal and civil sanctions for improper use or disclosure, and establishes new requirements for access to records by researchers and others. This article focuses on HIPAA's privacy requirements as related to case management of workers compensation populations, the treatment of protected health information, and how case managers can ensure they provide appropriate services while navigating the requirements of HIPAA's privacy standard.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

75 FR 77925 - Self-Regulatory Organizations; NASDAQ OMX BX, Inc.; Notice of Filing and Immediate Effectiveness...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-14

... Establish Strike Price Intervals and Trading Hours for Options on Index-Linked Securities December 8, 2010... Business) of the Rules of the Boston Options Exchange Group, LLC (``BOX'') to establish strike price... proposing to establish strike price intervals and trading hours for these products. The Securities and...

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Statistics-based email communication security behavior recognition

NASA Astrophysics Data System (ADS)

Yi, Junkai; Su, Yueyang; Zhao, Xianghui

2017-08-01

With the development of information technology, e-mail has become a popular communication medium. It has great significant to determine the relationship between the two sides of the communication. Firstly, this paper analysed and processed the content and attachment of e-mail using the skill of steganalysis and malware analysis. And it also conducts the following feature extracting and behaviour model establishing which based on Naive Bayesian theory. Then a behaviour analysis method was employed to calculate and evaluate the communication security. Finally, some experiments about the accuracy of the behavioural relationship of communication identifying has been carried out. The result shows that this method has a great effects and correctness as eighty-four percent.

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

[Quality insurance system establishment in the management of home-based chemotherapy: example of hospital at home "Assistance publique-Hôpitaux de Paris"].

PubMed

Benizri, F; Balladur, E; Darse, J; Guérin, J; Boudy, V; Echard, M; Brodin, M; Hagenmüller, J B; Prognon, P; Bonan, B

2010-09-01

While home-based chemotherapy improves comfort and quality of life of patients, quality and safety conditions must be equivalent to hospital settings. In addition, organization is much more complex. At the hospital at home "Assistance publique-Hôpitaux de Paris", prescribers are potentially spread across 21 health facilities. The administration of chemotherapy is performed by about 300 nurses at the patient's home in Paris and its suburbs. Centralized preparations of chemotherapy began in September 2009 by the pharmacy department of Georges-Pompidou European hospital, with a progressive increase of the activity. This article describes the quality insurance system established with this new organization to meet the specific challenges of home therapy: choice of eligible anticancer drugs, computerized information systems and networking with other heath facilities, secure transport conditions, traceability from the prescription to the administration, security of administration. This experience can offer an important support for other centres in their approach of quality insurance for home chemotherapy.

A framework for secure and decentralized sharing of medical imaging data via blockchain consensus.

PubMed

Patel, Vishal

2018-04-01

The electronic sharing of medical imaging data is an important element of modern healthcare systems, but current infrastructure for cross-site image transfer depends on trust in third-party intermediaries. In this work, we examine the blockchain concept, which enables parties to establish consensus without relying on a central authority. We develop a framework for cross-domain image sharing that uses a blockchain as a distributed data store to establish a ledger of radiological studies and patient-defined access permissions. The blockchain framework is shown to eliminate third-party access to protected health information, satisfy many criteria of an interoperable health system, and readily generalize to domains beyond medical imaging. Relative drawbacks of the framework include the complexity of the privacy and security models and an unclear regulatory environment. Ultimately, the large-scale feasibility of such an approach remains to be demonstrated and will depend on a number of factors which we discuss in detail.

Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

DTIC Science & Technology

2004-11-01

the context of, e.g., a smart home (Section 7). Our implementation is detailed in Section 8, with a security analysis is Section 9. Section 10...establishment of security parame- ters [17]. This work considers a smart home , where a user may want to establish a security context for controlling...appliances or other devices in a smart - home . We refer to the security property discussed in this work as presence, where it is desirable that only users or

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

Continuous-variable protocol for oblivious transfer in the noisy-storage model.

PubMed

Furrer, Fabian; Gehring, Tobias; Schaffner, Christian; Pacher, Christoph; Schnabel, Roman; Wehner, Stephanie

2018-04-13

Cryptographic protocols are the backbone of our information society. This includes two-party protocols which offer protection against distrustful players. Such protocols can be built from a basic primitive called oblivious transfer. We present and experimentally demonstrate here a quantum protocol for oblivious transfer for optical continuous-variable systems, and prove its security in the noisy-storage model. This model allows us to establish security by sending more quantum signals than an attacker can reliably store during the protocol. The security proof is based on uncertainty relations which we derive for continuous-variable systems, that differ from the ones used in quantum key distribution. We experimentally demonstrate in a proof-of-principle experiment the proposed oblivious transfer protocol for various channel losses by using entangled two-mode squeezed states measured with balanced homodyne detection. Our work enables the implementation of arbitrary two-party quantum cryptographic protocols with continuous-variable communication systems.

Advanced and secure architectural EHR approaches.

PubMed

Blobel, Bernd

2006-01-01

Electronic Health Records (EHRs) provided as a lifelong patient record advance towards core applications of distributed and co-operating health information systems and health networks. For meeting the challenge of scalable, flexible, portable, secure EHR systems, the underlying EHR architecture must be based on the component paradigm and model driven, separating platform-independent and platform-specific models. Allowing manageable models, real systems must be decomposed and simplified. The resulting modelling approach has to follow the ISO Reference Model - Open Distributing Processing (RM-ODP). The ISO RM-ODP describes any system component from different perspectives. Platform-independent perspectives contain the enterprise view (business process, policies, scenarios, use cases), the information view (classes and associations) and the computational view (composition and decomposition), whereas platform-specific perspectives concern the engineering view (physical distribution and realisation) and the technology view (implementation details from protocols up to education and training) on system components. Those views have to be established for components reflecting aspects of all domains involved in healthcare environments including administrative, legal, medical, technical, etc. Thus, security-related component models reflecting all view mentioned have to be established for enabling both application and communication security services as integral part of the system's architecture. Beside decomposition and simplification of system regarding the different viewpoint on their components, different levels of systems' granularity can be defined hiding internals or focusing on properties of basic components to form a more complex structure. The resulting models describe both structure and behaviour of component-based systems. The described approach has been deployed in different projects defining EHR systems and their underlying architectural principles. In that context, the Australian GEHR project, the openEHR initiative, the revision of CEN ENV 13606 "Electronic Health Record communication", all based on Archetypes, but also the HL7 version 3 activities are discussed in some detail. The latter include the HL7 RIM, the HL7 Development Framework, the HL7's clinical document architecture (CDA) as well as the set of models from use cases, activity diagrams, sequence diagrams up to Domain Information Models (DMIMs) and their building blocks Common Message Element Types (CMET) Constraining Models to their underlying concepts. The future-proof EHR architecture as open, user-centric, user-friendly, flexible, scalable, portable core application in health information systems and health networks has to follow advanced architectural paradigms.

Privacy as an enabler, not an impediment: building trust into health information exchange.

PubMed

McGraw, Deven; Dempsey, James X; Harris, Leslie; Goldman, Janlori

2009-01-01

Building privacy and security protections into health information technology systems will bolster trust in such systems and promote their adoption. The privacy issue, too long seen as a barrier to electronic health information exchange, can be resolved through a comprehensive framework that implements core privacy principles, adopts trusted network design characteristics, and establishes oversight and accountability mechanisms. The public policy challenges of implementing this framework in a complex and evolving environment will require improvements to existing law, new rules for entities outside the traditional health care sector, a more nuanced approach to the role of consent, and stronger enforcement mechanisms.

Advanced information society(7)

NASA Astrophysics Data System (ADS)

Chiba, Toshihiro

Various threats are hiding in advanced informationalized society. As we see car accident problems in motorization society light aspects necessarily accompy shady ones. Under the changing circumstances of advanced informationalization added values of information has become much higher. It causes computer crime, hacker, computer virus to come to the surface. In addition it can be said that infringement of intellectual property and privacy are threats brought by advanced information. Against these threats legal, institutional and insurance measures have been progressed, and newly security industry has been established. However, they are not adequate individually or totally. The future vision should be clarified, and countermeasures according to the visions have to be considered.

Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

PubMed

Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

2013-06-01

Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

A secure distributed logistic regression protocol for the detection of rare adverse drug events

PubMed Central

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-01-01

Background There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. Objective To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. Methods We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. Results The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. Conclusion The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models. PMID:22871397

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

PubMed

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

A game-theoretical approach to multimedia social networks security.

PubMed

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

A Game-Theoretical Approach to Multimedia Social Networks Security

PubMed Central

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

A Video Game for Cyber Security Training and Awareness

DTIC Science & Technology

2006-01-01

potentially mundane. Video games have been proposed as an engaging training vehicle (Prenski, 2001). Here we describe a video game-like tool called Cyber- CIEGE...formation assurance, and information assurance technolo- gists with little background in video games . Early focus was on establishing a language that... video games or adventure games appear more inclined to explorethe game, sometimes proceeding beyond the simple aware- ness scenarios into more

MDA DS COI Spiral 3 - NOA, SILO and ABAC

DTIC Science & Technology

2009-06-01

agencies. The National Plan to Achieve MDA, a by-product of the Maritime Security Policy, established the national maritime common operating picture...information about vessels determined to be of interest by intelligence and operational organizations and is normally classified or highly sensitive. Exposing...makes it available to its users. For Spiral 3, the Coast Guard team, consisting of CG-26, the Operations Systems Center (OSC), and the Coast Guard

Sustainable Development: A Strategy for Regaining Control of Northern Mali

DTIC Science & Technology

2014-06-01

informal attempts to conduct evasive maneuvers to achieve desired end results. The Project for National Security Reform argued that at times “… end runs...recognizing the internal borders that France established in the early twentieth century . Still, Model II optimally assigns projects based on... Project Design 4. In the end , Model I allocated the projects while addressing the following supplemental research questions posed in chapters I and

[Quality management and participation into clinical database].

PubMed

Okubo, Suguru; Miyata, Hiroaki; Tomotaki, Ai; Motomura, Noboru; Murakami, Arata; Ono, Minoru; Iwanaka, Tadashi

2013-07-01

Quality management is necessary for establishing useful clinical database in cooperation with healthcare professionals and facilities. The ways of management are 1) progress management of data entry, 2) liaison with database participants (healthcare professionals), and 3) modification of data collection form. In addition, healthcare facilities are supposed to consider ethical issues and information security for joining clinical databases. Database participants should check ethical review boards and consultation service for patients.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

12 CFR 168.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 1 2014-01-01 2014-01-01 false Security program. 168.3 Section 168.3 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY SECURITY PROCEDURES § 168.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for...

12 CFR 568.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 6 2014-01-01 2012-01-01 true Security program. 568.3 Section 568.3 Banks and Banking OFFICE OF THRIFT SUPERVISION, DEPARTMENT OF THE TREASURY SECURITY PROCEDURES § 568.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for...

12 CFR 391.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Security program. 391.3 Section 391.3 Banks and... OF THRIFT SUPERVISION REGULATIONS Security Procedures § 391.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for opening and closing for business...

12 CFR 168.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 1 2013-01-01 2013-01-01 false Security program. 168.3 Section 168.3 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY SECURITY PROCEDURES § 168.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for...

12 CFR 391.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Security program. 391.3 Section 391.3 Banks and... OF THRIFT SUPERVISION REGULATIONS Security Procedures § 391.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for opening and closing for business...

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

75 FR 27608 - Self-Regulatory Organizations; NYSE Arca, Inc.; Notice of Filing and Immediate Effectiveness of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-17

... Change To Establish Strike Price Intervals and Trading Hours for Options on Index Linked Securities May....4 Commentary .05 to establish strike price intervals for options on Index Linked Securities,\\3\\ and... Rule 7.1 Commentary .02 to establish strike price intervals and trading hours for options on Index...

20 CFR 416.941 - Establishment and use of referral and monitoring agencies.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Establishment and use of referral and monitoring agencies. 416.941 Section 416.941 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SUPPLEMENTAL SECURITY INCOME FOR THE AGED, BLIND, AND DISABLED Determining Disability and Blindness Drug Addiction and Alcoholism § 416.941 Establishment and us...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Impacts of marine protected areas on fishing communities.

PubMed

Mascia, Michael B; Claus, C Anne; Naidoo, Robin

2010-10-01

Marine protected areas (MPAs) are a popular conservation strategy, but their impacts on human welfare are poorly understood. To inform future research and policy decisions, we reviewed the scientific literature to assess MPA impacts on five indicators of human welfare: food security, resource rights, employment, community organization, and income. Following MPA establishment, food security generally remained stable or increased in older and smaller MPAs. The ability of most fishing groups to govern MPA resources changed. Increased resource rights were positively correlated with MPA zoning and compliance with MPA regulations. Small sample sizes precluded statistical tests of the impacts of MPAs on employment, community organization, and income. Our results demonstrate that MPAs shape the social well-being and political power of fishing communities; impacts (positive and negative) vary within and among social groups; and social impacts are correlated with some--but not all--commonly hypothesized explanatory factors. Accordingly, MPAs may represent a viable strategy for enhancing food security and empowering local communities, but current practices negatively affect at least a minority of fishers. To inform policy making, further research must better document and explain variation in the positive and negative social impacts of MPAs. © 2010 Society for Conservation Biology.

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Research on Decision-Making Support of Chineserural Land Tenure Information System

NASA Astrophysics Data System (ADS)

Tan, Jun; Su, Hongyou

Since 1949, the information of land tenure has a positive effect on defining the scope of collective land and state-owned land, implementing the system of cultivated land protection and land use control, designing general land use planning, etc. But as the economic and social development, the existing land tenure information is not appropriate anymore and results in many problems. The emphasis in the near future should be placed on establishing rural land tenure information system including cadastral management system, the uniform property registration system and cadastral management information system, defining the scope and content of various collective land ownership, securing peasants' land tenure rights, shortening the gap between urban and rural areas, all of which will guarantee the effective use of information of land tenure for the government's decision-making.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

The utility of the Historical Clinical Risk-20 Scale as a predictor of outcomes in decisions to transfer patients from high to lower levels of security--a UK perspective.

PubMed

Dolan, Mairead; Blattner, Regine

2010-09-29

Structured Professional Judgment (SPJ) approaches to violence risk assessment are increasingly being adopted into clinical practice in international forensic settings. The aim of this study was to examine the predictive validity of the Historical Clinical Risk -20 (HCR-20) violence risk assessment scale for outcome following transfers from high to medium security in a United Kingdom setting. The sample was predominately male and mentally ill and the majority of cases were detained under the criminal section of the Mental Health Act (1986). The HCR-20 was rated based on detailed case file information on 72 cases transferred from high to medium security. Outcomes were examined, independent of risk score, and cases were classed as "success or failure" based on established criteria. The mean length of follow up was 6 years. The total HCR-20 score was a robust predictor of failure at lower levels of security and return to high security. The Clinical and Risk management items contributed most to predictive accuracy. Although the HCR-20 was designed as a violence risk prediction tool our findings suggest it has potential utility in decisions to transfer patients from high to lower levels of security.

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

5 CFR 9701.101 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... establishment of a new human resources management system within the Department of Homeland Security (DHS), as...

Protecting HIV information in countries scaling up HIV services: a baseline study.

PubMed

Beck, Eduard J; Mandalia, Sundhiya; Harling, Guy; Santas, Xenophon M; Mosure, Debra; Delay, Paul R

2011-02-06

Individual-level data are needed to optimize clinical care and monitor and evaluate HIV services. Confidentiality and security of such data must be safeguarded to avoid stigmatization and discrimination of people living with HIV. We set out to assess the extent that countries scaling up HIV services have developed and implemented guidelines to protect the confidentiality and security of HIV information. Questionnaires were sent to UNAIDS field staff in 98 middle- and lower-income countries, some reportedly with guidelines (G-countries) and others intending to develop them (NG-countries). Responses were scored, aggregated and weighted to produce standard scores for six categories: information governance, country policies, data collection, data storage, data transfer and data access. Responses were analyzed using regression analyses for associations with national HIV prevalence, gross national income per capita, OECD income, receiving US PEPFAR funding, and being a G- or NG-country. Differences between G- and NG-countries were investigated using non-parametric methods. Higher information governance scores were observed for G-countries compared with NG-countries; no differences were observed between country policies or data collection categories. However, for data storage, data transfer and data access, G-countries had lower scores compared with NG-countries. No significant associations were observed between country score and HIV prevalence, per capita gross national income, OECD economic category, and whether countries had received PEPFAR funding. Few countries, including G-countries, had developed comprehensive guidelines on protecting the confidentiality and security of HIV information. Countries must develop their own guidelines, using established frameworks to guide their efforts, and may require assistance in adapting, adopting and implementing them.

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

Draft secure medical database standard.

PubMed

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

The OAuth 2.0 Web Authorization Protocol for the Internet Addiction Bioinformatics (IABio) Database.

PubMed

Choi, Jeongseok; Kim, Jaekwon; Lee, Dong Kyun; Jang, Kwang Soo; Kim, Dai-Jin; Choi, In Young

2016-03-01

Internet addiction (IA) has become a widespread and problematic phenomenon as smart devices pervade society. Moreover, internet gaming disorder leads to increases in social expenditures for both individuals and nations alike. Although the prevention and treatment of IA are getting more important, the diagnosis of IA remains problematic. Understanding the neurobiological mechanism of behavioral addictions is essential for the development of specific and effective treatments. Although there are many databases related to other addictions, a database for IA has not been developed yet. In addition, bioinformatics databases, especially genetic databases, require a high level of security and should be designed based on medical information standards. In this respect, our study proposes the OAuth standard protocol for database access authorization. The proposed IA Bioinformatics (IABio) database system is based on internet user authentication, which is a guideline for medical information standards, and uses OAuth 2.0 for access control technology. This study designed and developed the system requirements and configuration. The OAuth 2.0 protocol is expected to establish the security of personal medical information and be applied to genomic research on IA.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Design for Security Workshop

DTIC Science & Technology

2014-09-30

fingerprint sensor etc.  Secure application execution  Trust established outwards  With normal world apps  With internet/cloud apps...Xilinx Zynq Security Components and Capabilities © Copyright 2014 Xilinx . Security Features Inherited from FPGAs Zynq Secure Boot TrustZone...2014 Xilinx . Security Features Inherited from FPGAs Zynq Secure Boot TrustZone Integration 4 Agenda © Copyright 2014 Xilinx . Device DNA and User

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

76 FR 34240 - Chemical Transportation Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-13

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2011-0225] Chemical Transportation... Establishment. SUMMARY: The Secretary of Homeland Security has determined that the establishment of the Chemical... performance of duties of the U. S. Coast Guard. Name of Committee: Chemical Transportation Advisory Committee...

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

Health Security Intelligence: Assessing the Nascent Public Health Capability

DTIC Science & Technology

2012-03-01

and one that although dedicated as an HSI analyst, did not work a full 40- hour workweek . Of the three jurisdictions that answered yes to Question 6...during the standard 40- hour workweek is well established. In her book, Out of Bounds, Innovation and Change in Law Enforcement Intelligence Analysis...collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Identifying the Key Weaknesses in Network Security at Colleges.

ERIC Educational Resources Information Center

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

An E-Hospital Security Architecture

NASA Astrophysics Data System (ADS)

Tian, Fang; Adams, Carlisle

In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

Security Operations Curriculum Package: BS in Global Security and Intelligence Studies, Security Operations Management Track, Embry-Riddle Aeronautical University, Prescott, AZ. BS in Security Operations Management, Model Curriculum

DTIC Science & Technology

2011-10-24

Operations Management Track in the established B.S. in Global Security and Intelligence Studies Degree offered at Embry-Riddle Aeronautical University...and a model 4 -year college curriculum for a BS degree in Security Operations Management

Progress toward establishing a national assessment of water availability and use

USGS Publications Warehouse

Alley, William M.; Evenson, Eric J.; Barber, Nancy L.; Bruce, Breton W.; Dennehy, Kevin F.; Freeman, Mary C.; Freeman, Ward O.; Fischer, Jeffrey M.; Hughes, William B.; Kennen, Jonathan G.; Kiang, Julie E.; Maloney, Kelly O.; Musgrove, MaryLynn; Ralston, Barbara E.; Tessler, Steven; Verdin, James P.

2013-01-01

The Omnibus Public Land Management Act of 2009 (Public Law 111-11) was passed into law on March 30, 2009. Subtitle F, also known as the SECURE Water Act, calls for the establishment of a "national water availability and use assessment program" within the U.S. Geological Survey (USGS). A major driver for this recommendation was that national water availability and use have not been comprehensively assessed since 1978. This report fulfills a requirement to report to Congress on progress in implementing the national water availability and use assessment program, also referred to as the National Water Census. The SECURE Water Act authorized \\$20 million for each of fiscal years (FY) 2009 through 2023 for assessment of national water availability and use. The first appropriation for this effort was \\$4 million in FY 2011, followed by an appropriation of \\$6 million in FY 2012. The National Water Census synthesizes and reports information at the regional and national scales, with an emphasis on compiling and reporting the information in a way that is useful to states and others responsible for water management and natural-resource issues. The USGS works with Federal and non-Federal agencies, universities, and other organizations to ensure that the information can be aggregated with other types of water-availability and socioeconomic information, such as data on food and energy production. To maximize the utility of the information, the USGS coordinates the design and development of the effort through the Federal Advisory Committee on Water Information. A National Water Census is a complex undertaking, particularly because there are major gaps in the information needed to conduct such an assessment. To maximize progress, the USGS engaged stakeholders in a discussion of priorities and leveraged existing studies and program activities to enhance efforts toward the development of a National Water Census.

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Legal issues concerning electronic health information: privacy, quality, and liability.

PubMed

Hodge, J G; Gostin, L O; Jacobson, P D

1999-10-20

Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections.

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Suspect/Counterfeit Items Information Guide for Subcontractors/Suppliers

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tessmar, Nancy D.; Salazar, Michael J.

2012-09-18

Counterfeiting of industrial and commercial grade items is an international problem that places worker safety, program objectives, expensive equipment, and security at risk. In order to prevent the introduction of Suspect/Counterfeit Items (S/CI), this information sheet is being made available as a guide to assist in the implementation of S/CI awareness and controls, in conjunction with subcontractor's/supplier's quality assurance programs. When it comes to counterfeit goods, including industrial materials, items, and equipment, no market is immune. Some manufactures have been known to misrepresent their products and intentionally use inferior materials and processes to manufacture substandard items, whose properties can significantlymore » cart from established standards and specifications. These substandard items termed by the Department of Energy (DOE) as S/CI, pose immediate and potential threats to the safety of DOE and contractor workers, the public, and the environment. Failure of certain systems and processes caused by an S/CI could also have national security implications at Los Alamos National Laboratory (LANL). Nuclear Safety Rules (federal Laws), DOE Orders, and other regulations set forth requirements for DOE contractors to implement effective controls to assure that items and services meet specified requirements. This includes techniques to implement and thereby minimizing the potential threat of entry of S/CI to LANL. As a qualified supplier of goods or services to the LANL, your company will be required to establish and maintain effective controls to prevent the introduction of S/CI to LANL. This will require that your company warrant that all items (including their subassemblies, components, and parts) sold to LANL are genuine (i.e. not counterfeit), new, and unused, and conform to the requirements of the LANL purchase orders/contracts unless otherwise approved in writing to the Los Alamos National Security (LANS) contract administrator/procurements specialist.« less

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

The Design of Data Disaster Recovery of National Fundamental Geographic Information System

NASA Astrophysics Data System (ADS)

Zhai, Y.; Chen, J.; Liu, L.; Liu, J.

2014-04-01

With the development of information technology, data security of information system is facing more and more challenges. The geographic information of surveying and mapping is fundamental and strategic resource, which is applied in all areas of national economic, defence and social development. It is especially vital to national and social interests when such classified geographic information is directly concerning Chinese sovereignty. Several urgent problems that needs to be resolved for surveying and mapping are how to do well in mass data storage and backup, establishing and improving the disaster backup system especially after sudden natural calamity accident, and ensuring all sectors rapidly restored on information system will operate correctly. For overcoming various disaster risks, protect the security of data and reduce the impact of the disaster, it's no doubt the effective way is to analysis and research on the features of storage and management and security requirements, as well as to ensure that the design of data disaster recovery system suitable for the surveying and mapping. This article analyses the features of fundamental geographic information data and the requirements of storage management, three site disaster recovery system of DBMS plan based on the popular network, storage and backup, data replication and remote switch of application technologies. In LAN that synchronous replication between database management servers and the local storage of backup management systems, simultaneously, remote asynchronous data replication between local storage backup management systems and remote database management servers. The core of the system is resolving local disaster in the remote site, ensuring data security and business continuity of local site. This article focuses on the following points: background, the necessity of disaster recovery system, the analysis of the data achievements and data disaster recovery plan. Features of this program is to use a hardware-based data hot backup, and remote online disaster recovery support for Oracle database system. The achievement of this paper is in summarizing and analysing the common characteristics of disaster of surveying and mapping business system requirements, while based on the actual situation of the industry, designed the basic GIS disaster recovery solutions, and we also give the conclusions about key technologies of RTO and RPO.

Final LDRD Report: Using Linkography of Cyber Attack Patterns to Inform Honeytoken Placement.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mitchell, Robert; Jarocki, John Charles; Fisher, Andrew N

The war to establish cyber supremacy continues, and the literature is crowded with strictly technical cyber security measures. We present the results of a three year LDRD project using Linkography, a methodology new to the field of cyber security, we establish the foundation neces- sary to track and profile the microbehavior of humans attacking cyber systems. We also propose ways to leverage this understanding to influence and deceive these attackers. We studied the sci- ence of linkography, applied it to the cyber security domain, implemented a software package to manage linkographs, generated the preprocessing blocks necessary to ingest raw data,more » produced machine learning models, created ontology refinement algorithms and prototyped a web applica- tion for researchers and practitioners to apply linkography. Machine learning produced some of our key results: We trained and validated multinomial classifiers with a real world data set and predicted the attacker's next category of action with 86 to 98% accuracy; dimension reduction techniques indicated that the linkography-based features were among the most powerful. We also discovered ontology refinement algorithms that advanced the state of the art in linkography in general and cyber security in particular. We conclude that linkography is a viable tool for cyber security; we look forward to expanding our work to other data sources and using our prediction results to enable adversary deception techniques. Acknowledgements Thanks to Phil Bennett, Michael Bernard, Jeffrey Bigg, Marshall Daniels, Tyler Dean, David Dug- gan, Carson Kent, Josh Maine, Marci McBride, Nick Peterson, Katie Rodhouse, Asael Sorenson, Roger Suppona, Scott Watson and David Zage. We acknowledge support for this work by the LDRD Program at Sandia National Laboratories. Sandia National Laboratories is a multi-mission laboratory operated by Sandia Corporation for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000. This page intentionally left blank.« less

A study on agent-based secure scheme for electronic medical record system.

PubMed

Chen, Tzer-Long; Chung, Yu-Fang; Lin, Frank Y S

2012-06-01

Patient records, including doctors' diagnoses of diseases, trace of treatments and patients' conditions, nursing actions, and examination results from allied health profession departments, are the most important medical records of patients in medical systems. With patient records, medical staff can instantly understand the entire medical information of a patient so that, according to the patient's conditions, more accurate diagnoses and more appropriate in-depth treatments can be provided. Nevertheless, in such a modern society with booming information technologies, traditional paper-based patient records have faced a lot of problems, such as lack of uniform formats, low data mobility, slow data transfer, illegible handwritings, enormous and insufficient storage space, difficulty of conservation, being easily damaged, and low transferability. To improve such drawbacks, reduce medical costs, and advance medical quality, paper-based patient records are modified into electronic medical records and reformed into electronic patient records. However, since electronic patient records used in various hospitals are diverse and different, in consideration of cost, it is rather difficult to establish a compatible and complete integrated electronic patient records system to unify patient records from heterogeneous systems in hospitals. Moreover, as the booming of the Internet, it is no longer necessary to build an integrated system. Instead, doctors can instantly look up patients' complete information through the Internet access to electronic patient records as well as avoid the above difficulties. Nonetheless, the major problem of accessing to electronic patient records cross-hospital systems exists in the security of transmitting and accessing to the records in case of unauthorized medical personnels intercepting or stealing the information. This study applies the Mobile Agent scheme to cope with the problem. Since a Mobile Agent is a program, which can move among hosts and automatically disperse arithmetic processes, and moves from one host to another in heterogeneous network systems with the characteristics of autonomy and mobility, decreasing network traffic, reducing transfer lag, encapsulating protocol, availability on heterogeneous platforms, fault-tolerance, high flexibility, and personalization. However, since a Mobile Agent contacts and exchanges information with other hosts or agents on the Internet for rapid exchange and access to medical information, the security is threatened. In order to solve the problem, this study proposes a key management scheme based on Lagrange interpolation formulas and hierarchical management structure to make Mobile Agents a more secure and efficient access control scheme for electronic patient record systems when applied to the access of patients' personal electronic patient records cross hospitals. Meanwhile, with the comparison of security and efficacy analyses being the feasibility of validation scheme and the basis of better efficiency, the security of Mobile Agents in the process of operation can be guaranteed, key management efficacy can be advanced, and the security of the Mobile Agent system can be protected.

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

Secure anonymous mutual authentication for star two-tier wireless body area networks.

PubMed

Ibrahim, Maged Hamada; Kumari, Saru; Das, Ashok Kumar; Wazid, Mohammad; Odelu, Vanga

2016-10-01

Mutual authentication is a very important service that must be established between sensor nodes in wireless body area network (WBAN) to ensure the originality and integrity of the patient's data sent by sensors distributed on different parts of the body. However, mutual authentication service is not enough. An adversary can benefit from monitoring the traffic and knowing which sensor is in transmission of patient's data. Observing the traffic (even without disclosing the context) and knowing its origin, it can reveal to the adversary information about the patient's medical conditions. Therefore, anonymity of the communicating sensors is an important service as well. Few works have been conducted in the area of mutual authentication among sensor nodes in WBAN. However, none of them has considered anonymity among body sensor nodes. Up to our knowledge, our protocol is the first attempt to consider this service in a two-tier WBAN. We propose a new secure protocol to realize anonymous mutual authentication and confidential transmission for star two-tier WBAN topology. The proposed protocol uses simple cryptographic primitives. We prove the security of the proposed protocol using the widely-accepted Burrows-Abadi-Needham (BAN) logic, and also through rigorous informal security analysis. In addition, to demonstrate the practicality of our protocol, we evaluate it using NS-2 simulator. BAN logic and informal security analysis prove that our proposed protocol achieves the necessary security requirements and goals of an authentication service. The simulation results show the impact on the various network parameters, such as end-to-end delay and throughput. The nodes in the network require to store few hundred bits. Nodes require to perform very few hash invocations, which are computationally very efficient. The communication cost of the proposed protocol is few hundred bits in one round of communication. Due to the low computation cost, the energy consumed by the nodes is also low. Our proposed protocol is a lightweight anonymous mutually authentication protocol to mutually authenticate the sensor nodes with the controller node (hub) in a star two-tier WBAN topology. Results show that our protocol proves efficiency over previously proposed protocols and at the same time, achieves the necessary security requirements for a secure anonymous mutual authentication scheme. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

76 FR 30243 - Minimum Security Devices and Procedures

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... DEPARTMENT OF THE TREASURY Office of Thrift Supervision Minimum Security Devices and Procedures.... Title of Proposal: Minimum Security Devices and Procedures. OMB Number: 1550-0062. Form Number: N/A. Description: The requirement that savings associations establish a written security program is necessitated by...

A Key Establishment Protocol for RFID User in IPTV Environment

NASA Astrophysics Data System (ADS)

Jeong, Yoon-Su; Kim, Yong-Tae; Sohn, Jae-Min; Park, Gil-Cheol; Lee, Sang-Ho

In recent years, the usage of IPTV (Internet Protocol Television) has been increased. The reason is a technological convergence of broadcasting and telecommunication delivering interactive applications and multimedia content through high speed Internet connections. The main critical point of IPTV security requirements is subscriber authentication. That is, IPTV service should have the capability to identify the subscribers to prohibit illegal access. Currently, IPTV service does not provide a sound authentication mechanism to verify the identity of its wireless users (or devices). This paper focuses on a lightweight authentication and key establishment protocol based on the use of hash functions. The proposed approach provides effective authentication for a mobile user with a RFID tag whose authentication information is communicated back and forth with the IPTV authentication server via IPTV set-top box (STB). That is, the proposed protocol generates user's authentication information that is a bundle of two public keys derived from hashing user's private keys and RFID tag's session identifier, and adds 1bit to this bundled information for subscriber's information confidentiality before passing it to the authentication server.

Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

DTIC Science & Technology

1999-04-01

management is the process of accessing and quantifying risk , and establishing an acceptable level of risk for the organization. Managing risk is an...Process of assessing and quantifying risk and establishing acceptable level of risk for the organization. [IEEE 13335-1:1996] Security Engineering

Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

NASA Technical Reports Server (NTRS)

Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

2012-01-01

As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are necessary. AIU achieves fine-grain data access and user control, reducing the security risk significantly, simplifying the complexity of various security operations, and providing the high information assurance across different network domains.

HIPAA--a real world perspective.

PubMed

Nulan, C

2001-01-01

An effective and realistic approach to HIPAA compliance requires healthcare organizations to achieve a fundamental shift in attitude, awareness, habits and capabilities in the areas of privacy and security. They must create a sense of accountability among staff, and even patients, for the safeguarding of patient information. Only when this culture shift has occurred, along with the required technological advancements, can HIPAA compliance be realistically achieved. There is still ample time to create the organizational shift necessary, along with technological enhancements, to meet HIPAA requirements. Beyond compliance, HIPAA will benefit the healthcare industry by promoting administrative simplification--the original intention of the Act. And it will require the healthcare industry, in an abbreviated timeframe, to upgrade its level of sophistication in managing information. HIPAA certification springs from an organizational compliance method that has been underway in government for the past two decades. The HIPAA playbook is taken lock, stock and barrel from other Federal guidelines. HIPAA's legislative lineage includes the Healthcare Reform Act of 1993, Paperwork Reduction Act of 1980, Computer Security Act of 1987 and the Privacy Act of 1974. HIPAA means that public and private sector healthcare organizations are going to be required by law to adopt the same information-handling practices that have been in effect in the Federal government for years. That boils down to two things: Standardized formatting of data electronically exchanged between providers, payers and business partners (EDI) Federalization of security and privacy practices within private-sector healthcare information management The key to making HIPAA compliance achievable within a practical timeframe, as well as instituting the culture changes that go with enhanced privacy and security standards, is a process that is largely unfamiliar in the private sector, called administrative certification and accreditation. Certification is an organizational change-management methodology that drives accountability for security down to that level in the organization where it will concretely and tangibly get done. It is a comprehensive managerial assessment of the technical and non-technical security features and other safeguards of a system associated with its use and environment. The assessment seeks to establish and document the extent to which a particular system meets a set of specified security requirements. HIPAA accreditation occurs when all functional managers in an organization have completed reports of what they know they need to do in their areas. They submit that information to an executive official within the organization who functions as the accrediting official for the organization. Accreditation is the formal declaration that an information system is approved to operate in a particular security mode using a prescribed set of safeguards and should be strongly based on the solvable vulnerabilities and residual risks identified during certification. Institutionalizing a practical and formal HIPAA certification program is important to support business activities and can provide several benefits including increased communication within an organization.

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

Maritime security report. May 2000 [Organization of American States Tactical Advisory Group on Port Security

DOT National Transportation Integrated Search

2000-05-01

The member countries of the Organization of American States (OAS) have recognized that a coordinated multilateral approach to improving port security in the Western Hemisphere is needed and has established a Technical Advisory Group on Port Security ...

Making Schools Safe: The Role of the Modern Business Officer.

ERIC Educational Resources Information Center

Stephens, Ronald D.

1990-01-01

School business officials are held responsible for school safety. After conducting a school security audit, the following strategies are recommended: establishing a local school security task force; forming a comprehensive crisis management plan; establishing a school communication network; and providing school staff with inservice training on…

20 CFR 416.1337 - Exceptions to the continuation of previously established payment level.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Exceptions to the continuation of previously established payment level. 416.1337 Section 416.1337 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SUPPLEMENTAL SECURITY INCOME FOR THE AGED, BLIND, AND DISABLED Suspensions and Terminations § 416.1337...

31 CFR 315.39 - Surrender for payment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... establish his or her identity in accordance with Treasury instructions and identification guidelines. The... presenter must record his or her social security number on the face of the security, provided it does not... appear before an officer authorized to certify requests for payment, establish his or her identity, sign...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

Defense Acquisition Structures and Capabilities Review. Addendum. National Defense Authorization Act Fiscal Year 2006 Section 814 Report

DTIC Science & Technology

2007-06-01

National Security Agency ( NSA ), one significant short- fall in coordinating requirements occurs with respect to NSA and the Information Assurance...funding issues and potential performance and schedule problems. A formal review process for all NSA requirements should therefore be implemented to...issues between Service networks to permit true “joint access. j. Establish a formal review process for all NSA , or any other non-DoD requirements. 3

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

The Chain-Link Fence Model: A Framework for Creating Security Procedures

ERIC Educational Resources Information Center

Houghton, Robert F.

2013-01-01

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

6 CFR 7.11 - Components' responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION Administration § 7.11 Components' responsibilities. Each DHS component shall appoint a security... security information; (b) Report violations of the provisions of this regulation to the Chief Security... component acquire adequate security education and training, as required by the DHS classified information...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.