14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

Strengthening the Security of ESA Ground Data Systems

NASA Astrophysics Data System (ADS)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

The adoption of IT security standards in a healthcare environment.

PubMed

Gomes, Rui; Lapão, Luís Velez

2008-01-01

Security is a vital part of daily life to Hospitals that need to ensure that the information is adequately secured. In Portugal, more CIOs are seeking that their hospital IS departments are properly protecting information assets from security threats. It is imperative to take necessary measures to ensure risk management and business continuity. Security management certification provides just such a guarantee, increasing patient and partner confidence. This paper introduces one best practice for implementing four security controls in a hospital datacenter infrastructure (ISO27002), and describes the security assessment for implementing such controls.

Information security requirements in patient-centred healthcare support systems.

PubMed

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2012 CFR

2012-10-01

... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164.306 Security standards: General rules. (a) General requirements. Covered... covered entity to reasonably and appropriately implement the standards and implementation specifications...

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2013 CFR

2013-10-01

... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164.306 Security standards: General rules. (a) General requirements. Covered... and appropriately implement the standards and implementation specifications as specified in this...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

28 CFR 17.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Administration DEPARTMENT OF JUSTICE CLASSIFIED NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED... Comp., p. 391) and implementing directives from the Information Security Oversight Office of the... Security Information and the criteria for access to this information. Accordingly, this part is a revision...

28 CFR 17.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Administration DEPARTMENT OF JUSTICE CLASSIFIED NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED... Comp., p. 391) and implementing directives from the Information Security Oversight Office of the... Security Information and the criteria for access to this information. Accordingly, this part is a revision...

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

.../index.html/ . Agenda: --Cloud Computing Implementations --Health IT --OpenID --Pending Cyber Security... will be available for the public and media. --OpenID --Cloud Computing Implementations --Security...

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2014 CFR

2014-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2013 CFR

2013-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2012 CFR

2012-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

Report: Information Security Series: Security Practices Safe Drinking Water Information System

EPA Pesticide Factsheets

Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

Security in the management of information systems.

PubMed

Huston, T L; Huston, J L

1998-06-01

Although security technology exists in abundance in health information management systems, the implementation of that technology is often lacking. This lack of implementation can be heavily affected by the attitudes and perceptions of users and management, the "people part" of systems. Particular operational, organizational, and economic factors must be addressed along with employment of security objectives and accountability. Unique threats, as well as controls, pervade the use of microcomputer-based systems as these systems permeate health care information management.

[Research and implementation of the TLS network transport security technology based on DICOM standard].

PubMed

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

EPA Pesticide Factsheets

Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

Agents Based e-Commerce and Securing Exchanged Information

NASA Astrophysics Data System (ADS)

Al-Jaljouli, Raja; Abawajy, Jemal

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2013 CFR

2013-01-01

... Information Security Program 1. Involve the Board of Directors. 2. Assess Risk. 3. Manage and Control Risk. 4. Oversee Service Provider Arrangements. 5. Adjust the Program. 6. Report to the Board. 7. Implementation. A...—Development and Implementation of Information Security Program 1. Involve the Board of Directors. The board of...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2011 CFR

2011-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

Why information security belongs on the CFO's agenda.

PubMed

Quinnild, James; Fusile, Jeff; Smith, Cindy

2006-02-01

Healthcare financial executives need to understand the complex and growing role of information security in supporting the business of health care. The biggest security gaps in healthcare organizations occur in strategy and centralization, business executive preparation, and protected health information. CFOs should collaborate with the CIO in engaging a comprehensive framework to develop, implement, communicate, and maintain an enterprisewide information security strategy.

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2014 CFR

2014-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2012 CFR

2012-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2010 CFR

2010-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2011 CFR

2011-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2013 CFR

2013-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

Getting Employees Involved in Information Security: The Case of Strong Passwords

ERIC Educational Resources Information Center

Taylor, Richard G.

2009-01-01

With the increasing amount and severity of information security incidents, organizations are constantly looking for better ways to protect their information. The implementation of physical safeguards such as firewalls and intrusion detection systems is an integral part on an organization's overall information security; however these safeguards…

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

Analyzing Cases of Resilience Success and Failure - A Research Study

DTIC Science & Technology

2012-12-01

controls [NIST 2012, NIST 2008] ISO 27002 and ISO 27004 Guidelines for initiating, implementing, maintaining, and improving information security...Commission ( ISO /IEC). Information technology—Security techniques—Code of practice for information security management ( ISO /IEC 27002 :2005). ISO /IEC, 2005...security management system and controls or groups of controls [ ISO /IEC 2005, ISO /IEC 2009] CIS Security Metrics Outcome and practice metrics measuring

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

Procedures to cover Spillage of Classified Information Onto Unclassified Systems

EPA Pesticide Factsheets

The purpose of this is to implement the security control requirements and outline actions required when responding to electronic spillage of classified national security information (classified information) onto unclassified information systems or devices.

An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study

ERIC Educational Resources Information Center

Reis, David W.

2012-01-01

Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information…

Information Security Management - Part Of The Integrated Management System

NASA Astrophysics Data System (ADS)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

19 CFR 201.43 - Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... who is responsible for implementation and oversight of information security programs and procedures... complaints regarding all elements of the information security program shall be directed to the Director of... UNITED STATES INTERNATIONAL TRADE COMMISSION GENERAL RULES OF GENERAL APPLICATION National Security...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

A security framework for nationwide health information exchange based on telehealth strategy.

PubMed

Zaidan, B B; Haiqi, Ahmed; Zaidan, A A; Abdulnabi, Mohamed; Kiah, M L Mat; Muzamel, Hussaen

2015-05-01

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

Federal Information Security and Data Breach Notification Laws

DTIC Science & Technology

2009-01-29

The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information...information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and...Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data

Network Security via Biometric Recognition of Patterns of Gene Expression

NASA Technical Reports Server (NTRS)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT (Information Technology) organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time assays of gene expression products.

32 CFR 2004.11 - Agency Implementing Regulations, Internal Rules, or Guidelines [102(b)(3)].

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1 Implementation and Oversight § 2004.11 Agency...

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Department of Veterans Affairs' Implementation of Information Security Education Assistance Program. GAO-10-170R

ERIC Educational Resources Information Center

Wilshusen, Gregory C.; Melvin, Valerie C.

2009-01-01

The Veterans Benefits, Health Care, and Information Technology Act of 2006 authorizes the Secretary of Veterans Affairs to establish an educational assistance program for information security. The Information Security Education Assistance Program is envisioned as a means for the Department of Veterans Affairs (VA) to attract and retain individuals…

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Information security system quality assessment through the intelligent tools

NASA Astrophysics Data System (ADS)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

A Framework for the Governance of Information Security

ERIC Educational Resources Information Center

Edwards, Charles K.

2013-01-01

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

NASA Astrophysics Data System (ADS)

Valdevit, Thierry; Mayer, Nicolas; Barafort, Béatrix

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

Usage of information safety requirements in improving tube bending process

NASA Astrophysics Data System (ADS)

Livshitz, I. I.; Kunakov, E.; Lontsikh, P. A.

2018-05-01

This article is devoted to an improvement of the technological process's analysis with the information security requirements implementation. The aim of this research is the competition increase analysis in aircraft industry enterprises due to the information technology implementation by the example of the tube bending technological process. The article analyzes tube bending kinds and current technique. In addition, a potential risks analysis in a tube bending technological process is carried out in terms of information security.

49 CFR 806.2 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.2 Applicability. This rule supplements Executive Order 12065 within the Board with regard to national security information. It establishes general policies and certain procedures for the classification and declassification of information...

45 CFR 164.318 - Compliance dates for the initial implementation of the security standards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... of Electronic Protected Health Information § 164.318 Compliance dates for the initial implementation of the security standards. (a) Health plan. (1) A health plan that is not a small health plan must... the security standards. 164.318 Section 164.318 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES...

45 CFR 164.318 - Compliance dates for the initial implementation of the security standards.

Code of Federal Regulations, 2012 CFR

2012-10-01

... of Electronic Protected Health Information § 164.318 Compliance dates for the initial implementation of the security standards. (a) Health plan. (1) A health plan that is not a small health plan must... the security standards. 164.318 Section 164.318 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES...

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

Aviation security : TSA has completed key activities associated with implementing secure flight, but additional actions are needed to mitigate risks.

DOT National Transportation Integrated Search

2009-05-01

To enhance aviation security, the Department of Homeland Securitys (DHS) Transportation Security Administration (TSA) developed a programknown as Secure Flightto assume from air carriers the function of matching passenger information against...

Information Systems Security Management: A Review and a Classification of the ISO Standards

NASA Astrophysics Data System (ADS)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

Information Security Management Practices of K-12 School Districts

ERIC Educational Resources Information Center

Nyachwaya, Samson

2013-01-01

The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

Implementation of Medical Information Exchange System Based on EHR Standard

PubMed Central

Han, Soon Hwa; Kim, Sang Guk; Jeong, Jun Yong; Lee, Bi Na; Choi, Myeong Seon; Kim, Il Kon; Park, Woo Sung; Ha, Kyooseob; Cho, Eunyoung; Kim, Yoon; Bae, Jae Bong

2010-01-01

Objectives To develop effective ways of sharing patients' medical information, we developed a new medical information exchange system (MIES) based on a registry server, which enabled us to exchange different types of data generated by various systems. Methods To assure that patient's medical information can be effectively exchanged under different system environments, we adopted the standardized data transfer methods and terminologies suggested by the Center for Interoperable Electronic Healthcare Record (CIEHR) of Korea in order to guarantee interoperability. Regarding information security, MIES followed the security guidelines suggested by the CIEHR of Korea. This study aimed to develop essential security systems for the implementation of online services, such as encryption of communication, server security, database security, protection against hacking, contents, and network security. Results The registry server managed information exchange as well as the registration information of the clinical document architecture (CDA) documents, and the CDA Transfer Server was used to locate and transmit the proper CDA document from the relevant repository. The CDA viewer showed the CDA documents via connection with the information systems of related hospitals. Conclusions This research chooses transfer items and defines document standards that follow CDA standards, such that exchange of CDA documents between different systems became possible through ebXML. The proposed MIES was designed as an independent central registry server model in order to guarantee the essential security of patients' medical information. PMID:21818447

Implementation of Medical Information Exchange System Based on EHR Standard.

PubMed

Han, Soon Hwa; Lee, Min Ho; Kim, Sang Guk; Jeong, Jun Yong; Lee, Bi Na; Choi, Myeong Seon; Kim, Il Kon; Park, Woo Sung; Ha, Kyooseob; Cho, Eunyoung; Kim, Yoon; Bae, Jae Bong

2010-12-01

To develop effective ways of sharing patients' medical information, we developed a new medical information exchange system (MIES) based on a registry server, which enabled us to exchange different types of data generated by various systems. To assure that patient's medical information can be effectively exchanged under different system environments, we adopted the standardized data transfer methods and terminologies suggested by the Center for Interoperable Electronic Healthcare Record (CIEHR) of Korea in order to guarantee interoperability. Regarding information security, MIES followed the security guidelines suggested by the CIEHR of Korea. This study aimed to develop essential security systems for the implementation of online services, such as encryption of communication, server security, database security, protection against hacking, contents, and network security. The registry server managed information exchange as well as the registration information of the clinical document architecture (CDA) documents, and the CDA Transfer Server was used to locate and transmit the proper CDA document from the relevant repository. The CDA viewer showed the CDA documents via connection with the information systems of related hospitals. This research chooses transfer items and defines document standards that follow CDA standards, such that exchange of CDA documents between different systems became possible through ebXML. The proposed MIES was designed as an independent central registry server model in order to guarantee the essential security of patients' medical information.

50 CFR 540.2 - Program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.2 Program. The Executive Director is designated as the Commission's official responsible for implementation and oversight of information security... requests submitted under the Freedom of Information Act are handled in accordance with that Act and that...

50 CFR 540.2 - Program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.2 Program. The Executive Director is designated as the Commission's official responsible for implementation and oversight of information security... requests submitted under the Freedom of Information Act are handled in accordance with that Act and that...

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

Implementing Information Assurance - Beyond Process

DTIC Science & Technology

2009-01-01

disabled or properly configured. Tools and scripts are available to expedite the configuration process on some platforms, For example, approved Windows...in the System Security Plan (SSP) or Information Security Plan (lSP). Any PPSs not required for operation by the system must be disabled , This...Services must be disabled , Implementing an 1M capability within the boundary carries many policy and documentation requirements. Usemame and passwords

Exploring Effects of Organizational Culture upon Implementation of Information Security Awareness and Training Programs within the Defense Industry Located in the Tennessee Valley Region

ERIC Educational Resources Information Center

Grant, Robert Luther

2017-01-01

Data breaches due to social engineering attacks and employee negligence are on the rise. The only known defense against social engineering attacks and employee negligence is information security awareness and training. However, implementation of awareness and training programs within organizations are lagging in priority. This research used the…

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

ERIC Educational Resources Information Center

Bennett, Jeannine B.

2012-01-01

This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

A Hands-On Approach for Teaching Denial of Service Attacks: A Case Study

ERIC Educational Resources Information Center

Trabelsi, Zouheir; Ibrahim, Walid

2013-01-01

Nowadays, many academic institutions are including ethical hacking in their information security and Computer Science programs. Information security students need to experiment common ethical hacking techniques in order to be able to implement the appropriate security solutions. This will allow them to more efficiently protect the confidentiality,…

77 FR 25187 - Extension of Agency Information Collection Activity Under OMB Review: Certified Cargo Screening...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-27

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0053, abstracted below to OMB for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on February 24, 2012, 77 FR 11146, and TSA received no comments. The collections include: (1) Applications from entities that wish to become Certified Cargo Screening Facilities (CCSFs); (2) personal information to allow TSA to conduct security threat assessments on key individuals employed by the CCSFs; (3) implementation of a standard security program or submission of a proposed modified security program; (4) information on the amount of cargo screened; (5) recordkeeping requirements for CCSFs, and any other requests for information relating to cargo screening required to meet the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/ 11 Act) and the Aviation and Transportation Security Act (ATSA) mandates. TSA is seeking the renewal of the ICR for the continuation of the program in order to secure passenger aircraft transporting cargo as required in the 9/11 Act.

Network Security via Biometric Recognition of Patterns of Gene Expression

NASA Technical Reports Server (NTRS)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time expression and assay of gene expression products.

An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1.

PubMed

Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A

2013-10-01

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

Implementing an electronic medication overview in Belgium.

PubMed

Storms, Hannelore; Marquet, Kristel; Nelissen, Katherine; Hulshagen, Leen; Lenie, Jan; Remmen, Roy; Claes, Neree

2014-12-16

An accurate medication overview is essential to reduce medication errors. Therefore, it is essential to keep the medication overview up-to-date and to exchange healthcare information between healthcare professionals and patients. Digitally shared information yields possibilities to improve communication. However, implementing a digitally shared medication overview is challenging. This articles describes the development process of a secured, electronic platform designed for exchanging medication information as executed in a pilot study in Belgium, called "Vitalink". The goal of "Vitalink" is to improve the exchange of medication information between professionals working in healthcare and patients in order to achieve a more efficient cooperation and better quality of care. Healthcare professionals of primary and secondary health care and patients of four Belgian regions participated in the project. In each region project groups coordinated implementation and reported back to the steering committee supervising the pilot study. The electronic medication overview was developed based on consensus in the project groups. The steering committee agreed to establish secured and authorized access through the use of electronic identity documents (eID) and a secured, eHealth-platform conform prior governmental regulations regarding privacy and security of healthcare information. A successful implementation of an electronic medication overview strongly depends on the accessibility and usability of the tool for healthcare professionals. Coordinating teams of the project groups concluded, based on their own observations and on problems reported to them, that secured and quick access to medical data needed to be pursued. According to their observations, the identification process using the eHealth platform, crucial to ensure secured data, was very time consuming. Secondly, software packages should meet the needs of their users, thus be adapted to daily activities of healthcare professionals. Moreover, software should be easy to install and run properly. The project would have benefited from a cost analysis executed by the national bodies prior to implementation.

Effectiveness of the Department of Defense Information Assurance Accreditation Process

DTIC Science & Technology

2013-03-01

meeting the requirements of ISO 27001, Information Security Management System. ISO 27002 provides “security techniques” or best practices that can be...efforts to the next level and implement a recognized standard such as the International Organization for Standards ( ISO ) 27000 Series of standards...implemented by an organization as part of their certification effort.15 Most likely, the main motivation a company would have for achieving an ISO

75 FR 63191 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Certified...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0053, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. The collections include: (1) Applications from entities that wish to become Certified Cargo Screening Facilities (CCSF) or operate as a TSA- approved validation firm; (2) personal information to allow TSA to conduct security threat assessments on key individuals employed by the CCSFs and validation firms; (3) implementation of a standard security program or submission of a proposed modified security program; (4) information on the amount of cargo screened; (5) recordkeeping requirements for CCSFs and validation firms; and (6) submission of validation reports to TSA. TSA is seeking the renewal of the ICR for the continuation of the program in order to secure passenger aircraft carrying cargo by the deadlines set out in the Implementing Recommendations of the 9/11 Commission Act of 2007.

Approach to spatial information security based on digital certificate

NASA Astrophysics Data System (ADS)

Cong, Shengri; Zhang, Kai; Chen, Baowen

2005-11-01

With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations

ERIC Educational Resources Information Center

Davis, Robert E.

2017-01-01

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing…

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

PubMed

Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

PubMed

Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

19 CFR 201.43 - Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... UNITED STATES INTERNATIONAL TRADE COMMISSION GENERAL RULES OF GENERAL APPLICATION National Security Information § 201.43 Program. The Director of Administration is designated as the official of the Commission who is responsible for implementation and oversight of information security programs and procedures...

An Agile Enterprise Regulation Architecture for Health Information Security Management

PubMed Central

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

PubMed

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

Communication security in open health care networks.

PubMed

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

511, America's traveler information number. Deployment assistance report #3, 511 and homeland security.

DOT National Transportation Integrated Search

2002-06-01

Today, transportation agencies are beginning to address the need for threat and vulnerability assessments, and re-examine how existing emergency management plans will be implemented during a homeland security emergency or alert. Travel information is...

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

Assessing and comparing information security in swiss hospitals.

PubMed

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability.

Assessing and Comparing Information Security in Swiss Hospitals

PubMed Central

Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-01-01

Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008). Conclusions Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability. PMID:23611956

6 CFR 7.3 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Definitions. 7.3 Section 7.3 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.3 Definitions. The terms defined or used in Executive Order 12958, as amended, and the implementing directives...

6 CFR 7.3 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Definitions. 7.3 Section 7.3 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.3 Definitions. The terms defined or used in Executive Order 12958, as amended, and the implementing directives...

Privacy and security compliance in the E-healthcare marketplace.

PubMed

Lutes, M

2000-03-01

Complying with security and privacy regulations proposed by HHS in response to the Health Insurance Portability and Accountability Act (HIPAA) will require healthcare managers to address both internal and external business interactions and initiatives. The proposed regulations mandate certain procedures regarding administration, physical safeguards, technical security for data integrity and confidentiality, and technical security against unauthorized access. In particular, the proposed regulations require organizations to contractually ensure that vendors adhere to the regulations. Healthcare organizations also must implement training procedures for staff members who have contact with protected health information and designate a privacy officer to guard against improper disclosure of such information. Documented policies for organizational decision making are vital to an organization's efforts to implement procedures for compliance with the regulations.

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

When trust defies common security sense.

PubMed

Williams, Patricia A H

2008-09-01

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

76 FR 57636 - Privacy Act of 1974: Implementation and Amendment of Exemptions

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-16

..., application of the exemptions to the three new systems of records is necessary to protect information compiled... safety and security of employees in the workplace. Access to such information could allow the subject of...) Records; (8) SEC Security in the Workplace Incident Records; and (9) Investor Response Information System...

The Integration of It Governance, Information Security Leadership and Strategic Alignment in Healthcare: A Correlational Study

ERIC Educational Resources Information Center

Taft, Tiffany H.

2017-01-01

This dissertation is a study of the relationship between Information Technology Governance (ITG), information security leadership, and strategic alignment within a healthcare organization. Strong organizational leadership and adherence to the process are vital to the formulation and management of performance and implementation of key directives.…

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

Protecting the confidentiality and security of personal health information in low- and middle-income countries in the era of SDGs and Big Data.

PubMed

Beck, Eduard J; Gill, Wayne; De Lay, Paul R

2016-01-01

As increasing amounts of personal information are being collected through a plethora of electronic modalities by statutory and non-statutory organizations, ensuring the confidentiality and security of such information has become a major issue globally. While the use of many of these media can be beneficial to individuals or populations, they can also be open to abuse by individuals or statutory and non-statutory organizations. Recent examples include collection of personal information by national security systems and the development of national programs like the Chinese Social Credit System. In many low- and middle-income countries, an increasing amount of personal health information is being collected. The collection of personal health information is necessary, in order to develop longitudinal medical records and to monitor and evaluate the use, cost, outcome, and impact of health services at facility, sub-national, and national levels. However, if personal health information is not held confidentially and securely, individuals with communicable or non-communicable diseases (NCDs) may be reluctant to use preventive or therapeutic health services, due to fear of being stigmatized or discriminated against. While policymakers and other stakeholders in these countries recognize the need to develop and implement policies for protecting the privacy, confidentiality and security of personal health information, to date few of these countries have developed, let alone implemented, coherent policies. The global HIV response continues to emphasize the importance of collecting HIV-health information, recently re-iterated by the Fast Track to End AIDS by 2030 program and the recent changes in the Guidelines on When to Start Antiretroviral Therapy and on Pre-exposure Prophylaxis for HIV . The success of developing HIV treatment cascades in low- and middle-income countries will require the development of National Health Identification Systems. The success of programs like Universal Health Coverage, under the recently ratified Sustainable Development Goals is also contingent on the availability of personal health information for communicable and non-communicable diseases. Guidance for countries to develop and implement their own guidelines for protecting HIV-information formed the basis of identifying a number of fundamental principles, governing the areas of privacy, confidentiality and security. The use of individual-level data must balance maximizing the benefits from their most effective and fullest use, and minimizing harm resulting from their malicious or inadvertent release. These general principles are described in this paper, as along with a bibliography referring to more detailed technical information. A country assessment tool and user's manual, based on these principles, have been developed to support countries to assess the privacy, confidentiality, and security of personal health information at facility, data warehouse/repository, and national levels. The successful development and implementation of national guidance will require strong collaboration at local, regional, and national levels, and this is a pre-condition for the successful implementation of a range of national and global programs. This paper is a call for action for stakeholders in low- and middle-income countries to develop and implement such coherent policies and provides fundamental principles governing the areas of privacy, confidentiality, and security of personal health information being collected in low- and middle-income countries.

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... must establish and implement privacy and security standards that are consistent with the following...

MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

2014-01-01

As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

48 CFR 504.402 - General.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) Implements the requirements of the Department of Defense's Industrial Security Regulation (ISR) and Industrial Security Manual for Safeguarding Classified Information (ISM). By agreement, the Department of Defense (DOD) will act for, and on behalf of, GSA in rendering security services required for safeguarding...

44 CFR 8.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.1 Purpose. (a) Section 5.3(b) of Executive Order (EO) 12356, “National Security Information” requires agencies to promulgate implementing policies and regulations. To...

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

PubMed

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

15 CFR 2008.18 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 15 Commerce and Foreign Trade 3 2010-01-01 2010-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE OF...

15 CFR 2008.18 - Information Security Oversight Committee.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 15 Commerce and Foreign Trade 3 2012-01-01 2012-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE OF...

15 CFR 2008.18 - Information Security Oversight Committee.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 15 Commerce and Foreign Trade 3 2014-01-01 2014-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE OF...

15 CFR 2008.18 - Information Security Oversight Committee.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 3 2013-01-01 2013-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE OF...

15 CFR 2008.18 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 15 Commerce and Foreign Trade 3 2011-01-01 2011-01-01 false Information Security Oversight Committee. 2008.18 Section 2008.18 Commerce and Foreign Trade Regulations Relating to Foreign Trade Agreements OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE REGULATIONS TO IMPLEMENT E.O. 12065; OFFICE OF...

75 FR 9915 - Extension of Agency Information Collection Activity Under OMB Review: Certified Cargo Screening...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-04

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0053, abstracted below to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on November 16, 2009, 74 FR 58967. TSA has received no comments. The collections include: (1) Applications from entities that wish to become Certified Cargo Screening Facilities (CCSF) or operate as a TSA-approved validation firm; (2) personal information to allow TSA to conduct security threat assessments on key individuals employed by the CCSFs and validation firms; (3) implementation of a standard security program or submission of a proposed modified security program; (4) information on the amount of cargo screened; (5) recordkeeping requirements for CCSFs and validation firms; and (6) submission of validation reports to TSA. TSA is seeking the renewal of the ICR for the continuation of the program in order to secure passenger aircraft carrying cargo by the deadlines set out in the Implementing Recommendations of the 9/11 Commission Act of 2007.

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2009-05-27

technology network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional...A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .65 As part of its integration...information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles

NASA Astrophysics Data System (ADS)

Moriyama, Daisuke; Okamoto, Tatsuaki

This paper presents a (PKI-based) two-pass authenticated key exchange (AKE) protocol that is secure in the extended Canetti-Krawczyk (eCK) security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and relies on no implementation techniques such as a trick by LaMacchia, Lauter and Mityagin (so-called the NAXOS trick). Since an AKE protocol that is eCK-secure under a NAXOS-like implementation trick will be no more eCK-secure if some realistic information leakage occurs through side-channel attacks, it has been an important open problem how to realize an eCK-secure AKE protocol without using the NAXOS tricks (and without random oracles).

An Undergraduate Information Security Program: More than a Curriculum

ERIC Educational Resources Information Center

Woodward, Belle; Imboden, Thomas; Martin, Nancy L.

2013-01-01

This paper describes the implementation of an information security program at a large Midwestern university. The initial work is briefly summarized and improvements that have occurred over time are described. Current activities and future plans are discussed. This paper offers insight and lessons learned for organizations that have or are…

49 CFR 806.4 - Mandatory review for declassification.

Code of Federal Regulations, 2010 CFR

2010-10-01

... TRANSPORTATION SAFETY BOARD NATIONAL SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.4... 3-501 of E.O. 12065 must be in writing and should be addressed to: National Security Oversight... specified by section 3-501 of E.O. 12065. If the request does not reasonably describe the information sought...

75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-10

...; Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity Reporting... Environment Suspicious Activity Reporting Initiative System of Records'' and this proposed rulemaking. In this... establish a new DHS system of records titled, ``DHS/ALL-031 Information Sharing Environment (ISE) Suspicious...

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

A model-driven approach to information security compliance

NASA Astrophysics Data System (ADS)

Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

2017-06-01

The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

Practical secure quantum communications

NASA Astrophysics Data System (ADS)

Diamanti, Eleni

2015-05-01

We review recent advances in the field of quantum cryptography, focusing in particular on practical implementations of two central protocols for quantum network applications, namely key distribution and coin flipping. The former allows two parties to share secret messages with information-theoretic security, even in the presence of a malicious eavesdropper in the communication channel, which is impossible with classical resources alone. The latter enables two distrustful parties to agree on a random bit, again with information-theoretic security, and with a cheating probability lower than the one that can be reached in a classical scenario. Our implementations rely on continuous-variable technology for quantum key distribution and on a plug and play discrete-variable system for coin flipping, and necessitate a rigorous security analysis adapted to the experimental schemes and their imperfections. In both cases, we demonstrate the protocols with provable security over record long distances in optical fibers and assess the performance of our systems as well as their limitations. The reported advances offer a powerful toolbox for practical applications of secure communications within future quantum networks.

Relationship between stakeholders' information value perception and information security behaviour

NASA Astrophysics Data System (ADS)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information security behaviours. This study seeks to address this gap in the research. Data will be presented from a pilot study consisting of interviews with 6 participants from public organisations in Brunei Darussalam which illustrate the nature of the value assignment process, together with an initial model of the relationship between perceived information value and information security behaviours.

Security for decentralized health information systems.

PubMed

Bleumer, G

1994-02-01

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

An Ontology Based Approach to Information Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The semantically structure of knowledge, based on ontology approaches have been increasingly adopted by several expertise from diverse domains. Recently ontologies have been moved from the philosophical and metaphysics disciplines to be used in the construction of models to describe a specific theory of a domain. The development and the use of ontologies promote the creation of a unique standard to represent concepts within a specific knowledge domain. In the scope of information security systems the use of an ontology to formalize and represent the concepts of security information challenge the mechanisms and techniques currently used. This paper intends to present a conceptual implementation model of an ontology defined in the security domain. The model presented contains the semantic concepts based on the information security standard ISO/IEC_JTC1, and their relationships to other concepts, defined in a subset of the information security domain.

Development of quantitative security optimization approach for the picture archives and carrying system between a clinic and a rehabilitation center

NASA Astrophysics Data System (ADS)

Haneda, Kiyofumi; Kajima, Toshio; Koyama, Tadashi; Muranaka, Hiroyuki; Dojo, Hirofumi; Aratani, Yasuhiko

2002-05-01

The target of our study is to analyze the level of necessary security requirements, to search for suitable security measures and to optimize security distribution to every portion of the medical practice. Quantitative expression must be introduced to our study, if possible, to enable simplified follow-up security procedures and easy evaluation of security outcomes or results. Using fault tree analysis (FTA), system analysis showed that system elements subdivided into groups by details result in a much more accurate analysis. Such subdivided composition factors greatly depend on behavior of staff, interactive terminal devices, kinds of services provided, and network routes. Security measures were then implemented based on the analysis results. In conclusion, we identified the methods needed to determine the required level of security and proposed security measures for each medical information system, and the basic events and combinations of events that comprise the threat composition factors. Methods for identifying suitable security measures were found and implemented. Risk factors for each basic event, a number of elements for each composition factor, and potential security measures were found. Methods to optimize the security measures for each medical information system were proposed, developing the most efficient distribution of risk factors for basic events.

Turning Access into a web-enabled secure information system for clinical trials.

PubMed

Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

2009-08-01

Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

National Computer Security Conference Proceedings (12th): Information Systems Security: Solutions for Today - Concepts for Tomorrow Held in Baltimore, Maryland on 10-13 October 1989

DTIC Science & Technology

1989-10-13

and other non -technical aspects of the system). System-wide Perspective. The systerm that is being designed and engineered must include not just the...specifications and is regarded as the lowest-level (implementation) of detail.-’ Ihis decomposition follows the typical "top down" design methodology ...formal verification process has contributed to the security and correctness of the TCB design and implementation. FORMUL METHODOLOGY DESCRIPTION The

DOE Office of Scientific and Technical Information (OSTI.GOV)

Solis, John Hector

In this paper, we present a modular framework for constructing a secure and efficient program obfuscation scheme. Our approach, inspired by the obfuscation with respect to oracle machines model of [4], retains an interactive online protocol with an oracle, but relaxes the original computational and storage restrictions. We argue this is reasonable given the computational resources of modern personal devices. Furthermore, we relax the information-theoretic security requirement for computational security to utilize established cryptographic primitives. With this additional flexibility we are free to explore different cryptographic buildingblocks. Our approach combines authenticated encryption with private information retrieval to construct a securemore » program obfuscation framework. We give a formal specification of our framework, based on desired functionality and security properties, and provide an example instantiation. In particular, we implement AES in Galois/Counter Mode for authenticated encryption and the Gentry-Ramzan [13]constant communication-rate private information retrieval scheme. We present our implementation results and show that non-trivial sized programs can be realized, but scalability is quickly limited by computational overhead. Finally, we include a discussion on security considerations when instantiating specific modules.« less

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2010-03-19

network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional Fusion Center...of reports; the I&A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .73 As part of its...comprehensive information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

Decoy-state quantum key distribution with a leaky source

NASA Astrophysics Data System (ADS)

Tamaki, Kiyoshi; Curty, Marcos; Lucamarini, Marco

2016-06-01

In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... implementation and reviewing reports from management. 2. Assess Risk. Each Enterprise shall: a. Identify... control risks. 3. Manage and Control Risk. Each Enterprise shall: a. Design its information security... security program. The frequency and nature of such tests should be determined by the Enterprise's risk...

75 FR 9085 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Immigration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-01

... subsection (c)(3) and (4) (Accounting for Disclosures) because release of the accounting of disclosures could... information. Disclosure of the accounting would therefore present a serious impediment to ICE's Visa Security... individuals under certain circumstances, such as where the access or disclosure of such information would...

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

A Study on Corporate Security Awareness and Compliance Behavior Intent

ERIC Educational Resources Information Center

Clark, Christine Y.

2013-01-01

Understanding the drivers to encourage employees' security compliance behavior is increasingly important in today's highly networked environment to protect computer and information assets of the company. The traditional approach for corporations to implement technology-based controls, to prevent security breaches is no longer sufficient.…

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

PubMed

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

PubMed Central

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components. PMID:26514280

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned

PubMed Central

Wang, Tiffany; Pizziferri, Lisa; Volk, Lynn A; Mikels, Debra A; Grant, Karen G; Wald, Jonathan S; Bates, David W

2004-01-01

In 2001, the Institute of Medicine (IOM) and the Health Insurance Portability and Accountability Act (HIPAA) emphasized the need for patients to have greater control over their health information. We describe a Boston healthcare system's approach to providing patients access to their electronic health records (EHRs) via Patient Gateway, a secure, Web-based portal. Implemented in 19 clinic sites to date, Patient Gateway allows patients to access information from their medical charts via the Internet in a secure manner. Since 2002, over 19,000 patients have enrolled in Patient Gateway, more than 125,000 patients have logged into the system, and over 37,000 messages have been sent by patients to their practices. There have been no major security concerns. By providing access to EHR data, secure systems like Patient Gateway allow patients a greater role in their healthcare process, as envisioned by the IOM and HIPAA. PMID:18066391

77 FR 68070 - Implementing Public Safety Broadband Provisions of the Middle Class Tax Relief and Job Creation...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-15

...; announcement of effective date. SUMMARY: On October 15, 2012, the Public Safety and Homeland Security Bureau...: Gene Fullano, Federal Communications Commission, Public Safety and Homeland Security Bureau, 445 12th... . SUPPLEMENTARY INFORMATION: On October 15, 2012, the Public Safety and Homeland Security Bureau (Bureau) of the...

75 FR 68831 - Notice; Applications and Amendments to Facility Operating Licenses Involving Proposed No...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-09

...-safeguards information (SUNSI). The amendments would approve the proposed Cyber Security Plan and... Commission-approved Cyber Security Plan as required by 10 CFR 73.54. Basis for proposed no significant... Facility Operating License (FOL) to implement and maintain a Cyber Security Plan as part of the facility's...

78 FR 6331 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-30

... Section 1876 of the Social Security Act are required to submit a budget and enrollment forecast, semi... under Section 1833 of the Social Security Act are required to submit a budget and enrollment forecast... Social Security Act. The purposes of the revisions were to implement some changes in response to the...

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

Information Security in the 1990s: Keeping the Locks on.

ERIC Educational Resources Information Center

Kovac, Ron J.

1999-01-01

As the Internet proliferates, it drastically increases an institution's level of data insecurity. Hacker attacks can result in denial of service, data corruption or erasure, and passive theft (via spoofing, splicing, or session stealing). To ensure data security, a firewall (screening software program) and a security policy should be implemented.…

75 FR 79020 - Agency Information Collection Activities: Proposed Collection; Comments Requested

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-17

..., Ammunition and Implements of War. The Department of Justice (DOJ), Bureau of Alcohol, Tobacco, Firearms and...: Application and Permit for Importation of Firearms, Ammunition and Implements of War. (3) Agency form number... war are eligible for importation into the United States. The information is used to secure...

75 FR 63860 - Agency Information Collection Activities: Proposed Collection; Comments Requested

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-18

..., ammunition and Implements of War. The Department of Justice (DOJ), Bureau of Alcohol, Tobacco, Firearms and.../Collection: Application and Permit For Importation of Firearms, Ammunition and Implements of War. (3) Agency... war are eligible for importation into the United States. The information is used to secure...

Measuring Information Security: Guidelines to Build Metrics

NASA Astrophysics Data System (ADS)

von Faber, Eberhard

Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

45 CFR 164.302 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164..., implementation specifications, and requirements of this subpart with respect to electronic protected health...

Triple symmetric key cryptosystem for data security

NASA Astrophysics Data System (ADS)

Fuzail, C. Md; Norman, Jasmine; Mangayarkarasi, R.

2017-11-01

As the technology is getting spreads in the macro seconds of speed and in which the trend changing era from human to robotics the security issue is also getting increased. By means of using machine attacks it is very easy to break the cryptosystems in very less amount of time. Cryptosystem is a process which provides the security in all sorts of processes, communications and transactions to be done securely with the help of electronical mechanisms. Data is one such thing with the expanded implication and possible scraps over the collection of data to secure predominance and achievement, Information Security is the process where the information is protected from invalid and unverified accessibilities and data from mishandling. So the idea of Information Security has risen. Symmetric key which is also known as private key.Whereas the private key is mostly used to attain the confidentiality of data. It is a dynamic topic which can be implemented over different applications like android, wireless censor networks, etc. In this paper, a new mathematical manipulation algorithm along with Tea cryptosystem has been implemented and it can be used for the purpose of cryptography. The algorithm which we proposed is straightforward and more powerful and it will authenticate in harder way and also it will be very difficult to break by someone without knowing in depth about its internal mechanisms.

Trust-Based Security Level Evaluation Using Bayesian Belief Networks

NASA Astrophysics Data System (ADS)

Houmb, Siv Hilde; Ray, Indrakshi; Ray, Indrajit; Chakraborty, Sudip

Security is not merely about technical solutions and patching vulnerabilities. Security is about trade-offs and adhering to realistic security needs, employed to support core business processes. Also, modern systems are subject to a highly competitive market, often demanding rapid development cycles, short life-time, short time-to-market, and small budgets. Security evaluation standards, such as ISO 14508 Common Criteria and ISO/IEC 27002, are not adequate for evaluating the security of many modern systems for resource limitations, time-to-market, and other constraints. Towards this end, we propose an alternative time and cost effective approach for evaluating the security level of a security solution, system or part thereof. Our approach relies on collecting information from different sources, who are trusted to varying degrees, and on using a trust measure to aggregate available information when deriving security level. Our approach is quantitative and implemented as a Bayesian Belief Network (BBN) topology, allowing us to reason over uncertain information and seemingly aggregating disparate information. We illustrate our approach by deriving the security level of two alternative Denial of Service (DoS) solutions. Our approach can also be used in the context of security solution trade-off analysis.

A Security Proof of Measurement Device Independent Quantum Key Distribution: From the View of Information Theory

NASA Astrophysics Data System (ADS)

Li, Fang-Yi; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Wang, Shuang; Wen, Hao; Zhao, Yi-Bo; Han, Zheng-Fu

2014-07-01

Although some ideal quantum key distribution protocols have been proved to be secure, there have been some demonstrations that practical quantum key distribution implementations were hacked due to some real-life imperfections. Among these attacks, detector side channel attacks may be the most serious. Recently, a measurement device independent quantum key distribution protocol [Phys. Rev. Lett. 108 (2012) 130503] was proposed and all detector side channel attacks are removed in this scheme. Here a new security proof based on quantum information theory is given. The eavesdropper's information of the sifted key bits is bounded. Then with this bound, the final secure key bit rate can be obtained.

Optical Security System Based on the Biometrics Using Holographic Storage Technique with a Simple Data Format

NASA Astrophysics Data System (ADS)

Jun, An Won

2006-01-01

We implement a first practical holographic security system using electrical biometrics that combines optical encryption and digital holographic memory technologies. Optical information for identification includes a picture of face, a name, and a fingerprint, which has been spatially multiplexed by random phase mask used for a decryption key. For decryption in our biometric security system, a bit-error-detection method that compares the digital bit of live fingerprint with of fingerprint information extracted from hologram is used.

Security model for picture archiving and communication systems.

PubMed

Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

2000-05-01

The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

PubMed

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Implantable electronics: emerging design issues and an ultra light-weight security solution.

PubMed

Narasimhan, Seetharam; Wang, Xinmu; Bhunia, Swarup

2010-01-01

Implantable systems that monitor biological signals require increasingly complex digital signal processing (DSP) electronics for real-time in-situ analysis and compression of the recorded signals. While it is well-known that such signal processing hardware needs to be implemented under tight area and power constraints, new design requirements emerge with their increasing complexity. Use of nanoscale technology shows tremendous benefits in implementing these advanced circuits due to dramatic improvement in integration density and power dissipation per operation. However, it also brings in new challenges such as reliability and large idle power (due to higher leakage current). Besides, programmability of the device as well as security of the recorded information are rapidly becoming major design considerations of such systems. In this paper, we analyze the emerging issues associated with the design of the DSP unit in an implantable system. Next, we propose a novel ultra light-weight solution to address the information security issue. Unlike the conventional information security approaches like data encryption, which come at large area and power overhead and hence are not amenable for resource-constrained implantable systems, we propose a multilevel key-based scrambling algorithm, which exploits the nature of the biological signal to effectively obfuscate it. Analysis of the proposed algorithm in the context of neural signal processing and its hardware implementation shows that we can achieve high level of security with ∼ 13X lower power and ∼ 5X lower area overhead than conventional cryptographic solutions.

Evaluating the Generality and Limits of Blind Return-Oriented Programming Attacks

DTIC Science & Technology

2015-12-01

consider a recently proposed information disclosure vulnerability called blind return-oriented programming (BROP). Under certain conditions, this...implementation disclosure attacks 15. NUMBER OF PAGES 75 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF...Science iii THIS PAGE INTENTIONALLY LEFT BLANK iv ABSTRACT We consider a recently proposed information disclosure vulnerability called blind return

Qualitative Case Study Exploring Operational Barriers Impeding Small and Private, Nonprofit Higher Education Institutions from Implementing Information Security Controls

ERIC Educational Resources Information Center

Liesen, Joseph J.

2017-01-01

The higher education industry uses the very latest technologies to effectively prepare students for their careers, but these technologies often contain vulnerabilities that can be exploited via their connection to the Internet. The complex task of securing information and computing systems is made more difficult at institutions of higher education…

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2012 CFR

2012-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning... management; and management and implementation level training in system/application life cycle management...

Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

ERIC Educational Resources Information Center

Zahadat, Nima

2016-01-01

With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

Fingerprints in Place of Passwords: A Study of Technology Adoption in the Nursing Profession

ERIC Educational Resources Information Center

Francisco, James R.

2010-01-01

Health care is one of the most highly regulated industries in the United States. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates the implementation of information systems security to protect the personal information of patients. Properly planned implementations ease the process of introducing new technologies like…

A security architecture for interconnecting health information systems.

PubMed

Gritzalis, Dimitris; Lambrinoudakis, Costas

2004-03-31

Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

PubMed

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

48 CFR 3004.470-1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information Within Industry 3004.470-1 Scope. This section implements DHS's policies for assuring the security of unclassified facilities, Information Technology (IT) resources, and sensitive information during the...

Integrating Top-down and Bottom-up Cybersecurity Guidance using XML

PubMed Central

Lubell, Joshua

2016-01-01

This paper describes a markup-based approach for synthesizing disparate information sources and discusses a software implementation of the approach. The implementation makes it easier for people to use two complementary, but differently structured, guidance specifications together: the (top-down) Cybersecurity Framework and the (bottom-up) National Institute of Standards and Technology Special Publication 800-53 security control catalog. An example scenario demonstrates how the software implementation can help a security professional select the appropriate safeguards for restricting unauthorized access to an Industrial Control System. The implementation and example show the benefits of this approach and suggest its potential application to disciplines other than cybersecurity. PMID:27795810

Building a Foundation for the Implementation of an Enterprise Architecture for the Argentinian Army

DTIC Science & Technology

2016-06-01

foundation for execution, information technology, chief information officer , public administration 15. NUMBER OF PAGES 93 16. PRICE CODE 17. SECURITY...effectively implement IT standardization in the Argentinian Army, the role of Chief Information Officer (CIO) has to be created. The term was introduced...organizations, this is the role of the Chief Information Officer (CIO). The Army should appoint this position and assign responsibility and resources to it

Secure and Robust Transmission and Verification of Unknown Quantum States in Minkowski Space

PubMed Central

Kent, Adrian; Massar, Serge; Silman, Jonathan

2014-01-01

An important class of cryptographic applications of relativistic quantum information work as follows. B generates a random qudit and supplies it to A at point P. A is supposed to transmit it at near light speed c to to one of a number of possible pairwise spacelike separated points Q1, …, Qn. A's transmission is supposed to be secure, in the sense that B cannot tell in advance which Qj will be chosen. This poses significant practical challenges, since secure reliable long-range transmission of quantum data at speeds near to c is presently not easy. Here we propose different techniques to overcome these diffculties. We introduce protocols that allow secure long-range implementations even when both parties control only widely separated laboratories of small size. In particular we introduce a protocol in which A needs send the qudit only over a short distance, and securely transmits classical information (for instance using a one time pad) over the remaining distance. We further show that by using parallel implementations of the protocols security can be maintained in the presence of moderate amounts of losses and errors. PMID:24469425

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

77 FR 45721 - Consolidated Audit Trail

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-01

...The Securities and Exchange Commission (``Commission'') is adopting Rule 613 under the Securities Exchange Act of 1934 (``Exchange Act'' or ``Act'') to require national securities exchanges and national securities associations (``self-regulatory organizations'' or ``SROs'') to submit a national market system (``NMS'') plan to create, implement, and maintain a consolidated order tracking system, or consolidated audit trail, with respect to the trading of NMS securities, that would capture customer and order event information for orders in NMS securities, across all markets, from the time of order inception through routing, cancellation, modification, or execution.

Examining the Multi-level Fit between Work and Technology in a Secure Messaging Implementation.

PubMed

Ozkaynak, Mustafa; Johnson, Sharon; Shimada, Stephanie; Petrakis, Beth Ann; Tulu, Bengisu; Archambeault, Cliona; Fix, Gemmae; Schwartz, Erin; Woods, Susan

2014-01-01

Secure messaging (SM) allows patients to communicate with their providers for non-urgent health issues. Like other health information technologies, the design and implementation of SM should account for workflow to avoid suboptimal outcomes. SM may present unique workflow challenges because patients add a layer of complexity, as they are also direct users of the system. This study explores SM implementation at two Veterans Health Administration facilities. We interviewed twenty-nine members of eight primary care teams using semi-structured interviews. Questions addressed staff opinions about the integration of SM with daily practice, and team members' attitudes and experiences with SM. We describe the clinical workflow for SM, examining complexity and variability. We identified eight workflow issues directly related to efficiency and patient satisfaction, based on an exploration of the technology fit with multilevel factors. These findings inform organizational interventions that will accommodate SM implementation and lead to more patient-centered care.

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

PubMed Central

Park, Woo-Sung; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. Results With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. Conclusions The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS. PMID:21818429

Securely implementing remote access within health information management.

PubMed

Carroll, E T; Wright, S; Zakoworotny, C

1998-03-01

As technology changes, our definition of the workplace expands, and we no longer are limited to working at our desk in an office. The authors describe technologies that enable us to work from home or on the road and examine security regulations and precautions.

16 CFR 314.3 - Standards for safeguarding customer information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 16 Commercial Practices 1 2010-01-01 2010-01-01 false Standards for safeguarding customer... OF CONGRESS STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION § 314.3 Standards for safeguarding customer information. (a) Information security program. You shall develop, implement, and maintain a...

A Multicase Study: Exploring Human Resource Information System Implementation and Utilization in Multinational Corporations in Kenya

ERIC Educational Resources Information Center

Nzyoka Yongo, Cyd W.

2016-01-01

Implementation and utilization of human resource information system (HRIS) though a very desirable prospect for many organizations, still remains a daunting task for many. This has been daunting because of prohibitive costs, security risks, top management resistance, employee attitudes, and so forth. Trends globally show that, organizations that…

The design and implementation of web mining in web sites security

NASA Astrophysics Data System (ADS)

Li, Jian; Zhang, Guo-Yin; Gu, Guo-Chang; Li, Jian-Li

2003-06-01

The backdoor or information leak of Web servers can be detected by using Web Mining techniques on some abnormal Web log and Web application log data. The security of Web servers can be enhanced and the damage of illegal access can be avoided. Firstly, the system for discovering the patterns of information leakages in CGI scripts from Web log data was proposed. Secondly, those patterns for system administrators to modify their codes and enhance their Web site security were provided. The following aspects were described: one is to combine web application log with web log to extract more information, so web data mining could be used to mine web log for discovering the information that firewall and Information Detection System cannot find. Another approach is to propose an operation module of web site to enhance Web site security. In cluster server session, Density-Based Clustering technique is used to reduce resource cost and obtain better efficiency.

44 CFR 10.11 - Environmental information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Environmental information. 10... OF HOMELAND SECURITY GENERAL ENVIRONMENTAL CONSIDERATIONS Agency Implementing Procedures § 10.11 Environmental information. Interested persons may contact the Environmental Officer or the Regional...

44 CFR 10.11 - Environmental information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 44 Emergency Management and Assistance 1 2011-10-01 2011-10-01 false Environmental information. 10... OF HOMELAND SECURITY GENERAL ENVIRONMENTAL CONSIDERATIONS Agency Implementing Procedures § 10.11 Environmental information. Interested persons may contact the Environmental Officer or the Regional...

Problems of collaborative work of the automated process control system (APCS) and the its information security and solutions.

NASA Astrophysics Data System (ADS)

Arakelyan, E. K.; Andryushin, A. V.; Mezin, S. V.; Kosoy, A. A.; Kalinina, Ya V.; Khokhlov, I. S.

2017-11-01

The principle of interaction of the specified systems of technological protections by the Automated process control system (APCS) and information safety in case of incorrect execution of the algorithm of technological protection is offered. - checking the correctness of the operation of technological protection in each specific situation using the functional relationship between the monitored parameters. The methodology for assessing the economic feasibility of developing and implementing an information security system.

An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: "The Day After. . . in Cyberspace II",

DTIC Science & Technology

1996-01-01

Automated Teller Machine networks malfunction in Georgia 2000 May 20 CNN off air for 12 minutes; issues special report 2000 May 20 worm...password combinations, social security and credit card numbers, account information, health status, and innumerable other sensitive information...as follows: TW/AA Issues Recommended Technical Response Possible Implementation Obstacles 1. (re Tactical Warning) • Place automated software

49 CFR 806.1 - General policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.1 General policy. (a) The interests of the United States and its citizens are best served by making information regarding the affairs... the Freedom of Information Act and in the current public information policies of the executive branch...

45 CFR Appendix A to Subpart C of... - Security Standards: Matrix

Code of Federal Regulations, 2011 CFR

2011-10-01

... C of Part 164 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS... Protected Health Information Pt. 164, Subpt. C, App. A Appendix A to Subpart C of Part 164—Security Standards: Matrix Standards Sections Implementation Specifications (R)=Required, (A)=Addressable...

45 CFR Appendix A to Subpart C of... - Security Standards: Matrix

Code of Federal Regulations, 2010 CFR

2010-10-01

... C of Part 164 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS... Protected Health Information Pt. 164, Subpt. C, App. A Appendix A to Subpart C of Part 164—Security Standards: Matrix Standards Sections Implementation Specifications (R)=Required, (A)=Addressable...

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Health Information Security in Hospitals: the Application of Security Safeguards.

PubMed

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

Evaluation of a mandatory quality assurance data capture in anesthesia: a secure electronic system to capture quality assurance information linked to an automated anesthesia record.

PubMed

Peterfreund, Robert A; Driscoll, William D; Walsh, John L; Subramanian, Aparna; Anupama, Shaji; Weaver, Melissa; Morris, Theresa; Arnholz, Sarah; Zheng, Hui; Pierce, Eric T; Spring, Stephen F

2011-05-01

Efforts to assure high-quality, safe, clinical care depend upon capturing information about near-miss and adverse outcome events. Inconsistent or unreliable information capture, especially for infrequent events, compromises attempts to analyze events in quantitative terms, understand their implications, and assess corrective efforts. To enhance reporting, we developed a secure, electronic, mandatory system for reporting quality assurance data linked to our electronic anesthesia record. We used the capabilities of our anesthesia information management system (AIMS) in conjunction with internally developed, secure, intranet-based, Web application software. The application is implemented with a backend allowing robust data storage, retrieval, data analysis, and reporting capabilities. We customized a feature within the AIMS software to create a hard stop in the documentation workflow before the end of anesthesia care time stamp for every case. The software forces the anesthesia provider to access the separate quality assurance data collection program, which provides a checklist for targeted clinical events and a free text option. After completing the event collection program, the software automatically returns the clinician to the AIMS to finalize the anesthesia record. The number of events captured by the departmental quality assurance office increased by 92% (95% confidence interval [CI] 60.4%-130%) after system implementation. The major contributor to this increase was the new electronic system. This increase has been sustained over the initial 12 full months after implementation. Under our reporting criteria, the overall rate of clinical events reported by any method was 471 events out of 55,382 cases or 0.85% (95% CI 0.78% to 0.93%). The new system collected 67% of these events (95% confidence interval 63%-71%). We demonstrate the implementation in an academic anesthesia department of a secure clinical event reporting system linked to an AIMS. The system enforces entry of quality assurance information (either no clinical event or notification of a clinical event). System implementation resulted in capturing nearly twice the number of events at a relatively steady case load. © 2011 International Anesthesia Research Society

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

NASA Astrophysics Data System (ADS)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

Homeland Security - Can It be Done?

DTIC Science & Technology

2003-04-07

and get past the shenanigans in Congress and implement homeland security strategies.ř The new DHS is scheduled to move 22 federal agencies and...uniform laws to license and regulate certain financial services, since terrorists exploit such services. The strategy also takes care with definitions...initiative from organizations interested in the security of sensitive information, such as financial services, healthcare, and government. 47Joseph R. Barnes

78 FR 32417 - Intent To Request Renewal From OMB of One Current Public Collection of Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-30

... Officer, Office of Information Technology (OIT), TSA-11, Transportation Security Administration, 601 South... technological collection techniques or other forms of information technology. Information Collection Requirement... provide fingerprints and undergo a criminal history records check. The program implements authorities set...

Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice.

PubMed

Karasz, Hilary N; Eiden, Amy; Bogan, Sharon

2013-04-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals' needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.

77 FR 58586 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-21

... Security Information,'' the Atomic Energy Act, and implementing directives. Submit, by November 20, 2012... supporting statement may be viewed free of charge at the NRC Public Document Room, One White Flint North...

Practical private database queries based on a quantum-key-distribution protocol

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jakobi, Markus; Humboldt-Universitaet zu Berlin, D-10117 Berlin; Simon, Christoph

2011-02-15

Private queries allow a user, Alice, to learn an element of a database held by a provider, Bob, without revealing which element she is interested in, while limiting her information about the other elements. We propose to implement private queries based on a quantum-key-distribution protocol, with changes only in the classical postprocessing of the key. This approach makes our scheme both easy to implement and loss tolerant. While unconditionally secure private queries are known to be impossible, we argue that an interesting degree of security can be achieved by relying on fundamental physical principles instead of unverifiable security assumptions inmore » order to protect both the user and the database. We think that the scope exists for such practical private queries to become another remarkable application of quantum information in the footsteps of quantum key distribution.« less

Protection of electronic health records (EHRs) in cloud.

PubMed

Alabdulatif, Abdulatif; Khalil, Ibrahim; Mai, Vu

2013-01-01

EHR technology has come into widespread use and has attracted attention in healthcare institutions as well as in research. Cloud services are used to build efficient EHR systems and obtain the greatest benefits of EHR implementation. Many issues relating to building an ideal EHR system in the cloud, especially the tradeoff between flexibility and security, have recently surfaced. The privacy of patient records in cloud platforms is still a point of contention. In this research, we are going to improve the management of access control by restricting participants' access through the use of distinct encrypted parameters for each participant in the cloud-based database. Also, we implement and improve an existing secure index search algorithm to enhance the efficiency of information control and flow through a cloud-based EHR system. At the final stage, we contribute to the design of reliable, flexible and secure access control, enabling quick access to EHR information.

Statistics of software vulnerability detection in certification testing

NASA Astrophysics Data System (ADS)

Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

2018-05-01

The paper discusses practical aspects of introduction of the methods to detect software vulnerability in the day-to-day activities of the accredited testing laboratory. It presents the approval results of the vulnerability detection methods as part of the study of the open source software and the software that is a test object of the certification tests under information security requirements, including software for communication networks. Results of the study showing the allocation of identified vulnerabilities by types of attacks, country of origin, programming languages used in the development, methods for detecting vulnerability, etc. are given. The experience of foreign information security certification systems related to the detection of certified software vulnerabilities is analyzed. The main conclusion based on the study is the need to implement practices for developing secure software in the development life cycle processes. The conclusions and recommendations for the testing laboratories on the implementation of the vulnerability analysis methods are laid down.

75 FR 63861 - Agency Information Collection Activities: Proposed Collection; Comments Requested

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-18

... Ammunition and Implements of War. The Department of Justice (DOJ), Bureau of Alcohol, Tobacco, Firearms and... and Implements of War. (3) Agency form number, if any, and the applicable component of the Department... implements of war are eligible for importation into the United States. It is also used to secure...

22 CFR 9a.3 - Scope.

Code of Federal Regulations, 2011 CFR

2011-04-01

... DEPARTMENT OF STATE GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.3 Scope. These regulations apply to all information and material classified... “Classification of Certain Information and Material Obtained From Advisory Bodies Created To Implement The...

22 CFR 9a.3 - Scope.

Code of Federal Regulations, 2010 CFR

2010-04-01

... DEPARTMENT OF STATE GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.3 Scope. These regulations apply to all information and material classified... “Classification of Certain Information and Material Obtained From Advisory Bodies Created To Implement The...

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Towards a Relation Extraction Framework for Cyber-Security Concepts

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jones, Corinne L; Bridges, Robert A; Huffer, Kelly M

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised NLP and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting the desired relations. Preliminary testing on a smallmore » corpus shows promising results, obtaining precision of .82.« less

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

PubMed Central

2013-01-01

Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy. PMID:23937965

FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

NASA Astrophysics Data System (ADS)

Sklavos, N.; Selimis, G.; Koufopavlou, O.

2005-01-01

The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given.

Healthcare teams over the Internet: programming a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2003-07-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modern healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has, therefore, become a major concern. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security model is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control (HAC) security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Healthcare teams over the Internet: towards a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2002-01-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modem healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has therefore become a major concern for healthcare applications over the Internet. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security policy is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Medical Devices Transition to Information Systems: Lessons Learned

PubMed Central

Charters, Kathleen G.

2012-01-01

Medical devices designed to network can share data with a Clinical Information System (CIS), making that data available within clinician workflow. Some lessons learned by transitioning anesthesia reporting and monitoring devices (ARMDs) on a local area network (LAN) to integration of anesthesia documentation within a CIS include the following categories: access, contracting, deployment, implementation, planning, security, support, training and workflow integration. Areas identified for improvement include: Vendor requirements for access reconciled with the organizations’ security policies and procedures. Include clauses supporting transition from stand-alone devices to information integrated into clinical workflow in the medical device procurement contract. Resolve deployment and implementation barriers that make the process less efficient and more costly. Include effective field communication and creative alternatives in planning. Build training on the baseline knowledge of trainees. Include effective help desk processes and metrics. Have a process for determining where problems originate when systems share information. PMID:24199054

Efficient proof of ownership for cloud storage systems

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage system through the deduplication technology to save disk space and bandwidth, but the use of this technology has appeared targeted security attacks: the attacker can deceive the server to obtain ownership of the file by get the hash value of original file. In order to solve the above security problems and the different security requirements of the files in the cloud storage system, an efficient and information-theoretical secure proof of ownership sceme is proposed to support the file rating. Through the K-means algorithm to implement file rating, and use random seed technology and pre-calculation method to achieve safe and efficient proof of ownership scheme. Finally, the scheme is information-theoretical secure, and achieve better performance in the most sensitive areas of client-side I/O and computation.

Performance of device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Cao, Zhu; Zhao, Qi; Ma, Xiongfeng

2016-07-01

Quantum key distribution provides information-theoretically-secure communication. In practice, device imperfections may jeopardise the system security. Device-independent quantum key distribution solves this problem by providing secure keys even when the quantum devices are untrusted and uncharacterized. Following a recent security proof of the device-independent quantum key distribution, we improve the key rate by tightening the parameter choice in the security proof. In practice where the system is lossy, we further improve the key rate by taking into account the loss position information. From our numerical simulation, our method can outperform existing results. Meanwhile, we outline clear experimental requirements for implementing device-independent quantum key distribution. The maximal tolerable error rate is 1.6%, the minimal required transmittance is 97.3%, and the minimal required visibility is 96.8 % .

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2014 CFR

2014-01-01

... Standards for Information C Appendix C to Part 1720 Banks and Banking OFFICE OF FEDERAL HOUSING ENTERPRISE..., App. C Appendix C to Part 1720—Policy Guidance; Safety and Soundness Standards for Information A... for Information 1. Information Security Program. 2. Objectives. C—Development and Implementation of...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2012 CFR

2012-01-01

... for Information C Appendix C to Part 1720 Banks and Banking OFFICE OF FEDERAL HOUSING ENTERPRISE..., App. C Appendix C to Part 1720—Policy Guidance; Safety and Soundness Standards for Information A... for Information 1. Information Security Program. 2. Objectives. C—Development and Implementation of...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2010 CFR

2010-01-01

... for Information C Appendix C to Part 1720 Banks and Banking OFFICE OF FEDERAL HOUSING ENTERPRISE..., App. C Appendix C to Part 1720—Policy Guidance; Safety and Soundness Standards for Information A... for Information 1. Information Security Program. 2. Objectives. C—Development and Implementation of...

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Concept of Integrated Information Systems of Rail Transport

NASA Astrophysics Data System (ADS)

Siergiejczyk, Mirosław; Gago, Stanisław

This paper will present a need to create integrated information systems of the rail transport and their links with other means of public transportation. IT standards will be discussed that are expected to create the integrated information systems of the rail transport. Also the main tasks will be presented of centralized information systems, the concept of their architecture, business processes and their implementation as well as the proposed measures to secure data. A method shall be proposed to implement a system to inform participants of rail transport in Polish conditions.

76 FR 70638 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-15

... Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of... efforts to preserve national security. Disclosure of the accounting would also permit the individual who... of Federal Regulations, as follows: PART 5--DISCLOSURE OF RECORDS AND INFORMATION 0 1. The authority...

75 FR 69603 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security National...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... FURTHER INFORMATION CONTACT: For general questions please contact: Emily Andrew (703-235-2182), Privacy...: Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security... Nation's 18 critical infrastructures and key resources (CIKR) sectors during normal operations and...

Logistic Map for Cancellable Biometrics

NASA Astrophysics Data System (ADS)

Supriya, V. G., Dr; Manjunatha, Ramachandra, Dr

2017-08-01

This paper presents design and implementation of secured biometric template protection system by transforming the biometric template using binary chaotic signals and 3 different key streams to obtain another form of template and demonstrating its efficiency by the results and investigating on its security through analysis including, key space analysis, information entropy and key sensitivity analysis.

Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

PubMed Central

Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

2013-01-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

38 CFR 75.111 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

...) INFORMATION SECURITY MATTERS Data Breaches § 75.111 Purpose and scope. This subpart implements provisions of... Information Technology Act of 2006. It only concerns actions to address a data breach regarding sensitive personal information that is processed or maintained by VA. This subpart does not supersede the...

Complex method to calculate objective assessments of information systems protection to improve expert assessments reliability

NASA Astrophysics Data System (ADS)

Abdenov, A. Zh; Trushin, V. A.; Abdenova, G. A.

2018-01-01

The paper considers the questions of filling the relevant SIEM nodes based on calculations of objective assessments in order to improve the reliability of subjective expert assessments. The proposed methodology is necessary for the most accurate security risk assessment of information systems. This technique is also intended for the purpose of establishing real-time operational information protection in the enterprise information systems. Risk calculations are based on objective estimates of the adverse events implementation probabilities, predictions of the damage magnitude from information security violations. Calculations of objective assessments are necessary to increase the reliability of the proposed expert assessments.

Design and implementation of a smart card based healthcare information system.

PubMed

Kardas, Geylani; Tunali, E Turhan

2006-01-01

Smart cards are used in information technologies as portable integrated devices with data storage and data processing capabilities. As in other fields, smart card use in health systems became popular due to their increased capacity and performance. Their efficient use with easy and fast data access facilities leads to implementation particularly widespread in security systems. In this paper, a smart card based healthcare information system is developed. The system uses smart card for personal identification and transfer of health data and provides data communication via a distributed protocol which is particularly developed for this study. Two smart card software modules are implemented that run on patient and healthcare professional smart cards, respectively. In addition to personal information, general health information about the patient is also loaded to patient smart card. Health care providers use their own smart cards to be authenticated on the system and to access data on patient cards. Encryption keys and digital signature keys stored on smart cards of the system are used for secure and authenticated data communication between clients and database servers over distributed object protocol. System is developed on Java platform by using object oriented architecture and design patterns.

Information Security Analysis Using Game Theory and Simulation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schlicher, Bob G; Abercrombie, Robert K

Information security analysis can be performed using game theory implemented in dynamic simulations of Agent Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability that allows us to also address previous limitations of current stochastic game models. Such models only consider perfect information assuming that the defender is always able to detect attacks; assuming that the state transition probabilities are fixed before the game assuming that the players actions aremore » always synchronous; and that most models are not scalable with the size and complexity of systems under consideration. Our use of ABMs yields results of selected experiments that demonstrate our proposed approach and provides a quantitative measure for realistic information systems and their related security scenarios.« less

ID201202961, DOE S-124,539, Information Security Analysis Using Game Theory and Simulation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Schlicher, Bob G

Information security analysis can be performed using game theory implemented in dynamic simulations of Agent Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability that allows us to also address previous limitations of current stochastic game models. Such models only consider perfect information assuming that the defender is always able to detect attacks; assuming that the state transition probabilities are fixed before the game assuming that the players actions aremore » always synchronous; and that most models are not scalable with the size and complexity of systems under consideration. Our use of ABMs yields results of selected experiments that demonstrate our proposed approach and provides a quantitative measure for realistic information systems and their related security scenarios.« less

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Physically secured orthogonal frequency division multiplexing-passive optical network employing noise-based encryption and signal recovery process

NASA Astrophysics Data System (ADS)

Jin, Wei; Zhang, Chongfu; Yuan, Weicheng

2016-02-01

We propose a physically enhanced secure scheme for direct detection-orthogonal frequency division multiplexing-passive optical network (DD-OFDM-PON) and long reach coherent detection-orthogonal frequency division multiplexing-passive optical network (LRCO-OFDM-PON), by employing noise-based encryption and channel/phase estimation. The noise data generated by chaos mapping are used to substitute training sequences in preamble to realize channel estimation and frame synchronization, and also to be embedded on variable number of key-selected randomly spaced pilot subcarriers to implement phase estimation. Consequently, the information used for signal recovery is totally hidden as unpredictable noise information in OFDM frames to mask useful information and to prevent illegal users from correctly realizing OFDM demodulation, and thereby enhancing resistance to attackers. The levels of illegal-decryption complexity and implementation complexity are theoretically discussed. Through extensive simulations, the performances of the proposed channel/phase estimation and the security introduced by encrypted pilot carriers have been investigated in both DD-OFDM and LRCO-OFDM systems. In addition, in the proposed secure DD-OFDM/LRCO-OFDM PON models, both legal and illegal receiving scenarios have been considered. These results show that, by utilizing the proposed scheme, the resistance to attackers can be significantly enhanced in DD-OFDM-PON and LRCO-OFDM-PON systems without performance degradations.

Helix Project Testbed - Towards the Self-Regenerative Incorruptible Enterprise

DTIC Science & Technology

2011-09-14

hardware implementation with a microkernel in a way that allows information flow properties of the entire construction to be statically verified all the way...secure architectural skeleton. This skeleton couples a critical slice of the low level hardware implementation with a microkernel in a way that

Towards an integrated defense system for cyber security situation awareness experiment

NASA Astrophysics Data System (ADS)

Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

2015-05-01

In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

Ethics in Public Health Research

PubMed Central

Myers, Julie; Frieden, Thomas R.; Bherwani, Kamal M.; Henning, Kelly J.

2008-01-01

Public health agencies increasingly use electronic means to acquire, use, maintain, and store personal health information. Electronic data formats can improve performance of core public health functions, but potentially threaten privacy because they can be easily duplicated and transmitted to unauthorized people. Although such security breaches do occur, electronic data can be better secured than paper records, because authentication, authorization, auditing, and accountability can be facilitated. Public health professionals should collaborate with law and information technology colleagues to assess possible threats, implement updated policies, train staff, and develop preventive engineering measures to protect information. Tightened physical and electronic controls can prevent misuse of data, minimize the risk of security breaches, and help maintain the reputation and integrity of public health agencies. PMID:18382010

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Smart cards--the key to trustworthy health information systems.

PubMed Central

Neame, R.

1997-01-01

Some 20 years after they were first developed, "smart cards" are set to play a crucial part in healthcare systems. Last year about a billion were supplied, mainly for use in the financial sector, but their special features make them of particular strategic importance for the health sector, where they offer a ready made solution to some key problems of security and confidentiality. This article outlines what smart cards are and why they are so important in managing health information. I discuss some of the unique features of smart cards that are of special importance in the development of secure and trustworthy health information systems. Smart cards would enable individuals' identities to be authenticated and communications to be secured and would provide the mechanisms for implementing strong security, differential access to data, and definitive audit trails. Patient cards can also with complete security carry personal details, data on current health problems and medications, emergency care data, and pointers to where medical records for the patient can be found. Provider cards can in addition carry authorisations and information on computer set up. PMID:9055719

Development of an Internet Security Policy for health care establishments.

PubMed

Ilioudis, C; Pangalos, G

2000-01-01

The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

Roadmap for Early Childhood and K-12 Data Linkages: Key Focus Areas to Ensure Quality Implementation. Quality Implementation Roadmaps

ERIC Educational Resources Information Center

Data Quality Campaign, 2016

2016-01-01

Every state can create secure, robust linkages between early childhood and K-12 data systems, and effectively use the information from these linkages to implement initiatives to support programs and children, answer key policy questions, and be transparent about how the state's early childhood investments prepare students for success in school and…

Counterfeit Compliance with the HIPAA Security Rule: A Study of Information System Success

ERIC Educational Resources Information Center

Johnson, James R.

2013-01-01

The intent of the security standards adopted by the Department of Health and Human Services (DHS) implementing some of the requirements of the Administrative Simplification (AS) subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was to improve Federal and private health care programs and to improve the…

78 FR 9691 - Proposed Agency Information Collection Activities; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-11

... Securities Rulemaking Board (MSRB) to promulgate rules requiring municipal security dealers to file reports..., Section 15B(c) of the Act provides that ARAs may enforce compliance with the SEC's and MSRB's rules. 15 U... other ARAs to make rules and regulations in order to implement the provisions of the Act. 15 U.S.C. 78w...

Summary of vulnerability related technologies based on machine learning

NASA Astrophysics Data System (ADS)

Zhao, Lei; Chen, Zhihao; Jia, Qiong

2018-04-01

As the scale of information system increases by an order of magnitude, the complexity of system software is getting higher. The vulnerability interaction from design, development and deployment to implementation stages greatly increases the risk of the entire information system being attacked successfully. Considering the limitations and lags of the existing mainstream security vulnerability detection techniques, this paper summarizes the development and current status of related technologies based on the machine learning methods applied to deal with massive and irregular data, and handling security vulnerabilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despitemore » much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.« less

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2010 CFR

2010-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2011 CFR

2011-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

36 CFR 1260.56 - What are NARA considerations when implementing automatic declassification?

Code of Federal Regulations, 2014 CFR

2014-07-01

... 36 Parks, Forests, and Public Property 3 2014-07-01 2014-07-01 false What are NARA considerations when implementing automatic declassification? 1260.56 Section 1260.56 Parks, Forests, and Public Property NATIONAL ARCHIVES AND RECORDS ADMINISTRATION DECLASSIFICATION DECLASSIFICATION OF NATIONAL SECURITY INFORMATION Automatic Declassification §...

Innovative hyperchaotic encryption algorithm for compressed video

NASA Astrophysics Data System (ADS)

Yuan, Chun; Zhong, Yuzhuo; Yang, Shiqiang

2002-12-01

It is accepted that stream cryptosystem can achieve good real-time performance and flexibility which implements encryption by selecting few parts of the block data and header information of the compressed video stream. Chaotic random number generator, for example Logistics Map, is a comparatively promising substitute, but it is easily attacked by nonlinear dynamic forecasting and geometric information extracting. In this paper, we present a hyperchaotic cryptography scheme to encrypt the compressed video, which integrates Logistics Map with Z(232 - 1) field linear congruential algorithm to strengthen the security of the mono-chaotic cryptography, meanwhile, the real-time performance and flexibility of the chaotic sequence cryptography are maintained. It also integrates with the dissymmetrical public-key cryptography and implements encryption and identity authentification on control parameters at initialization phase. In accord with the importance of data in compressed video stream, encryption is performed in layered scheme. In the innovative hyperchaotic cryptography, the value and the updating frequency of control parameters can be changed online to satisfy the requirement of the network quality, processor capability and security requirement. The innovative hyperchaotic cryprography proves robust security by cryptoanalysis, shows good real-time performance and flexible implement capability through the arithmetic evaluating and test.

Development of a medical information system that minimizes staff workload and secures system safety at a small medical institution

NASA Astrophysics Data System (ADS)

Haneda, Kiyofumi; Koyama, Tadashi

2005-04-01

We developed a secure system that minimizes staff workload and secures safety of a medical information system. In this study, we assess the legal security requirements and risks occurring from the use of digitized data. We then analyze the security measures for ways of reducing these risks. In the analysis, not only safety, but also costs of security measures and ease of operability are taken into consideration. Finally, we assess the effectiveness of security measures by employing our system in small-sized medical institution. As a result of the current study, we developed and implemented several security measures, such as authentications, cryptography, data back-up, and secure sockets layer protocol (SSL) in our system. In conclusion, the cost for the introduction and maintenance of a system is one of the primary difficulties with its employment by a small-sized institution. However, with recent reductions in the price of computers, and certain advantages of small-sized medical institutions, the development of an efficient system configuration has become possible.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

78 FR 45256 - Intent To Request Approval From OMB of One New Public Collection of Information: TSA Pre✓TM

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-26

...-begins . TSA seeks to establish enrollment sites and implement a mobile enrollment capability. Those... by submitting biographic information and paying the fee using a secure web portal (or by money order...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2103.13 - Duration of original classification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... REGULATIONS TO IMPLEMENT E.O. 12065-INCLUDING PROCEDURES FOR PUBLIC ACCESS TO DOCUMENTS THAT MAY BE... pertains to communication security; (d) The information reveals vulnerability or capability data, the... the plan; (f) The information concerns specific foreign relations matters, the continued protection of...

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009-2014.

PubMed

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G; Muhammed, Ado J G

2016-05-01

The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. © 2016 World Health Organization; licensee Oxford Journals.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009–2014

PubMed Central

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G.; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M.; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G.; Muhammed, Ado J. G.

2016-01-01

Background. The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. Methods. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Results. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. Conclusions. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. PMID:26655842

Integrating Remote and Social Sensing Data for a Scenario on Secure Societies in Big Data Platform

NASA Astrophysics Data System (ADS)

Albani, Sergio; Lazzarini, Michele; Koubarakis, Manolis; Taniskidou, Efi Karra; Papadakis, George; Karkaletsis, Vangelis; Giannakopoulos, George

2016-08-01

In the framework of the Horizon 2020 project BigDataEurope (Integrating Big Data, Software & Communities for Addressing Europe's Societal Challenges), a pilot for the Secure Societies Societal Challenge was designed considering the requirements coming from relevant stakeholders. The pilot is focusing on the integration in a Big Data platform of data coming from remote and social sensing.The information on land changes coming from the Copernicus Sentinel 1A sensor (Change Detection workflow) is integrated with information coming from selected Twitter and news agencies accounts (Event Detection workflow) in order to provide the user with multiple sources of information.The Change Detection workflow implements a processing chain in a distributed parallel manner, exploiting the Big Data capabilities in place; the Event Detection workflow implements parallel and distributed social media and news agencies monitoring as well as suitable mechanisms to detect and geo-annotate the related events.

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

Design and implementation of a secure workflow system based on PKI/PMI

NASA Astrophysics Data System (ADS)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

Security in perspective; luxury or must?

PubMed

Bakker, A

1998-03-01

In this paper, security in health information systems is put into perspective. The further penetration of information technology into health care is discussed and it is concluded that information systems have already become a vital component, not only for the logistics of the health care institution but also for the rendering of care and cure. Health care depends heavily on adequate data, so availability and integrity are equally important. In view of the sensitive nature of many patient data, the importance of confidentiality was recognised long before computers were invented. For widespread use of IT in health care it is of vital importance that computers can be trusted in respect of confidentiality. This paper emphasises the need to pay attention to security and suggests a responsible approach with implementation of both technical and organisational measures.

Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report

DTIC Science & Technology

2011-08-24

REPORT Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: The...goal of this program is to establish a fundamental information-theoretic understand of quantum secure communication and to devise a practical...scalable implementation of quantum key distribution protocols in an integrated photonic architecture. We report our progress on experimental and

76 FR 29817 - Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap Agreement”; Mixed...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-23

... present their views more generally on implementation of the Dodd-Frank Act through their Web sites... . The views expressed in the comments in response to the ANPR, in response to the Commissions' informal solicitations, and at such meetings are collectively referred to as the views of ``commenters.'' Based on this...

Multi-Level Secure Information Sharing Between Smart Cloud Systems of Systems

DTIC Science & Technology

2014-03-01

implementation of virtual hardware (VMWare), along with a commercial implementation of virtual networking (VPN), such as OpenVPN . 1. VMWare Virtualization...en.wikipedia.org/wiki/MongoDB. Wikipedia. 2014b. Accessed February 26. s.v. “Open VPN,” http://en.wikipedia.org/wiki/ OpenVPN . Wikipedia. 2014c. Accessed

Electronic health systems: challenges faced by hospital-based providers.

PubMed

Agno, Christina Farala; Guo, Kristina L

2013-01-01

The purpose of this article is to discuss specific challenges faced by hospitals adopting the use of electronic medical records and implementing electronic health record (EHR) systems. Challenges include user and information technology support; ease of technical use and software interface capabilities; compliance; and financial, legal, workforce training, and development issues. Electronic health records are essential to preventing medical errors, increasing consumer trust and use of the health system, and improving quality and overall efficiency. Government efforts are focused on ways to accelerate the adoption and use of EHRs as a means of facilitating data sharing, protecting health information privacy and security, quickly identifying emerging public health threats, and reducing medical errors and health care costs and increasing quality of care. This article will discuss physician and nonphysician staff training before, during, and after implementation; the effective use of EHR systems' technical features; the selection of a capable and secure EHR system; and the development of collaborative system implementation. Strategies that are necessary to help health care providers achieve successful implementation of EHR systems will be addressed.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, Cynthia Lee

There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allowmore » special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal concept.« less

The personal health record paradox: health care professionals' perspectives and the information ecology of personal health record systems in organizational and clinical settings.

PubMed

Nazi, Kim M

2013-04-04

Despite significant consumer interest and anticipated benefits, overall adoption of personal health records (PHRs) remains relatively low. Understanding the consumer perspective is necessary, but insufficient by itself. Consumer PHR use also has broad implications for health care professionals and organizational delivery systems; however, these have received less attention. An exclusive focus on the PHR as a tool for consumer empowerment does not adequately take into account the social and organizational context of health care delivery, and the reciprocal nature of patient engagement. The purpose of this study was to examine the experiences of physicians, nurses, and pharmacists at the Department of Veterans Affairs (VA) using an organizationally sponsored PHR to develop insights into the interaction of technology and processes of health care delivery. The conceptual framework for the study draws on an information ecology perspective, which recognizes that a vibrant dynamic exists among technologies, people, practices, and values, accounting for both the values and norms of the participants and the practices of the local setting. The study explores the experiences and perspectives of VA health care professionals related to patient use of the My HealtheVet PHR portal and secure messaging systems. In-depth interviews were conducted with 30 VA health care professionals engaged in providing direct patient care who self-reported that they had experiences with at least 1 of 4 PHR features. Interviews were transcribed, coded, and analyzed to identify inductive themes. Organizational documents and artifacts were reviewed and analyzed to trace the trajectory of secure messaging implementation as part of the VA Patient Aligned Care Team (PACT) model. Study findings revealed a variety of factors that have facilitated or inhibited PHR adoption, use, and endorsement of patient use by health care professionals. Health care professionals' accounts and analysis of organizational documents revealed a multidimensional dynamic between the trajectory of secure messaging implementation and its impact on organizational actors and their use of technology, influencing workflow, practices, and the flow of information. In effect, secure messaging was the missing element of complex information ecology and its implementation acted as a catalyst for change. Secure messaging was found to have important consequences for access, communication, patient self-report, and patient/provider relationships. Study findings have direct implications for the development and implementation of PHR systems to ensure adequate training and support for health care professionals, alignment with clinical workflow, and features that enable information sharing and communication. Study findings highlight the importance of clinician endorsement and engagement, and the need to further examine both intended and unintended consequences of use. This research provides an integral step toward better understanding the social and organizational context and impact of PHR and secure messaging use in clinical practice settings.

78 FR 23637 - Identity Theft Red Flags Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-19

... Address Control Issues with Implementing Cloud Computing (May 2010), available at http://www.gao.gov/new.items/d10513.pdf (discussing information security implications of cloud computing); Department of...

77 FR 13449 - Identity Theft Red Flags Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-06

... Address Control Issues with Implementing Cloud Computing (May 2010) (available at http://www.gao.gov/new.items/d10513.pdf ) (discussing information security implications of cloud computing); Department of...

Local Governments (Executive Offices) Sector (NAICS 921110)

EPA Pesticide Factsheets

EPA regulatory information for government executive offices, including state implementation plans (SIPs), local emergency planning under EPCRA, drinking water treatment, water supply security, and compliance assistance for boiler & combustion regulations.

Physical security and IT convergence: Managing the cyber-related risks.

PubMed

McCreight, Tim; Leece, Doug

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

Models for Information Assurance Education and Outreach: A Report on Year 2 Implementation

ERIC Educational Resources Information Center

Wang, Jianjun

2014-01-01

"Models for Information Assurance Education and Outreach" (MIAEO) is an NSF-funded, three-year project to support hands-on explorations in "network security" and "cryptography" through Research Experience Vitalizing Science-University Program (REVS-UP) at California State University, Bakersfield. In addition, the…

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

The impact of secure messaging on workflow in primary care: Results of a multiple-case, multiple-method study.

PubMed

Hoonakker, Peter L T; Carayon, Pascale; Cartmill, Randi S

2017-04-01

Secure messaging is a relatively new addition to health information technology (IT). Several studies have examined the impact of secure messaging on (clinical) outcomes but very few studies have examined the impact on workflow in primary care clinics. In this study we examined the impact of secure messaging on workflow of clinicians, staff and patients. We used a multiple case study design with multiple data collections methods (observation, interviews and survey). Results show that secure messaging has the potential to improve communication and information flow and the organization of work in primary care clinics, partly due to the possibility of asynchronous communication. However, secure messaging can also have a negative effect on communication and increase workload, especially if patients send messages that are not appropriate for the secure messaging medium (for example, messages that are too long, complex, ambiguous, or inappropriate). Results show that clinicians are ambivalent about secure messaging. Secure messaging can add to their workload, especially if there is high message volume, and currently they are not compensated for these activities. Staff is -especially compared to clinicians- relatively positive about secure messaging and patients are overall very satisfied with secure messaging. Finally, clinicians, staff and patients think that secure messaging can have a positive effect on quality of care and patient safety. Secure messaging is a tool that has the potential to improve communication and information flow. However, the potential of secure messaging to improve workflow is dependent on the way it is implemented and used. Copyright © 2017 Elsevier B.V. All rights reserved.

32 CFR 236.5 - Cyber security information sharing.

Code of Federal Regulations, 2014 CFR

2014-07-01

... forensics laboratory at DC3, which implements specialized handling procedures to maintain its accreditation as a digital and multimedia forensics laboratory. DC3 will maintain, control, and dispose of all...

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Phoenix: Service Oriented Architecture for Information Management - Abstract Architecture Document

DTIC Science & Technology

2011-09-01

implementation logic and policy if and which Information Brokering and Repository Services the information is going to be forwarded to. These service chains...descriptions are going to be retrieved. Raised Exceptions: • Exception getConsumers(sessionTrack : SessionTrack, information : Information...that exetnd the usefullness of the IM system as a whole. • Client • Event Notification • Filter • Information Discovery • Security • Service

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

PubMed

Wang, Hao; Lau, Nathan; Gerdes, Ryan M

2018-04-01

The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

32 CFR 236.5 - Cyber security information sharing.

Code of Federal Regulations, 2013 CFR

2013-07-01

... multimedia forensics laboratory at DC3, which implements specialized handling procedures to maintain its accreditation as a digital and multimedia forensics laboratory. DC3 will maintain, control, and dispose of all...

32 CFR 236.5 - Cyber security information sharing.

Code of Federal Regulations, 2012 CFR

2012-07-01

... multimedia forensics laboratory at DC3, which implements specialized handling procedures to maintain its accreditation as a digital and multimedia forensics laboratory. DC3 will maintain, control, and dispose of all...

Installation of secure, always available wireless LAN systems as a component of the hospital communication infrastructure.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-06-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. In addition, insuring that the network is always available is important. Herein, we discuss security countermeasures and points to insure availability that must be taken to insure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at Shimane University Hospital. Security countermeasures differ according to their purpose, such as for preventing illegal use or insuring availability, both of which are discussed. It is our hope that this information will assist others in their efforts to insure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

78 FR 18305 - Notice of Request for Extension of a Currently Approved Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-26

... Identity Verification (PIV) Request for Credential, the USDA Homeland Security Presidential Directive 12... consists of two phases of implementation: Personal Identity Verification phase I (PIV I) and Personal Identity Verification phase II (PIV II). The information requested must be provided by Federal employees...

Exploitation of Unintentional Information Leakage from Integrated Circuits

ERIC Educational Resources Information Center

Cobb, William E.

2011-01-01

The information leakage of electronic devices, especially those used in cryptographic or other vital applications, represents a serious practical threat to secure systems. While physical implementation attacks have evolved rapidly over the last decade, relatively little work has been done to allow system designers to effectively counter the…

Intranet Implementation as an HR Communication Strategy.

ERIC Educational Resources Information Center

Murphy, Daniel J.; Andrews, Dianna M.

1996-01-01

Applications of World Wide Web-style institutional intranets and browsers to provide and manage information in college personnel administration are examined. The intranet can facilitate use of more complex data structures, protect data security, allow tracking of information and forms, eliminate hard-copy manuals, maintain up-to-date schedules,…

32 CFR 286h.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... classified information shall be made through existing security channels in accordance with DoD 5220.22-R;1 DoD 5220.22-M;2 and DoD 5200.1-R, 3 which are implementing publications for safeguarding classified... Acquisition Regulation Supplement (DFARS) 215.1003(a). (5) Planning, programming, and budgetary information...

75 FR 62399 - Office of the National Coordinator for Health Information Technology; HIT Standards Committee...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-08

..., implementation, and privacy and security. HIT Standards Committee Schedule for the Assessment of HIT Policy... recommendations received from the HIT Policy Committee regarding health information technology standards...), section 3003. Erin Poetter, Office of Policy and Planning, Office of the National Coordinator for Health...

Gifts, bribes and solicitions: print media and the social construction of informal payments to doctors in Taiwan.

PubMed

Chiu, Yu-Chan; Smith, Katherine Clegg; Morlock, Laura; Wissow, Lawrence

2007-02-01

The Taiwanese practice of patients giving informal payments to physicians to secure services is deeply rooted in social and cultural factors. This study examines the portrayal of informal payments by Taiwanese print news media over a period of 12 years-from prior to until after the implementation of national health insurance (NHI) in Taiwan in 1995. The goal of the study was to examine how the advent of NHI changed the rationale for and use of informal payments. Both before and after the introduction of NHI, Taiwanese newspapers portrayed informal payments as appropriate means to secure access to better health care. Newspaper accounts established that, although NHI reduced patients' financial barriers to care, it did not change deeply held cultural beliefs that good care depended on the development of a reciprocal sense of obligation between patients and physicians. Physicians may have also encouraged the ongoing use of informal payments to make up revenue lost when NHI standardized fees and limited income from dispensing medications. In 2002, seven years after the implementation of NHI, the use of informal payments, though illegal, was still being justified in the print media through allusions to its role in traditional Taiwanese culture.

Y-12 Integrated Materials Management System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alspaugh, D. H.; Hickerson, T. W.

2002-06-03

The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclearmore » material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system.« less

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Shannon

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, andmore » proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.« less

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

PubMed

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

Telemedicine and security. Confidentiality, integrity, and availability: a Canadian perspective.

PubMed

Jennett, P; Watanabe, M; Igras, E; Premkumar, K; Hall, W

1996-01-01

The health care system is undergoing major reform, characterized by organized delivery systems (regionalization, decentralization, devolution, etc); shifts in care delivery sites; changing health provider roles; increasing consumer responsibilities; and accountability. Rapid advances in information technology and telecommunications have led to a new type of information infrastructure which can play a major role in this reform. Compatible health information systems are now being integrated and connected across institutional, regional, and sectorial boundaries. In the near future, these information systems will readily be accessed and shared by health providers, researchers, policy makers, health consumers, and the public. SECURITY is a critical characteristic of any health information system. This paper will address three fields associated with SECURITY: confidentiality, integrity, and availability. These will be defined and examined as they relate to specific aspects of Telemedicine, such as electronic integrated records and clinical databases; electronic transfer of documents; as well as data storage and disposal. The guiding principles, standards, and safeguards being considered and put in place to ensure that telemedicine information intrastructures can protect and benefit all stakeholders' rights and needs in both primary and secondary uses of information will be reviewed. Implemented, proposed, and tested institutional, System, and Network solutions will be discussed; for example, encryption-decryption methods; data transfer standards; individual and terminal access and entry I.D. and password levels; smart card access and PIN number control; data loss prevention strategies; interference alerts; information access keys; algorithm safeguards; and active marketing to users of standards and principles. Issues such as policy, implementation, and ownership will be addressed.

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2014 CFR

2014-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2010 CFR

2010-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2012 CFR

2012-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2013 CFR

2013-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2011 CFR

2011-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

Information security concepts and practices: the case of a provincial multi-specialty hospital.

PubMed

Cavalli, Enrico; Mattasoglio, Andrea; Pinciroli, Francesco; Spaggiari, Piergiorgio

2004-03-31

In recent years, major and widely accepted information security understandings and achievements confirm that the problem is complex. They clarify that technologies are fundamental tools, but management processes have even bigger relevance, as also prestigious international magazines dossier clearly explained recently. Such a magazine attention outlines the wide impact that the subject has on watchful decision makers. ISO17799 is an emerging standard in information security. In principle there are no reasons for considering it not applicable to the health care sector. In practice, because of both the just conceptual level of the standard and the peculiarities of the health care data and institutions, a lot of analysis and design work need to be invested any time a health care institution decides to deal with the subject. CEN/ENV 12924 is another emerging standard certainly more on the spot of the health care. Nevertheless, it also asks for evident further investigation. The practical case of information security design, implementation, management, and auditing inside a multi-specialty provincial Italian hospital will be described.

DOE Office of Scientific and Technical Information (OSTI.GOV)

The Autonomic Intelligent Cyber Sensor (AICS) provides cyber security and industrial network state awareness for Ethernet based control network implementations. The AICS utilizes collaborative mechanisms based on Autonomic Research and a Service Oriented Architecture (SOA) to: 1) identify anomalous network traffic; 2) discover network entity information; 3) deploy deceptive virtual hosts; and 4) implement self-configuring modules. AICS achieves these goals by dynamically reacting to the industrial human-digital ecosystem in which it resides. Information is transported internally and externally on a standards based, flexible two-level communication structure.

Digital telephony analysis model and issues

NASA Astrophysics Data System (ADS)

Keuthan, Lynn M.

1995-09-01

Experts in the fields of digital telephony and communications security have stated the need for an analytical tool for evaluating complex issues. Some important policy issues discussed by experts recently include implementing digital wire-taps, implementation of the 'Clipper Chip', required registration of encryption/decryption keys, and export control of cryptographic equipment. Associated with the implementation of these policies are direct costs resulting from implementation, indirect cost benefits from implementation, and indirect costs resulting from the risks of implementation or factors reducing cost benefits. Presented herein is a model for analyzing digital telephony policies and systems and their associated direct costs and indirect benefit and risk factors. In order to present the structure of the model, issues of national importance and business-related issues are discussed. The various factors impacting the implementation of the associated communications systems and communications security are summarized, and various implementation tradeoffs are compared based on economic benefits/impact. The importance of the issues addressed herein, as well as other digital telephony issues, has greatly increased with the enormous increases in communication system connectivity due to the advance of the National Information Infrastructure.

A cryptographic key management solution for HIPAA privacy/security regulations.

PubMed

Lee, W-B; Lee, C-D

2008-01-01

The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.

Authenticated multi-user quantum key distribution with single particles

NASA Astrophysics Data System (ADS)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

76 FR 81787 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-29

... requirements for the agency (DHS) to respect individuals' rights to control their information in possession of... Database System of Records is a repository of information held by DHS in connection with its several and.... The DHS/ALL-030 Use of Terrorist Screening Database System of Records contains information that is...

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Booker, Paul M.; Maple, Scott A.

2010-06-08

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a causemore » add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.« less

Security of medical multimedia.

PubMed

Tzelepi, S; Pangalos, G; Nikolacopoulou, G

2002-09-01

The application of information technology to health care has generated growing concern about the privacy and security of medical information. Furthermore, data and communication security requirements in the field of multimedia are higher. In this paper we describe firstly the most important security requirements that must be fulfilled by multimedia medical data, and the security measures used to satisfy these requirements. These security measures are based mainly on modern cryptographic and watermarking mechanisms as well as on security infrastructures. The objective of our work is to complete this picture, exploiting the capabilities of multimedia medical data to define and implement an authorization model for regulating access to the data. In this paper we describe an extended role-based access control model by considering, within the specification of the role-permission relationship phase, the constraints that must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specifiy very fine-grained and flexible content-, context- and time-based access control policies. Other restrictions, such as role entry restriction also can be captured. Finally, the description of system architecture for a secure DBMS is presented.

Effect of quantum noise on deterministic joint remote state preparation of a qubit state via a GHZ channel

NASA Astrophysics Data System (ADS)

Wang, Ming-Ming; Qu, Zhi-Guo

2016-11-01

Quantum secure communication brings a new direction for information security. As an important component of quantum secure communication, deterministic joint remote state preparation (DJRSP) could securely transmit a quantum state with 100 % success probability. In this paper, we study how the efficiency of DJRSP is affected when qubits involved in the protocol are subjected to noise or decoherence. Taking a GHZ-based DJRSP scheme as an example, we study all types of noise usually encountered in real-world implementations of quantum communication protocols, i.e., the bit-flip, phase-flip (phase-damping), depolarizing and amplitude-damping noise. Our study shows that the fidelity of the output state depends on the phase factor, the amplitude factor and the noise parameter in the bit-flip noise, while the fidelity only depends on the amplitude factor and the noise parameter in the other three types of noise. And the receiver will get different output states depending on the first preparer's measurement result in the amplitude-damping noise. Our results will be helpful for improving quantum secure communication in real implementation.

Medical image security in a HIPAA mandated PACS environment.

PubMed

Cao, F; Huang, H K; Zhou, X Q

2003-01-01

Medical image security is an important issue when digital images and their pertinent patient information are transmitted across public networks. Mandates for ensuring health data security have been issued by the federal government such as Health Insurance Portability and Accountability Act (HIPAA), where healthcare institutions are obliged to take appropriate measures to ensure that patient information is only provided to people who have a professional need. Guidelines, such as digital imaging and communication in medicine (DICOM) standards that deal with security issues, continue to be published by organizing bodies in healthcare. However, there are many differences in implementation especially for an integrated system like picture archiving and communication system (PACS), and the infrastructure to deploy these security standards is often lacking. Over the past 6 years, members in the Image Processing and Informatics Laboratory, Childrens Hospital, Los Angeles/University of Southern California, have actively researched image security issues related to PACS and teleradiology. The paper summarizes our previous work and presents an approach to further research on the digital envelope (DE) concept that provides image integrity and security assurance in addition to conventional network security protection. The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The paper outlines the systematic development, evaluation and deployment of the DE method in a PACS environment. We have also proposed a dedicated PACS security server that will act as an image authority to check and certify the image origin and integrity upon request by a user, and meanwhile act also as a secure DICOM gateway to the outside connections and a PACS operation monitor for HIPAA supporting information. Copyright 2002 Elsevier Science Ltd.

Computer Security: Governmentwide Planning Process Had Limited Impact. Report to the Chairman, Committee on Science, Space, and Technology, House of Representatives.

ERIC Educational Resources Information Center

General Accounting Office, Washington, DC. Information Management and Technology Div.

As required by the Computer Security Act of 1987, federal agencies have to identify systems that contain sensitive information and develop plans to safeguard them. The planning process was assessed in 10 civilian agencies as well as the extent to which they had implemented planning controls described in 22 selected plans. The National Institute of…

An in fiber experimental approach to photonic quantum digital signatures that does not require quantum memory

NASA Astrophysics Data System (ADS)

Collins, Robert J.; Donaldon, Ross J.; Dunjko, Vedran; Wallden, Petros; Clarke, Patrick J.; Andersson, Erika; Jeffers, John; Buller, Gerald S.

2014-10-01

Classical digital signatures are commonly used in e-mail, electronic financial transactions and other forms of electronic communications to ensure that messages have not been tampered with in transit, and that messages are transferrable. The security of commonly used classical digital signature schemes relies on the computational difficulty of inverting certain mathematical functions. However, at present, there are no such one-way functions which have been proven to be hard to invert. With enough computational resources certain implementations of classical public key cryptosystems can be, and have been, broken with current technology. It is nevertheless possible to construct information-theoretically secure signature schemes, including quantum digital signature schemes. Quantum signature schemes can be made information theoretically secure based on the laws of quantum mechanics, while classical comparable protocols require additional resources such as secret communication and a trusted authority. Early demonstrations of quantum digital signatures required quantum memory, rendering them impractical at present. Our present implementation is based on a protocol that does not require quantum memory. It also uses the new technique of unambiguous quantum state elimination, Here we report experimental results for a test-bed system, recorded with a variety of different operating parameters, along with a discussion of aspects of the system security.

Attacks on practical quantum key distribution systems (and how to prevent them)

NASA Astrophysics Data System (ADS)

Jain, Nitin; Stiller, Birgit; Khan, Imran; Elser, Dominique; Marquardt, Christoph; Leuchs, Gerd

2016-07-01

With the emergence of an information society, the idea of protecting sensitive data is steadily gaining importance. Conventional encryption methods may not be sufficient to guarantee data protection in the future. Quantum key distribution (QKD) is an emerging technology that exploits fundamental physical properties to guarantee perfect security in theory. However, it is not easy to ensure in practice that the implementations of QKD systems are exactly in line with the theoretical specifications. Such theory-practice deviations can open loopholes and compromise security. Several such loopholes have been discovered and investigated in the last decade. These activities have motivated the proposal and implementation of appropriate countermeasures, thereby preventing future attacks and enhancing the practical security of QKD. This article introduces the so-called field of quantum hacking by summarising a variety of attacks and their prevention mechanisms.

7 CFR 2.93 - Director, Office of Procurement and Property Management.

Code of Federal Regulations, 2010 CFR

2010-01-01

... in rural areas (7 U.S.C. 2206b). (20) In coordination with the Chief Financial Officer, implement the... of the Chief Information Officer. This delegation includes the authority to: (i) Insure that OMB... security activities with the Chief Information Officer who has primary responsibility for PDD 63, Critical...

76 FR 4709 - Extension of Agency Information Collection Activity Under OMB Review: Certified Cargo Screening...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-26

... period soliciting comments, of the following collection of information on October 14, 2010, 75 FR 63191. TSA has received no comments. The collections include: (1) Applications from entities that wish to... CCSFs and validation firms; (3) implementation of a standard security program or submission of a...

Ensuring the security and availability of a hospital wireless LAN system.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-01-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. Herein we discuss security countermeasures that must be taken and issues concerning availability that must be considered to ensure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at a university hospital. Security countermeasures differ according to their purpose, such as preventing illegal use or ensuring availability, both of which are discussed. The main focus of the availability discussion is on signal reach, electromagnetic noise elimination, and maintaining power supply to the network apparatus. It is our hope that this information will assist others in their efforts to ensure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Increasing operational command and control security by the implementation of device independent quantum key distribution

NASA Astrophysics Data System (ADS)

Bovino, Fabio Antonio; Messina, Angelo

2016-10-01

In a very simplistic way, the Command and Control functions can be summarized as the need to provide the decision makers with an exhaustive, real-time, situation picture and the capability to convey their decisions down to the operational forces. This two-ways data and information flow is vital to the execution of current operations and goes far beyond the border of military operations stretching to Police and disaster recovery as well. The availability of off-the shelf technology has enabled hostile elements to endanger the security of the communication networks by violating the traditional security protocols and devices and hacking sensitive databases. In this paper an innovative approach based to implementing Device Independent Quantum Key Distribution system is presented. The use of this technology would prevent security breaches due to a stolen crypto device placed in an end-to-end communication chain. The system, operating with attenuated laser, is practical and provides the increasing of the distance between the legitimate users.

Study on Cloud Security Based on Trust Spanning Tree Protocol

NASA Astrophysics Data System (ADS)

Lai, Yingxu; Liu, Zenghui; Pan, Qiuyue; Liu, Jing

2015-09-01

Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new trust evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

The use of biometrics in the Personal Health Record (PHR).

PubMed

Bonney, Wilfred

2011-01-01

The emergence of the Personal Health Record (PHR) has made individual health information more readily accessible to a wide range of users including patients, consumers, practitioners, and healthcare providers. However, increased accessibility of PHR threatens the confidentiality, privacy, and security of personalized health information. Therefore, a need for robust and reliable forms of authentication is of prime concern. The concept of biometric authentication is now highly visible to healthcare providers as a technology to prevent unauthorized access to individual health information. Implementing biometric authentication mechanisms to protect PHR facilitates access control and secure exchange of health information. In this paper, a literature review is used to explore the key benefits, technical barriers, challenges, and ethical implications for using biometric authentication in PHR.

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

DTIC Science & Technology

2016-12-01

at a high cost and is protected by contractual agreements between vendors and the government. Yet indiscriminate labeling of information as...federally funded research and development centers [FFRDCs], information technology [IT] support, or other contractor support). Proprietary...con- tractor originators of the information (prime contractors and subcontractors), the government, and nongovernmental entities assisting the

Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

DTIC Science & Technology

2016-12-19

at a high cost and is protected by contractual agreements between vendors and the government. Yet indiscriminate labeling of information as...federally funded research and development centers [FFRDCs], information technology [IT] support, or other contractor support). Proprietary...con- tractor originators of the information (prime contractors and subcontractors), the government, and nongovernmental entities assisting the

The Personal Health Record Paradox: Health Care Professionals’ Perspectives and the Information Ecology of Personal Health Record Systems in Organizational and Clinical Settings

PubMed Central

2013-01-01

Background Despite significant consumer interest and anticipated benefits, overall adoption of personal health records (PHRs) remains relatively low. Understanding the consumer perspective is necessary, but insufficient by itself. Consumer PHR use also has broad implications for health care professionals and organizational delivery systems; however, these have received less attention. An exclusive focus on the PHR as a tool for consumer empowerment does not adequately take into account the social and organizational context of health care delivery, and the reciprocal nature of patient engagement. Objective The purpose of this study was to examine the experiences of physicians, nurses, and pharmacists at the Department of Veterans Affairs (VA) using an organizationally sponsored PHR to develop insights into the interaction of technology and processes of health care delivery. The conceptual framework for the study draws on an information ecology perspective, which recognizes that a vibrant dynamic exists among technologies, people, practices, and values, accounting for both the values and norms of the participants and the practices of the local setting. The study explores the experiences and perspectives of VA health care professionals related to patient use of the My HealtheVet PHR portal and secure messaging systems. Methods In-depth interviews were conducted with 30 VA health care professionals engaged in providing direct patient care who self-reported that they had experiences with at least 1 of 4 PHR features. Interviews were transcribed, coded, and analyzed to identify inductive themes. Organizational documents and artifacts were reviewed and analyzed to trace the trajectory of secure messaging implementation as part of the VA Patient Aligned Care Team (PACT) model. Results Study findings revealed a variety of factors that have facilitated or inhibited PHR adoption, use, and endorsement of patient use by health care professionals. Health care professionals’ accounts and analysis of organizational documents revealed a multidimensional dynamic between the trajectory of secure messaging implementation and its impact on organizational actors and their use of technology, influencing workflow, practices, and the flow of information. In effect, secure messaging was the missing element of complex information ecology and its implementation acted as a catalyst for change. Secure messaging was found to have important consequences for access, communication, patient self-report, and patient/provider relationships. Conclusions Study findings have direct implications for the development and implementation of PHR systems to ensure adequate training and support for health care professionals, alignment with clinical workflow, and features that enable information sharing and communication. Study findings highlight the importance of clinician endorsement and engagement, and the need to further examine both intended and unintended consequences of use. This research provides an integral step toward better understanding the social and organizational context and impact of PHR and secure messaging use in clinical practice settings. PMID:23557596

A Modernized System for Agricultural Monitoring for Food Security in Tanzania

NASA Astrophysics Data System (ADS)

Dempewolf, J.; Nakalembe, C. L.; Becker-Reshef, I.; Justice, C. J.; Tumbo, S.; Mbilinyi, B.; Maurice, S.; Mtalo, M.

2016-12-01

Accurate and timely information on agriculture, particularly in many countries dominated by complex smallholder, subsistence agricultural systems is often difficult to obtain or not available. This includes up-to-date information during the growing season on crop type, crop area and crop condition such as developmental stage, damage from pests and diseases, drought or flooding. These data are critical for government decision making on production forecasts, planning for commodity market transactions, food aid delivery, responding to disease outbreaks and for implementing agricultural extension and development efforts. In Tanzania we have been working closely with the National Food Security Division (NFSD) at the Ministry of Agriculture, Livestock and Fisheries (MALF) on designing and implementing an advanced agricultural monitoring system, utilizing satellite remote sensing, smart phone and internet technologies. Together with our local implementing partner, the Sokoine University of Agriculture we trained a large number of agricultural extension agents in different regions of Tanzania to deliver field data in near-realtime. Using our collaborative internet portal (Crop Monitor) the team of analysts compiles pertinent information on current crop and weather conditions from throughout the country in a standardized, consistent manner. Using the portal traditionally collected data are combined with electronically collected field data and MODIS satellite image time series from GLAM East-Africa (Global Agricultural Monitoring System, customized for stakeholders in East Africa). The main outcome of this work has been the compilation of the National Food Security Bulletin for Tanzania with plans for a public release and the intention for it to become the main avenue to dispense current updates and analysis on agriculture in the country. The same information is also a potential contribution to the international Early Warning Crop Monitor, which currently covers Tanzania mainly through assessments provided by international agencies.

Implementing security in a distributed web-based EHCR.

PubMed

Sucurovic, Snezana

2007-01-01

In many countries there are initiatives for building an integrated patient-centric electronic health record. There are also initiatives for transnational integrations. These growing demands for integration result from the fact that it can provide improving healthcare treatments and reducing the cost of healthcare services. While in European highly developed countries computerisation in healthcare sector began in the 1970s and reached a high level, some developing countries, and Serbia among them, have started computerisation recently. This is why MEDIS (MEDical Information System) is aimed at integration itself from the very beginning instead of integration of heterogeneous information systems on a middle layer or using HL7 protocol. The implementation of a national healthcare information system requires using standards as integrated and widely accepted solutions. Therefore, we have started building MEDIS to meet the requirements of CEN ENV 13606 and CEN ENV 13729 standards. The prototype version has a distributed component-based architecture with modern security solutions applied. MEDIS has been implemented as a federated system where the central server hosts basic EHCR information about a patient, and clinical servers contain their own part of patients' EHCR. At present, there is an initial version of prototype planned to be deployed at first in a small community. In particular, open source API for X.509 authentication and authorisation has been developed. Our project meets the requirements for education in health informatics, including appropriate knowledge and skills on EHCR. The points included in this article have been presented on several national conferences and widely discussed. MEDIS has explored a federated, component-based EHCR architecture and related security aspects. In its initial version it shows acceptable performances and administrative simplicity. It emphasizes the importance of using standards in building EHCR in our country, in order to prepare it for future integrations.

Threats and risks to information security: a practical analysis of free access wireless networks

NASA Astrophysics Data System (ADS)

Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

2017-08-01

Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.

2009-10-14

The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators ofmore » the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).« less

Photonic quantum digital signatures operating over kilometer ranges in installed optical fiber

NASA Astrophysics Data System (ADS)

Collins, Robert J.; Fujiwara, Mikio; Amiri, Ryan; Honjo, Toshimori; Shimizu, Kaoru; Tamaki, Kiyoshi; Takeoka, Masahiro; Andersson, Erika; Buller, Gerald S.; Sasaki, Masahide

2016-10-01

The security of electronic communications is a topic that has gained noteworthy public interest in recent years. As a result, there is an increasing public recognition of the existence and importance of mathematically based approaches to digital security. Many of these implement digital signatures to ensure that a malicious party has not tampered with the message in transit, that a legitimate receiver can validate the identity of the signer and that messages are transferable. The security of most digital signature schemes relies on the assumed computational difficulty of solving certain mathematical problems. However, reports in the media have shown that certain implementations of such signature schemes are vulnerable to algorithmic breakthroughs and emerging quantum processing technologies. Indeed, even without quantum processors, the possibility remains that classical algorithmic breakthroughs will render these schemes insecure. There is ongoing research into information-theoretically secure signature schemes, where the security is guaranteed against an attacker with arbitrary computational resources. One such approach is quantum digital signatures. Quantum signature schemes can be made information-theoretically secure based on the laws of quantum mechanics while comparable classical protocols require additional resources such as anonymous broadcast and/or a trusted authority. Previously, most early demonstrations of quantum digital signatures required dedicated single-purpose hardware and operated over restricted ranges in a laboratory environment. Here, for the first time, we present a demonstration of quantum digital signatures conducted over several kilometers of installed optical fiber. The system reported here operates at a higher signature generation rate than previous fiber systems.

Corrective Action Decision Document/Closure Report for Corrective Action Unit 567: Miscellaneous Soil Sites - Nevada National Security Site, Nevada

DOE Office of Scientific and Technical Information (OSTI.GOV)

Matthews, Patrick

2014-12-01

This Corrective Action Decision Document/Closure Report presents information supporting the closure of Corrective Action Unit (CAU) 567: Miscellaneous Soil Sites, Nevada National Security Site, Nevada. The purpose of this Corrective Action Decision Document/Closure Report is to provide justification and documentation supporting the recommendation that no further corrective action is needed for CAU 567 based on the implementation of the corrective actions. The corrective actions implemented at CAU 567 were developed based on an evaluation of analytical data from the CAI, the assumed presence of COCs at specific locations, and the detailed and comparative analysis of the CAAs. The CAAs weremore » selected on technical merit focusing on performance, reliability, feasibility, safety, and cost. The implemented corrective actions meet all requirements for the technical components evaluated. The CAAs meet all applicable federal and state regulations for closure of the site. Based on the implementation of these corrective actions, the DOE, National Nuclear Security Administration Nevada Field Office provides the following recommendations: • No further corrective actions are necessary for CAU 567. • The Nevada Division of Environmental Protection issue a Notice of Completion to the DOE, National Nuclear Security Administration Nevada Field Office for closure of CAU 567. • CAU 567 be moved from Appendix III to Appendix IV of the FFACO.« less

Multiple-Feature Extracting Modules Based Leak Mining System Design

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing. PMID:24453892

Multiple-feature extracting modules based leak mining system design.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing.

A remote data access architecture for home-monitoring health-care applications.

PubMed

Lin, Chao-Hung; Young, Shuenn-Tsong; Kuo, Te-Son

2007-03-01

With the aging of the population and the increasing patient preference for receiving care in their own homes, remote home care is one of the fastest growing areas of health care in Taiwan and many other countries. Many remote home-monitoring applications have been developed and implemented to enable both formal and informal caregivers to have remote access to patient data so that they can respond instantly to any abnormalities of in-home patients. The aim of this technology is to give both patients and relatives better control of the health care, reduce the burden on informal caregivers and reduce visits to hospitals and thus result in a better quality of life for both the patient and his/her family. To facilitate their widespread adoption, remote home-monitoring systems take advantage of the low-cost features and popularity of the Internet and PCs, but are inherently exposed to several security risks, such as virus and denial-of-service (DoS) attacks. These security threats exist as long as the in-home PC is directly accessible by remote-monitoring users over the Internet. The purpose of the study reported in this paper was to improve the security of such systems, with the proposed architecture aimed at increasing the system availability and confidentiality of patient information. A broker server is introduced between the remote-monitoring devices and the in-home PCs. This topology removes direct access to the in-home PC, and a firewall can be configured to deny all inbound connections while the remote home-monitoring application is operating. This architecture helps to transfer the security risks from the in-home PC to the managed broker server, on which more advanced security measures can be implemented. The pros and cons of this novel architecture design are also discussed and summarized.

75 FR 733 - Implementation of the Executive Order, ``Classified National Security Information''

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-05

... 5.4 of the order as a key element in planning oversight of agencies. Each senior agency official... utilization of finite resources available for declassification, further referrals of these records are not...

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

A novel income security intervention to address poverty in a primary care setting: a retrospective chart review.

PubMed

Jones, Marcella K; Bloch, Gary; Pinto, Andrew D

2017-08-17

To examine the development and implementation of a novel income security intervention in primary care. A retrospective, descriptive chart review of all patients referred to the Income Security Heath Promotion service during the first year of the service (December 2013-December 2014). A multisite interdisciplinary primary care organisation in inner city Toronto, Canada, serving over 40 000 patients. The study population included 181 patients (53% female, mean age 48 years) who were referred to the Income Security Health Promotion service and engaged in care. The Income Security Health Promotion service consists of a trained health promoter who provides a mixture of expert advice and case management to patients to improve income security. An advisory group, made up of physicians, social workers, a community engagement specialist and a clinical manager, supports the service. Sociodemographic information, health status, referral information and encounter details were collected from patient charts. Encounters focused on helping patients with increasing their income (77.4%), reducing their expenses (58.6%) and improving their financial literacy (26.5%). The health promoter provided an array of services to patients, including assistance with taxes, connecting to community services, budgeting and accessing free services. The service could be improved with more specific goal setting, better links to other members of the healthcare team and implementing routine follow-up with each patient after discharge. Income Security Health Promotion is a novel service within primary care to assist vulnerable patients with a key social determinant of health. This study is a preliminary look at understanding the functioning of the service. Future research will examine the impact of the Income Security Health Promotion service on income security, financial literacy, engagement with health services and health outcomes. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2017. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

Experimental realization of counterfactual quantum cryptography Experimental realization of counterfactual quantum cryptography

NASA Astrophysics Data System (ADS)

Brida, G.; Cavanna, A.; Degiovanni, I. P.; Genovese, M.; Traina, P.

2012-03-01

In counterfactual quantum key distribution (CQKD) information is transferred, in a secure way, between Alice and Bob even when no particle carrying the information is in fact transmitted between them. In this letter we fully implement the scheme for CQKD proposed in [1], demonstrating for the first time that information can be transmitted between two parties without the transmission of a carrier.

Measuring Operational Resilience Using the CERT(Registered) Resilience Management Model

DTIC Science & Technology

2010-09-01

such as ISO 27002 [ ISO 2005]) and then measure the implementation and performance of practices contained in the standard. This checklist-based ap...Security techniques – Code of practice for information security management. ISO /IEC 27002 :2005, June 2005. Also known as ISO /IEC 17799:2005. [ ISO 2007...Table 23: ISO 15939 Process Activities and Tasks 54 Table 24: CERT-RMM Measurement and Analysis Process Area Goals and Practices 55 CMU/SEI

Health Information System in a Cloud Computing Context.

PubMed

Sadoughi, Farahnaz; Erfannia, Leila

2017-01-01

Healthcare as a worldwide industry is experiencing a period of growth based on health information technology. The capabilities of cloud systems make it as an option to develop eHealth goals. The main objectives of the present study was to evaluate the advantages and limitations of health information systems implementation in a cloud-computing context that was conducted as a systematic review in 2016. Science direct, Scopus, Web of science, IEEE, PubMed and Google scholar were searched according study criteria. Among 308 articles initially found, 21 articles were entered in the final analysis. All the studies had considered cloud computing as a positive tool to help advance health technology, but none had insisted too much on its limitations and threats. Electronic health record systems have been mostly studied in the fields of implementation, designing, and presentation of models and prototypes. According to this research, the main advantages of cloud-based health information systems could be categorized into the following groups: economic benefits and advantages of information management. The main limitations of the implementation of cloud-based health information systems could be categorized into the 4 groups of security, legal, technical, and human restrictions. Compared to earlier studies, the present research had the advantage of dealing with the issue of health information systems in a cloud platform. The high frequency of studies conducted on the implementation of cloud-based health information systems revealed health industry interest in the application of this technology. Security was a subject discussed in most studies due to health information sensitivity. In this investigation, some mechanisms and solutions were discussed concerning the mentioned systems, which would provide a suitable area for future scientific research on this issue. The limitations and solutions discussed in this systematic study would help healthcare managers and decision-makers take better and more efficient advantages of this technology and make better planning to adopt cloud-based health information systems.

[The comparative evaluation of level of security culture in medical organizations].

PubMed

Roitberg, G E; Kondratova, N V; Galanina, E V

2016-01-01

The study was carried out on the basis of clinic “Medicine” in 2014-2015 concerning security culture. The sampling included 465 filled HSPSC questionnaires. The comparative analysis of received was implemented. The “Zubovskaia district hospital” Having no accreditation according security standards and group of clinics from USA functioning for many years in the system of patient security support were selected as objects for comparison. The evaluation was implemented concerning dynamics of security culture in organization at implementation of strategies of security of patients during 5 years and comparison of obtained results with USA clinics was made. The study results demonstrated that in conditions of absence of implemented standards of security in medical organization total evaluation of security remains extremely low. The study of security culture using HSPSC questionnaire is an effective tool for evaluating implementation of various strategies of security ofpatient. The functioning in the system of international standards of quality, primarily JCI standards, permits during several years to achieve high indices of security culture.

45 CFR 164.500 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.500 Applicability. (a... implementation of the privacy standards. (2) When a health care clearinghouse creates or receives protected...

15 CFR 710.5 - Authority.

Code of Federal Regulations, 2012 CFR

2012-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.5 Authority. The CWCR (parts 710 through 729 of this subchapter) implement certain provisions of the Chemical Weapons Convention...

15 CFR 710.5 - Authority.

Code of Federal Regulations, 2013 CFR

2013-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.5 Authority. The CWCR (parts 710 through 729 of this subchapter) implement certain provisions of the Chemical Weapons Convention...

15 CFR 710.5 - Authority.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.5 Authority. The CWCR (parts 710 through 729 of this subchapter) implement certain provisions of the Chemical Weapons Convention...

15 CFR 710.5 - Authority.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.5 Authority. The CWCR (parts 710 through 729 of this subchapter) implement certain provisions of the Chemical Weapons Convention...

75 FR 5491 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-03

... nature and the sharing of DHS/ CBP--007 Border Crossing Information system of records information in... system of records also provides notice and transparency to the public as to nature and extent of the... integrity.'' United States v. Flores-Montano, 541 U.S. 149, 153 (2004). Indeed, ``the Government's interest...

Implementing the DoD Joint Operation Planning Process for Private Industry Enterprise Security

DTIC Science & Technology

2011-09-01

Standards Organization’s ( ISO ) ISO 27001 ( ISO 27002 defines the controls), and the IT Service Management Forum’s Information Technology Infrastructure...27001 certification. 24 Alberto Bastos and Rosangela Caubit, ISO 27001 and 27002 : Information...includes: 90,000 records lost from Booz Allen Hamilton; 90,000,000 26 ISO /IEC 27002 , 19 December

75 FR 70487 - Proposed Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-17

.... With this possible tension in mind, we have included provisions in the proposed rules intended not to... submission of high- quality tips and to enhance the utility of the information reported to the Commission. More frequent reporting of high-quality information promotes greater deterrence by enhancing the...

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

Experimental investigation of practical unforgeable quantum money

NASA Astrophysics Data System (ADS)

Bozzio, Mathieu; Orieux, Adeline; Trigo Vidarte, Luis; Zaquine, Isabelle; Kerenidis, Iordanis; Diamanti, Eleni

2018-01-01

Wiesner's unforgeable quantum money scheme is widely celebrated as the first quantum information application. Based on the no-cloning property of quantum mechanics, this scheme allows for the creation of credit cards used in authenticated transactions offering security guarantees impossible to achieve by classical means. However, despite its central role in quantum cryptography, its experimental implementation has remained elusive because of the lack of quantum memories and of practical verification techniques. Here, we experimentally implement a quantum money protocol relying on classical verification that rigorously satisfies the security condition for unforgeability. Our system exploits polarization encoding of weak coherent states of light and operates under conditions that ensure compatibility with state-of-the-art quantum memories. We derive working regimes for our system using a security analysis taking into account all practical imperfections. Our results constitute a major step towards a real-world realization of this milestone protocol.

Experimental plug and play quantum coin flipping.

PubMed

Pappa, Anna; Jouguet, Paul; Lawson, Thomas; Chailloux, André; Legré, Matthieu; Trinkler, Patrick; Kerenidis, Iordanis; Diamanti, Eleni

2014-04-24

Performing complex cryptographic tasks will be an essential element in future quantum communication networks. These tasks are based on a handful of fundamental primitives, such as coin flipping, where two distrustful parties wish to agree on a randomly generated bit. Although it is known that quantum versions of these primitives can offer information-theoretic security advantages with respect to classical protocols, a demonstration of such an advantage in a practical communication scenario has remained elusive. Here we experimentally implement a quantum coin flipping protocol that performs strictly better than classically possible over a distance suitable for communication over metropolitan area optical networks. The implementation is based on a practical plug and play system, developed by significantly enhancing a commercial quantum key distribution device. Moreover, we provide combined quantum coin flipping protocols that are almost perfectly secure against bounded adversaries. Our results offer a useful toolbox for future secure quantum communications.

Secure self-calibrating quantum random-bit generator

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fiorentino, M.; Santori, C.; Spillane, S. M.

2007-03-15

Random-bit generators (RBGs) are key components of a variety of information processing applications ranging from simulations to cryptography. In particular, cryptographic systems require 'strong' RBGs that produce high-entropy bit sequences, but traditional software pseudo-RBGs have very low entropy content and therefore are relatively weak for cryptography. Hardware RBGs yield entropy from chaotic or quantum physical systems and therefore are expected to exhibit high entropy, but in current implementations their exact entropy content is unknown. Here we report a quantum random-bit generator (QRBG) that harvests entropy by measuring single-photon and entangled two-photon polarization states. We introduce and implement a quantum tomographicmore » method to measure a lower bound on the 'min-entropy' of the system, and we employ this value to distill a truly random-bit sequence. This approach is secure: even if an attacker takes control of the source of optical states, a secure random sequence can be distilled.« less

Implementation of a Wireless Time Distribution Testbed Protected with Quantum Key Distribution

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bonior, Jason D; Evans, Philip G; Sheets, Gregory S

2017-01-01

Secure time transfer is critical for many timesensitive applications. the Global Positioning System (GPS) which is often used for this purpose has been shown to be susceptible to spoofing attacks. Quantum Key Distribution offers a way to securely generate encryption keys at two locations. Through careful use of this information it is possible to create a system that is more resistant to spoofing attacks. In this paper we describe our work to create a testbed which utilizes QKD and traditional RF links. This testbed will be used for the development of more secure and spoofing resistant time distribution protocols.

Development of CPR security using impact analysis.

PubMed Central

Salazar-Kish, J.; Tate, D.; Hall, P. D.; Homa, K.

2000-01-01

The HIPAA regulations will require that institutions ensure the prevention of unauthorized access to electronically stored or transmitted patient records. This paper discusses a process for analyzing the impact of security mechanisms on users of computerized patient records through "behind the scenes" electronic access audits. In this way, those impacts can be assessed and refined to an acceptable standard prior to implementation. Through an iterative process of design and evaluation, we develop security algorithms that will protect electronic health information from improper access, alteration or loss, while minimally affecting the flow of work of the user population as a whole. PMID:11079984

Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

PubMed

Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

2006-01-01

Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

On detection and visualization techniques for cyber security situation awareness

NASA Astrophysics Data System (ADS)

Yu, Wei; Wei, Shixiao; Shen, Dan; Blowers, Misty; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe; Zhang, Hanlin; Lu, Chao

2013-05-01

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

Using RFID to Enhance Security in Off-Site Data Storage

PubMed Central

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638

Using RFID to enhance security in off-site data storage.

PubMed

Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.

24-Hour Relativistic Bit Commitment.

PubMed

Verbanis, Ephanielle; Martin, Anthony; Houlmann, Raphaël; Boso, Gianluca; Bussières, Félix; Zbinden, Hugo

2016-09-30

Bit commitment is a fundamental cryptographic primitive in which a party wishes to commit a secret bit to another party. Perfect security between mistrustful parties is unfortunately impossible to achieve through the asynchronous exchange of classical and quantum messages. Perfect security can nonetheless be achieved if each party splits into two agents exchanging classical information at times and locations satisfying strict relativistic constraints. A relativistic multiround protocol to achieve this was previously proposed and used to implement a 2-millisecond commitment time. Much longer durations were initially thought to be insecure, but recent theoretical progress showed that this is not so. In this Letter, we report on the implementation of a 24-hour bit commitment solely based on timed high-speed optical communication and fast data processing, with all agents located within the city of Geneva. This duration is more than 6 orders of magnitude longer than before, and we argue that it could be extended to one year and allow much more flexibility on the locations of the agents. Our implementation offers a practical and viable solution for use in applications such as digital signatures, secure voting and honesty-preserving auctions.

Security Recommendations for mHealth Apps: Elaboration of a Developer's Guide.

PubMed

Morera, Enrique Pérez; de la Torre Díez, Isabel; Garcia-Zapirain, Begoña; López-Coronado, Miguel; Arambarri, Jon

2016-06-01

Being the third fastest-growing app category behind games and utilities, mHealth apps are changing the healthcare model, as medicine today involves the data they compile and analyse, information known as Big Data. However, the majority of apps are lacking in security when gathering and dealing with the information, which becomes a serious problem. This article presents a guide regarding security solution, intended to be of great use for developers of mHealth apps. In August 2015 current mobile health apps were sought out in virtual stores such as Android Google Play, Apple iTunes App Store etc., in order to classify them in terms of usefulness. After this search, the most widespread weaknesses in the field of security in the development of these mobile apps were examined, based on sources such as the "OWASP Mobile Security Project, the initiative recently launched by the Office of Civil Rights (OCR), and other articles of scientific interest. An informative, elemental guide has been created for the development of mHealth apps. It includes information about elements of security and its implementation on different levels for all types of mobile health apps based on the data that each app manipulates, the associated calculated risk as a result of the likelihood of occurrence and the threat level resulting from its vulnerabilities - high level (apps for monitoring, diagnosis, treatment and care) from 6 ≤ 9, medium level (calculator, localizer and alarm) from 3 ≤ 6 and low level (informative and educational apps) from 0 ≤ 3. The guide aims to guarantee and facilitate security measures in the development of mobile health applications by programmers unconnected to the ITC and professional health areas.

Privacy as an enabler, not an impediment: building trust into health information exchange.

PubMed

McGraw, Deven; Dempsey, James X; Harris, Leslie; Goldman, Janlori

2009-01-01

Building privacy and security protections into health information technology systems will bolster trust in such systems and promote their adoption. The privacy issue, too long seen as a barrier to electronic health information exchange, can be resolved through a comprehensive framework that implements core privacy principles, adopts trusted network design characteristics, and establishes oversight and accountability mechanisms. The public policy challenges of implementing this framework in a complex and evolving environment will require improvements to existing law, new rules for entities outside the traditional health care sector, a more nuanced approach to the role of consent, and stronger enforcement mechanisms.

An analysis of the management and leadership roles of nurses relative to the health insurance portability and accountability act.

PubMed

Kiel, Joan M

2015-01-01

Nurses have a great deal of interaction with patients. Given this, nurses play a vital role in conveying to patients knowledge of their privacy, security, and confidentiality of patient health information rights under the Health Insurance Portability and Accountability Act (HIPAA). Nurses also can be "at the head of the table" in their own organization and professional organizations in regard to facilitating the implementation of the HIPAA and making access to patient information more "consumer friendly." This article discusses the role that nurses can develop into concerning HIPAA implementation in an ever-burgeoning arena of consumer advocacy and consumer information.

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

NASA Technical Reports Server (NTRS)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto principle. Specifically, for all three datasets, from 86 to 88 the security related issues were located in two to four subsystems.- The severity levels of most security issues were moderate, in all three datasets.- Out of 21 primary security classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, these classes contributed from around 80 to 90 of all security issues in each dataset. This again proves the Pareto principle of uneven distribution of security issues, in this case across CWE classes, and supports the fact that addressing these dominant security classes provides the most cost efficient way to improve missions' security. The findings presented in this report uncovered the security vulnerability profiles and identified the common trends and dominant classes of security issues, which in turn can be used to select the most efficient secure design and coding best practices compiled by the part of the SARP project team associated with the NASA's Johnson Space Center. In addition, these findings provide valuable input to the NASA IVV initiative aimed at identification of the two 25 CWEs of ground and flight missions.

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

Implementation of Rivest Shamir Adleman Algorithm (RSA) and Vigenere Cipher In Web Based Information System

NASA Astrophysics Data System (ADS)

Aryanti, Aryanti; Mekongga, Ikhthison

2018-02-01

Data security and confidentiality is one of the most important aspects of information systems at the moment. One attempt to secure data such as by using cryptography. In this study developed a data security system by implementing the cryptography algorithm Rivest, Shamir Adleman (RSA) and Vigenere Cipher. The research was done by combining Rivest, Shamir Adleman (RSA) and Vigenere Cipher cryptographic algorithms to document file either word, excel, and pdf. This application includes the process of encryption and decryption of data, which is created by using PHP software and my SQL. Data encryption is done on the transmit side through RSA cryptographic calculations using the public key, then proceed with Vigenere Cipher algorithm which also uses public key. As for the stage of the decryption side received by using the Vigenere Cipher algorithm still use public key and then the RSA cryptographic algorithm using a private key. Test results show that the system can encrypt files, decrypt files and transmit files. Tests performed on the process of encryption and decryption of files with different file sizes, file size affects the process of encryption and decryption. The larger the file size the longer the process of encryption and decryption.

PREMIX: PRivacy-preserving EstiMation of Individual admiXture.

PubMed

Chen, Feng; Dow, Michelle; Ding, Sijie; Lu, Yao; Jiang, Xiaoqian; Tang, Hua; Wang, Shuang

2016-01-01

In this paper we proposed a framework: PRivacy-preserving EstiMation of Individual admiXture (PREMIX) using Intel software guard extensions (SGX). SGX is a suite of software and hardware architectures to enable efficient and secure computation over confidential data. PREMIX enables multiple sites to securely collaborate on estimating individual admixture within a secure enclave inside Intel SGX. We implemented a feature selection module to identify most discriminative Single Nucleotide Polymorphism (SNP) based on informativeness and an Expectation Maximization (EM)-based Maximum Likelihood estimator to identify the individual admixture. Experimental results based on both simulation and 1000 genome data demonstrated the efficiency and accuracy of the proposed framework. PREMIX ensures a high level of security as all operations on sensitive genomic data are conducted within a secure enclave using SGX.

The population health record: concepts, definition, design, and implementation.

PubMed

Friedman, Daniel J; Parrish, R Gibson

2010-01-01

In 1997, the American Medical Informatics Association proposed a US information strategy that included a population health record (PopHR). Despite subsequent progress on the conceptualization, development, and implementation of electronic health records and personal health records, minimal progress has occurred on the PopHR. Adapting International Organization for Standarization electronic health records standards, we define the PopHR as a repository of statistics, measures, and indicators regarding the state of and influences on the health of a defined population, in computer processable form, stored and transmitted securely, and accessible by multiple authorized users. The PopHR is based upon an explicit population health framework and a standardized logical information model. PopHR purpose and uses, content and content sources, functionalities, business objectives, information architecture, and system architecture are described. Barriers to implementation and enabling factors and a three-stage implementation strategy are delineated.

Information Technology: Critical Infrastructure and Key Resources Sector-Specific Plan as Input to the National Infrastructure Protection Plan

DTIC Science & Technology

2007-05-01

services by implementing a disaster recovery plan to restore an organization’s critical business functions. (DRII 2004). ISO 27001 An information...the International Organization for Standardization ( ISO )), the IT SSP bases the terms and definitions on those in the NIPP because the SSP is an annex...International Organization for Standardization/International Electrotechnical Commission ( ISO /IEC) 27000 Series, Information technology—Security

Analysis of CSIRT/SOC Incidents and Continuous Monitoring of Threats

NASA Technical Reports Server (NTRS)

Wang, John; Ishisoko, Katsutoshi C.

2012-01-01

Security Operations Centers (SOC) contain a wealth of data which, if properly classified and tagged upfront, can yield a wealth of real-time information about your organizations IT Security posture, risks, and threats. These include answers to relevant and actionable questions such as: What are our biggest threats? Who is attacking us and what do they want? What controls are working or not working? How effective was the new technology we just implemented? What is our ROI?

The Human Resources Management System: Part 1.

ERIC Educational Resources Information Center

Ceriello, Vincent R.

1982-01-01

Presents a systematic and disciplined approach to planning for the development and implementation of an information system which will collect, store, maintain, and report human resources data. Discusses guidelines, priorities, training requirements, security, auditing, interface with payroll, and personnel reporting. (CT)

32 CFR 2004.22 - Operational Responsibilities [202(a)].

Code of Federal Regulations, 2010 CFR

2010-07-01

...; (3) Sign agreements with the Department of Defense as the Executive Agent for industrial security services; and, (4) Ensure applicable department and agency personnel having NISP implementation... of the Director of National Intelligence (ODNI) for Sensitive Compartmented Information, and DOE for...

45 CFR 164.530 - Administrative requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

....530 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.530... privacy official who is responsible for the development and implementation of the policies and procedures...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

75 FR 19415 - Agency Information Collection Activities: Proposed Collection; Comment Request, 1660-0022...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-14

... implement practices, such as building codes and public education activities, that are considered to reduce..., Department of Homeland Security. [FR Doc. 2010-8496 Filed 4-13-10; 8:45 am] BILLING CODE 9110-11-P ...

78 FR 16699 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Executive Order \\1\\ to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

A Model Based Security Testing Method for Protocol Implementation

PubMed Central

Fu, Yu Long; Xin, Xiao Long

2014-01-01

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation. PMID:25105163

A model based security testing method for protocol implementation.

PubMed

Fu, Yu Long; Xin, Xiao Long

2014-01-01

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

An accountability server for health care information systems.

PubMed

Kowalski, S

1994-02-01

The paper starts off by first briefly discussing the necessary ethical, legal and administrative/management controls that are required before the mechanisms of accountability controls can be implemented in automated clinical patient record systems. After these social aspects are discussed the technical aspects of the ALS are outlined. The security concepts of the ECMA framework are reviewed and used to explain the technical design of the ALS. A walk-through of the server in a typical patient record transaction is used to explain the operations of the server. The paper concludes with a general discussion of the usefulness of accountability mechanisms in making security in health care information work in practice.

Protecting Sensitive Information in Directory Services Using Virtual Directories

NASA Astrophysics Data System (ADS)

Claycomb, William; Shin, Dongwan

Directory services are commonly used to store information related to individuals, and often act as a source for security services, such as authentication and access control, in collaborative applications within/across organizations. Hence, there is an urgent need to protect the sensitive information they contain. Existing solutions offer minimal protection against insider attacks, a growing threat to both government and industry data services. In this paper we present a solution for data protection that leverages virtual directories and data encryption to provide a user-centric approach to data protection, delegation, and collaboration. A security architecture is presented, along with the discussion of the benefits and vulnerabilities of our approach. We also discuss a proof-of-concept implementation and performance testing results.

49 CFR 1548.5 - Adoption and implementation of the security program.

Code of Federal Regulations, 2014 CFR

2014-10-01

... carrier having a security program must: (1) Maintain an original of the security program at its corporate... 49 Transportation 9 2014-10-01 2014-10-01 false Adoption and implementation of the security...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY INDIRECT AIR...

49 CFR 1548.5 - Adoption and implementation of the security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... carrier having a security program must: (1) Maintain an original of the security program at its corporate... 49 Transportation 9 2010-10-01 2010-10-01 false Adoption and implementation of the security...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY INDIRECT AIR...

49 CFR 1548.5 - Adoption and implementation of the security program.

Code of Federal Regulations, 2013 CFR

2013-10-01

... carrier having a security program must: (1) Maintain an original of the security program at its corporate... 49 Transportation 9 2013-10-01 2013-10-01 false Adoption and implementation of the security...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY INDIRECT AIR...

49 CFR 1548.5 - Adoption and implementation of the security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... carrier having a security program must: (1) Maintain an original of the security program at its corporate... 49 Transportation 9 2011-10-01 2011-10-01 false Adoption and implementation of the security...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY INDIRECT AIR...

Protecting HIV information in countries scaling up HIV services: a baseline study.

PubMed

Beck, Eduard J; Mandalia, Sundhiya; Harling, Guy; Santas, Xenophon M; Mosure, Debra; Delay, Paul R

2011-02-06

Individual-level data are needed to optimize clinical care and monitor and evaluate HIV services. Confidentiality and security of such data must be safeguarded to avoid stigmatization and discrimination of people living with HIV. We set out to assess the extent that countries scaling up HIV services have developed and implemented guidelines to protect the confidentiality and security of HIV information. Questionnaires were sent to UNAIDS field staff in 98 middle- and lower-income countries, some reportedly with guidelines (G-countries) and others intending to develop them (NG-countries). Responses were scored, aggregated and weighted to produce standard scores for six categories: information governance, country policies, data collection, data storage, data transfer and data access. Responses were analyzed using regression analyses for associations with national HIV prevalence, gross national income per capita, OECD income, receiving US PEPFAR funding, and being a G- or NG-country. Differences between G- and NG-countries were investigated using non-parametric methods. Higher information governance scores were observed for G-countries compared with NG-countries; no differences were observed between country policies or data collection categories. However, for data storage, data transfer and data access, G-countries had lower scores compared with NG-countries. No significant associations were observed between country score and HIV prevalence, per capita gross national income, OECD economic category, and whether countries had received PEPFAR funding. Few countries, including G-countries, had developed comprehensive guidelines on protecting the confidentiality and security of HIV information. Countries must develop their own guidelines, using established frameworks to guide their efforts, and may require assistance in adapting, adopting and implementing them.

Unconditional security from noisy quantum storage

NASA Astrophysics Data System (ADS)

Wehner, Stephanie

2010-03-01

We consider the implementation of two-party cryptographic primitives based on the sole physical assumption that no large-scale reliable quantum storage is available to the cheating party. An important example of such a task is secure identification. Here, Alice wants to identify herself to Bob (possibly an ATM machine) without revealing her password. More generally, Alice and Bob wish to solve problems where Alice holds an input x (e.g. her password), and Bob holds an input y (e.g. the password an honest Alice should possess), and they want to obtain the value of some function f(x,y) (e.g. the equality function). Security means that the legitimate users should not learn anything beyond this specification. That is, Alice should not learn anything about y and Bob should not learn anything about x, other than what they may be able to infer from the value of f(x,y). We show that any such problem can be solved securely in the noisy-storage model by constructing protocols for bit commitment and oblivious transfer, where we prove security against the most general attack. Our protocols can be implemented with present-day hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties. Our work raises a large number of immediate theoretical as well as experimental questions related to many aspects of quantum information science, such as for example understanding the information carrying properties of quantum channels and memories, randomness extraction, min-entropy sampling, as well as constructing small handheld devices which are suitable for the task of secure identification. [4pt] Full version available at arXiv:0906.1030 (theoretical) and arXiv:0911.2302 (practically oriented).

A Graph Theory Practice on Transformed Image: A Random Image Steganography

PubMed Central

Thanikaiselvan, V.; Arulmozhivarman, P.; Subashanthini, S.; Amirtharajan, Rengarajan

2013-01-01

Modern day information age is enriched with the advanced network communication expertise but unfortunately at the same time encounters infinite security issues when dealing with secret and/or private information. The storage and transmission of the secret information become highly essential and have led to a deluge of research in this field. In this paper, an optimistic effort has been taken to combine graceful graph along with integer wavelet transform (IWT) to implement random image steganography for secure communication. The implementation part begins with the conversion of cover image into wavelet coefficients through IWT and is followed by embedding secret image in the randomly selected coefficients through graph theory. Finally stegoimage is obtained by applying inverse IWT. This method provides a maximum of 44 dB peak signal to noise ratio (PSNR) for 266646 bits. Thus, the proposed method gives high imperceptibility through high PSNR value and high embedding capacity in the cover image due to adaptive embedding scheme and high robustness against blind attack through graph theoretic random selection of coefficients. PMID:24453857

Draft secure medical database standard.

PubMed

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

6 CFR 27.115 - Implementation.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Implementation. 27.115 Section 27.115 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS General § 27.115 Implementation. The Assistant Secretary may implement the section 550 program in...

6 CFR 27.115 - Implementation.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Implementation. 27.115 Section 27.115 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS General § 27.115 Implementation. The Assistant Secretary may implement the section 550 program in...

6 CFR 27.115 - Implementation.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Implementation. 27.115 Section 27.115 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS General § 27.115 Implementation. The Assistant Secretary may implement the section 550 program in...

6 CFR 27.115 - Implementation.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Implementation. 27.115 Section 27.115 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS General § 27.115 Implementation. The Assistant Secretary may implement the Section 550 program in...

6 CFR 27.115 - Implementation.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Implementation. 27.115 Section 27.115 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS General § 27.115 Implementation. The Assistant Secretary may implement the section 550 program in...

Protecting clinical data in PACS, teleradiology systems, and research environments

NASA Astrophysics Data System (ADS)

Meissner, Marion C.; Collmann, Jeff R.; Tohme, Walid G.; Mun, Seong K.

1997-05-01

As clinical data is more widely stored in electronic patient record management systems and transmitted over the Internet and telephone lines, it becomes more accessible and therefore more useful, but also more vulnerable. Computer systems such as PACS, telemedicine applications, and medical research networks must protect against accidental or deliberate modification, disclosure, and violation of patient confidentiality in order to be viable. Conventional wisdom in the medical field and among lawmakers legislating the use of electronic medical records suggests that, although it may improve access to information, an electronic medical record cannot be as secure as a traditional paper record. This is not the case. Information security is a well-developed field in the computer and communications industry. If medical information systems, such as PACS, telemedicine applications, and research networks, properly apply information security techniques, they can ensure the accuracy and confidentiality of their patient information and even improve the security of their data over a traditional paper record. This paper will elaborate on some of these techniques and discuss how they can be applied to medical information systems. The following systems will be used as examples for the analysis: a research laboratory at Georgetown University Medical Center, the Deployable Radiology system installed to support the US Army's peace- keeping operation in Bosnia, a kidney dialysis telemedicine system in Washington, D.C., and various experiences with implementing and integrating PACS.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

A Formal Integrity Framework with Application to a Secure Information ATM (SIATM)

DTIC Science & Technology

2012-10-01

work on Integrity and resultant implementations seems to have focussed more on a matters related to source authentication and transmission assurance...to have focussed more on a matters related to source authentication and transmission assurance. However, the quality of data aspect is becoming more...implementations seems to have focussed more on matters related to source authentication and transmission assur- ance, for which there is a

What Practices in Airport Security Should the United States Implement at Commercial Airports in Light of the Events of September 11, 2001?

DTIC Science & Technology

2002-06-01

NAVAL POSTGRADUATE SCHOOL Monterey, California THESIS WHAT PRACTICES IN AIRPORT SECURITY SHOULD THE UNITED STATES IMPLEMENT AT...COVERED Master’s Thesis 4. TITLE AND SUBTITLE What Practices in Airport Security Should the United States Implement at Commercial...complacency and conflicts of interest. 14. SUBJECT TERMS Airport Security , Aviation Security Systems, Terrorism, Hijacking

Information system equality for food security--implementation of the food safety control system in Taiwan.

PubMed

Chen, Shaun C; Hsu, Guoo-Shyng Wang; Chiu, Chihwei P

2009-01-01

Food security plays a central role in governing agricultural policies in Taiwan. In addition to overuse or the illegal use of pesticide, meat leanness promoters, animal drugs and melamine in the food supply; as well as foodborne illness draws the greatest public concern due to incidents that occur every year in Taiwan. The present report demonstrates the implementation of a food safety control system in Taiwan. In order to control foodborne outbreaks effectively, the central government of the Department of Health of Taiwan launched the food safety control system which includes both the good hygienic practice (GHP) and the HACCP plan, in the last decade. From 1998 to the present, 302 food affiliations that implemented the system have been validated and accredited by a well-established audit system. The implementation of a food safety control system in compliance with international standards is of crucial importance to ensure complete safety and the high quality of foods, not only for domestic markets, but also for international trade.

Measurement-Device-Independent Quantum Cryptography

NASA Astrophysics Data System (ADS)

Tang, Zhiyuan

Quantum key distribution (QKD) enables two legitimate parties to share a secret key even in the presence of an eavesdropper. The unconditional security of QKD is based on the fundamental laws of quantum physics. Original security proofs of QKD are based on a few assumptions, e.g., perfect single photon sources and perfect single-photon detectors. However, practical implementations of QKD systems do not fully comply with such assumptions due to technical limitations. The gap between theory and implementations leads to security loopholes in most QKD systems, and several attacks have been launched on sophisticated QKD systems. Particularly, the detectors have been found to be the most vulnerable part of QKD. Much effort has been put to build side-channel-free QKD systems. Solutions such as security patches and device-independent QKD have been proposed. However, the former are normally ad-hoc, and cannot close unidentified loopholes. The latter, while having the advantages of removing all assumptions on devices, is impractical to implement today. Measurement-device-independent QKD (MDI-QKD) turns out to be a promising solution to the security problem of QKD. In MDI-QKD, all security loopholes, including those yet-to-be discovered, have been removed from the detectors, the most critical part in QKD. In this thesis, we investigate issues related to the practical implementation and security of MDI-QKD. We first present a demonstration of polarization-encoding MDI-QKD. Taking finite key effect into account, we achieve a secret key rate of 0.005 bit per second (bps) over 10 km spooled telecom fiber, and a 1600-bit key is distributed. This work, together with other demonstrations, shows the practicality of MDI-QKD. Next we investigate a critical assumption of MDI-QKD: perfect state preparation. We apply the loss-tolerant QKD protocol and adapt it to MDI-QKD to quantify information leakage due to imperfect state preparation. We then present an experimental demonstration of MDI-QKD over 10 km and 40 km of spooled fiber, which for the first time considers the impact of inaccurate polarization state preparation on the secret key rate. This would not have been possible under previous security proofs, given the same amount of state preparation flaws.

Beyond grid security

NASA Astrophysics Data System (ADS)

Hoeft, B.; Epting, U.; Koenig, T.

2008-07-01

While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls.

The Design and Implementation of a Low Cost and High Security Smart Home System Based on Wi-Fi and SSL Technologies

NASA Astrophysics Data System (ADS)

Xu, Chong-Yao; Zheng, Xin; Xiong, Xiao-Ming

2017-02-01

With the development of Internet of Things (IoT) and the popularity of intelligent mobile terminals, smart home system has come into people’s vision. However, due to the high cost, complex installation and inconvenience, as well as network security issues, smart home system has not been popularized. In this paper, combined with Wi-Fi technology, Android system, cloud server and SSL security protocol, a new set of smart home system is designed, with low cost, easy operation, high security and stability. The system consists of Wi-Fi smart node (WSN), Android client and cloud server. In order to reduce system cost and complexity of the installation, each Wi-Fi transceiver, appliance control logic and data conversion in the WSN is setup by a single chip. In addition, all the data of the WSN can be uploaded to the server through the home router, without having to transit through the gateway. All the appliance status information and environmental information are preserved in the cloud server. Furthermore, to ensure the security of information, the Secure Sockets Layer (SSL) protocol is used in the WSN communication with the server. What’s more, to improve the comfort and simplify the operation, Android client is designed with room pattern to control home appliances more realistic, and more convenient.

Effectiveness of the Civil Aviation Security Program.

DTIC Science & Technology

1980-05-22

SECURITY. - CONTINUED TRAINING OF LAW ENFORCEMENT OFFICERS SUPPORTING AIRPORT SECURITY ACTIVITIES. - SECURITY PROGRAMS IMPLEMENTED BY AIR FREIGHT...cooperation by all concerned. (See Exhibit 14) Airport Security - Ongoing activities which contributed significantly to airport security included full...implementation of the revised Federal Aviation Regulations (FAR) Part 107 governing airport security , training of law enforcement officers supporting

Surveillance data management system

NASA Astrophysics Data System (ADS)

Teague, Ralph

2002-10-01

On October 8, 2001, an Executive Order was signed creating the White House Office of Homeland Security. With its formaiton comes focused attention in setting goals and priorities for homeland security. Analysis, preparation, and implementation of strategies will hinge not only on how information is collected and analyzed, but more important, on how it is coordinated and shared. Military installations/facilities, Public safety agencies, airports, federal and local offices, public utilities, harbors, transportation and others critical areas must work either independently or as a team to ensure the safety of our citizens and visitor. In this new era of increased security, the key to interoperation is continuous information exchanged-events must be rapidly identified, reported and responded to by the appropriate agencies. For instance when a threat has been detected the security officers must be immediately alerted and must have access to the type of threat, location, movement, heading, threat size, etc to respond accordingly and the type of support required. This requires instant communications and teamwork with reliable and flexible technology.

15 CFR 710.2 - Scope of the CWCR.

Code of Federal Regulations, 2012 CFR

2012-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.2 Scope of the CWCR. The Chemical Weapons Convention Regulations (parts 710 through 729 of this subchapter), or CWCR, implement...

15 CFR 710.2 - Scope of the CWCR.

Code of Federal Regulations, 2013 CFR

2013-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.2 Scope of the CWCR. The Chemical Weapons Convention Regulations (parts 710 through 729 of this subchapter), or CWCR, implement...

15 CFR 710.2 - Scope of the CWCR.

Code of Federal Regulations, 2014 CFR

2014-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.2 Scope of the CWCR. The Chemical Weapons Convention Regulations (parts 710 through 729 of this subchapter), or CWCR, implement...

15 CFR 710.2 - Scope of the CWCR.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE CHEMICAL WEAPONS CONVENTION REGULATIONS GENERAL INFORMATION AND OVERVIEW OF THE CHEMICAL WEAPONS CONVENTION REGULATIONS (CWCR) § 710.2 Scope of the CWCR. The Chemical Weapons Convention Regulations (parts 710 through 729 of this subchapter), or CWCR, implement...

32 CFR 2400.9 - Classification requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

....9 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... unauthorized disclosure as determined by the Director, Office of Science and Technology Policy. Each such...