The impact of secure messaging on workflow in primary care: Results of a multiple-case, multiple-method study.

PubMed

Hoonakker, Peter L T; Carayon, Pascale; Cartmill, Randi S

2017-04-01

Secure messaging is a relatively new addition to health information technology (IT). Several studies have examined the impact of secure messaging on (clinical) outcomes but very few studies have examined the impact on workflow in primary care clinics. In this study we examined the impact of secure messaging on workflow of clinicians, staff and patients. We used a multiple case study design with multiple data collections methods (observation, interviews and survey). Results show that secure messaging has the potential to improve communication and information flow and the organization of work in primary care clinics, partly due to the possibility of asynchronous communication. However, secure messaging can also have a negative effect on communication and increase workload, especially if patients send messages that are not appropriate for the secure messaging medium (for example, messages that are too long, complex, ambiguous, or inappropriate). Results show that clinicians are ambivalent about secure messaging. Secure messaging can add to their workload, especially if there is high message volume, and currently they are not compensated for these activities. Staff is -especially compared to clinicians- relatively positive about secure messaging and patients are overall very satisfied with secure messaging. Finally, clinicians, staff and patients think that secure messaging can have a positive effect on quality of care and patient safety. Secure messaging is a tool that has the potential to improve communication and information flow. However, the potential of secure messaging to improve workflow is dependent on the way it is implemented and used. Copyright © 2017 Elsevier B.V. All rights reserved.

Health Information Security in Hospitals: the Application of Security Safeguards.

PubMed

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

A security scheme of SMS system

NASA Astrophysics Data System (ADS)

Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

2005-02-01

With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

Improving Information Security Risk Management

ERIC Educational Resources Information Center

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

Competitive Cyber-Insurance and Internet Security

NASA Astrophysics Data System (ADS)

Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Usage of information safety requirements in improving tube bending process

NASA Astrophysics Data System (ADS)

Livshitz, I. I.; Kunakov, E.; Lontsikh, P. A.

2018-05-01

This article is devoted to an improvement of the technological process's analysis with the information security requirements implementation. The aim of this research is the competition increase analysis in aircraft industry enterprises due to the information technology implementation by the example of the tube bending technological process. The article analyzes tube bending kinds and current technique. In addition, a potential risks analysis in a tube bending technological process is carried out in terms of information security.

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Security of Data, Stored in Information Systems of Bulgarian Municipal Administrations

NASA Astrophysics Data System (ADS)

Kapralyakov, Petko

2011-12-01

Massive influx of information technology in municipal administrations increases their efficiency in delivering public services but increased the risk of theft of confidential information electronically. The report proposed an approach for improving information security for small municipal governments in Bulgaria through enhanced intrusion detection and prevention system.

Report: Improvements Needed in Key EPA Information System Security Practices

EPA Pesticide Factsheets

Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

[The Explore of the Security Strategy Model in Hospital Mobile Clinic New Mode].

PubMed

Li, Ke; Xia, Yong; Wang, Wei

2016-03-01

The paper elaborates and analyzes the current status of mobile hospital information security, then puts forward a security new model of the mobile treatment, then its architecture and solutions is elaborated. The use of this model makes the overall security level of hospital information to be further improved and enhanced, it has a positive signifi cance to promote the overal hospital management level.

Exploring Factors Influencing Self-Efficacy in Information Security an Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies

ERIC Educational Resources Information Center

Reddy, Dinesh Sampangirama

2017-01-01

Cybersecurity threats confront the United States on a daily basis, making them one of the major national security challenges. One approach to meeting these challenges is to improve user cybersecurity behavior. End user security behavior hinges on end user acceptance and use of the protective information technologies such as anti-virus and…

Retail E-Commerce Security Status among Fortune 500 Corporations

ERIC Educational Resources Information Center

Zhao, Jensen J.; Zhao, Sherry Y.

2012-01-01

The authors assessed the "Fortune 500" corporations' retail e-commerce security to identify their strengths and weaknesses for improvement. They used online content analysis, information security auditing, and network security mapping for data collection and analysis. The findings indicate that most sites posted security policies; however, only…

Practices in security and confidentiality of HIV/AIDS patients' information: A national survey among staff at HIV outpatient clinics in Vietnam.

PubMed

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan; Kaewkungwal, Jaranit

2017-01-01

Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44-9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39-11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36-11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93-10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29-3.65). Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information.

Automated Information Security Will Not Improve until Effectively Supported by IRM.

ERIC Educational Resources Information Center

Chick, Morey J.

1989-01-01

The first of two articles on the nature of the growing problem of automated information systems security, especially in the federal government, this article presents a brief history of the problem and describes the need for integrating security activities into overall policies and programs to help reduce system vulnerabilities and risks. (23…

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

PubMed

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Supplemental nutrition assistance program participation and child food security.

PubMed

Mabli, James; Worthington, Julie

2014-04-01

This article investigates the association between Supplemental Nutrition Assistance Program (SNAP) participation and child food security by using data from the largest national survey of the food security of SNAP participants to date. The analysis used a survey of nearly 3000 households with children and a quasi-experimental research design that consisted of 2 sets of comparisons. Using a cross-sectional sample, we compared information collected from SNAP households within days of program entry with information collected from a contemporaneous sample of SNAP households that had participated for ∼6 months. Next, by using a longitudinal sample, we compared baseline information collected from new-entrant SNAP households with information from those same households 6 months later. Multivariate logistic regression analysis was used to estimate associations between SNAP and child food security. SNAP participation was associated with an approximately one-third decrease in the odds of children being food insecure in both samples. In the cross-sectional analysis only, SNAP was also associated with a decrease in the odds of children experiencing severe food insecurity (designated very low food security). Findings were qualitatively robust to different empirical specifications. After controlling for other possible confounders, we found children in households that had participated in SNAP for 6 months experienced improvements in food security. On the basis of these findings, we conclude SNAP serves a vital role in improving the health and well-being of low-income children by increasing food security. Future research is needed to determine whether specific groups of children experience differential improvements in food security.

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

Notification: Follow-up Review of EPA’s Classification of National Security Information

EPA Pesticide Factsheets

Project #OPE-FY15-0057, July 20, 2015. The EPA OIG plans to begin preliminary research on the OARM actions taken to improve policies and procedures related to the classification of national security information.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

Performance of device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Cao, Zhu; Zhao, Qi; Ma, Xiongfeng

2016-07-01

Quantum key distribution provides information-theoretically-secure communication. In practice, device imperfections may jeopardise the system security. Device-independent quantum key distribution solves this problem by providing secure keys even when the quantum devices are untrusted and uncharacterized. Following a recent security proof of the device-independent quantum key distribution, we improve the key rate by tightening the parameter choice in the security proof. In practice where the system is lossy, we further improve the key rate by taking into account the loss position information. From our numerical simulation, our method can outperform existing results. Meanwhile, we outline clear experimental requirements for implementing device-independent quantum key distribution. The maximal tolerable error rate is 1.6%, the minimal required transmittance is 97.3%, and the minimal required visibility is 96.8 % .

Report: Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2006-S-00008, September 25, 2006. Although the Agency has made substantial progress to improve its security program, the OIG identified weaknesses in the Agency’s incident reporting practices.

Practices in security and confidentiality of HIV/AIDS patients’ information: A national survey among staff at HIV outpatient clinics in Vietnam

PubMed Central

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan

2017-01-01

Introduction Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. Methods A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. Results In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44–9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39–11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36–11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93–10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29–3.65). Conclusions Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information. PMID:29136017

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

CMMI(Registered) for Acquisition, Version 1.3. CMMI-ACQ, V1.3

DTIC Science & Technology

2010-11-01

and Software Engineering – System Life Cycle Processes [ ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information...International Organization for Standardization and International Electrotechnical Commission. ISO /IEC 27001 Information Technology – Security Techniques...International Organization for Standardization/International Electrotechnical Commission ( ISO /IEC) body of standards. CMMs focus on improving processes

Complex method to calculate objective assessments of information systems protection to improve expert assessments reliability

NASA Astrophysics Data System (ADS)

Abdenov, A. Zh; Trushin, V. A.; Abdenova, G. A.

2018-01-01

The paper considers the questions of filling the relevant SIEM nodes based on calculations of objective assessments in order to improve the reliability of subjective expert assessments. The proposed methodology is necessary for the most accurate security risk assessment of information systems. This technique is also intended for the purpose of establishing real-time operational information protection in the enterprise information systems. Risk calculations are based on objective estimates of the adverse events implementation probabilities, predictions of the damage magnitude from information security violations. Calculations of objective assessments are necessary to increase the reliability of the proposed expert assessments.

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

NASA Astrophysics Data System (ADS)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

An Undergraduate Information Security Program: More than a Curriculum

ERIC Educational Resources Information Center

Woodward, Belle; Imboden, Thomas; Martin, Nancy L.

2013-01-01

This paper describes the implementation of an information security program at a large Midwestern university. The initial work is briefly summarized and improvements that have occurred over time are described. Current activities and future plans are discussed. This paper offers insight and lessons learned for organizations that have or are…

Supplemental Nutrition Assistance Program participation is associated with an increase in household food security in a national evaluation.

PubMed

Mabli, James; Ohls, Jim

2015-02-01

The Supplemental Nutrition Assistance Program (SNAP) provides nutrition assistance benefits to low-income families in an effort to reduce hunger and improve health and well-being. Because 1 in 7 Americans participate in the program each month, policymakers need to know whether the program is meeting these objectives effectively. The objective of this study was to estimate the association between SNAP participation and household food security using recent data from the largest national survey of the food security of SNAP participants to date. The analysis used a survey of nearly 6500 households and a quasi-experimental research design that consisted of 2 sets of comparisons. Using a cross-sectional sample, we compared information collected from SNAP households within days of program entry with information collected from a contemporaneous sample of SNAP households that had participated for ∼6 mo. Next, using a longitudinal sample, we compared baseline information collected from new-entrant SNAP households with information from those same households 6 mo later. Multivariate logistic regression analysis was used to estimate associations between SNAP and household food security. SNAP participation decreased the percentage of SNAP households that were food insecure in both samples by 6-17%. SNAP participation also decreased the percentage of households experiencing severe food insecurity--designated very low food security--by 12-19%. Findings were qualitatively robust to different empirical specifications. SNAP serves a vital role in improving the health and well-being of households by increasing food security. Given recent legislation to reduce program size and limit program eligibility, this study underscores SNAP's continued importance in affecting households' well-being. Future research is needed to determine whether specific groups of households experience differential improvements in food security. © 2015 American Society for Nutrition.

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Booker, Paul M.; Maple, Scott A.

2010-06-08

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a causemore » add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.« less

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

ERIC Educational Resources Information Center

Maar, Michael C.

2013-01-01

This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

Do You Ignore Information Security in Your Journal Website?

PubMed

Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

2017-08-01

Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

When Information Improves Information Security

NASA Astrophysics Data System (ADS)

Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

Enhancing security and improving interoperability in healthcare information systems.

PubMed

Gritzalis, D A

1998-01-01

Security is a key issue in healthcare information systems, since most aspects of security become of considerable or even critical importance when handling healthcare information. In addition, the intense need for information exchange has revealed interoperability of systems and applications as another key issue. Standardization can play an important role towards both these issues. In this paper, relevant standardization activities are briefly presented, and existing and emerging healthcare information security standards are identified and critically analysed. The analysis is based on a framework which has been developed for this reason. Therefore, the identification of gaps and inconsistencies in current standardization, the description of the conflicts of standards with legislation, and the analysis of implications of these standards to user organizations, are the main results of this paper.

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Information Assurance in Saudi Organizations - An Empirical Study

NASA Astrophysics Data System (ADS)

Nabi, Syed Irfan; Mirza, Abdulrahman A.; Alghathbar, Khaled

This paper presents selective results of a survey conducted to find out the much needed insight into the status of information security in Saudi Arabian organizations. The purpose of this research is to give the state of information assurance in the Kingdom and to better understand the prevalent ground realities. The survey covered technical aspects of information security, risk management and information assurance management. The results provide deep insights in to the existing level of information assurance in various sectors that can be helpful in better understanding the intricate details of the prevalent information security in the Kingdom. Also, the results can be very useful for information assurance policy makers in the government as well as private sector organizations. There are few empirical studies on information assurance governance available in literature, especially about the Middle East and Saudi Arabia, therefore, the results are invaluable for information security researchers in improving the understanding of information assurance in this region and the Kingdom.

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Shannon

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, andmore » proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.« less

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

PubMed

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

An information hiding method based on LSB and tent chaotic map

NASA Astrophysics Data System (ADS)

Song, Jianhua; Ding, Qun

2011-06-01

In order to protect information security more effectively, a novel information hiding method based on LSB and Tent chaotic map was proposed, first the secret message is Tent chaotic encrypted, and then LSB steganography is executed for the encrypted message in the cover-image. Compared to the traditional image information hiding method, the simulation results indicate that the method greatly improved in imperceptibility and security, and acquired good results.

The effects of community-wide dissemination of information on perceptions of palliative care, knowledge about opioids, and sense of security among cancer patients, their families, and the general public.

PubMed

Akiyama, Miki; Hirai, Kei; Takebayashi, Toru; Morita, Tatsuya; Miyashita, Mitsunori; Takeuchi, Ayano; Yamagishi, Akemi; Kinoshita, Hiroya; Shirahige, Yutaka; Eguchi, Kenji

2016-01-01

Prejudices against palliative care are a potential barrier to quality end-of-life care. There have been few large-scale community-wide interventions to distribute appropriate information about palliative care, and no studies have investigated their impact on cancer patients, their families, and the general public. Thus, we conducted a 3-year community intervention and evaluated the effects of distributing such information at the community level, and explored associations among levels of exposure, perceptions, knowledge, and the sense of security achieved. Over a period of 3 years, we provided flyers, booklets, posters, and public lectures about palliative care in four regions of Japan, and carried out pre- and post-intervention surveys with repeated cross-sectional samplings of cancer patients (pre 859, post 857), bereaved family members (1110, 1137), and the general public (3984, 1435). The levels of exposure to the provided information were measured by a multiple-choice questionnaire after intervention. Multiple logistic regression analyses were used to estimate multivariable-adjusted odds ratios (ORs) for perceptions of palliative care, knowledge about opioids, and sense of security among the exposure groups. Overall perceptions of palliative care, opioids, and receiving care at home improved significantly among the general public and families, but not among the patients at the community level. However, multiple regression revealed that patients of extensive exposure category had significantly more positive perceptions of palliative care to those of non-exposure category (p = 0.02). The sense of security regarding cancer care of all patients, family members, and the general public improved. Among others, the respondents who reported extensive exposure in the general public and family members scored significantly higher sense of security. Our findings indicate that providing palliative care information via small media and lectures in the community is effective in improving perceptions of palliative care and knowledge about opioids among the community dwellers, especially for caregivers of the patients. The acquisition of adequate knowledge about palliative care from various information sources may improve people's sense of security regarding cancer.

Reducing security risk using data loss prevention technology.

PubMed

Beeskow, John

2015-11-01

Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

PubMed Central

2016-01-01

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes. PMID:27655001

Health information security: a case study of three selected medical centers in iran.

PubMed

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-03-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

Health Information Security: A Case Study of Three Selected Medical Centers in Iran

PubMed Central

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-01-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

PubMed

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

PubMed

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

Constructing RBAC Based Security Model in u-Healthcare Service Platform

PubMed Central

Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

2015-01-01

In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

Constructing RBAC based security model in u-healthcare service platform.

PubMed

Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

2015-01-01

In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

Towards improving software security by using simulation to inform requirements and conceptual design

DOE PAGES

Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

2015-06-17

We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Counterfeit Compliance with the HIPAA Security Rule: A Study of Information System Success

ERIC Educational Resources Information Center

Johnson, James R.

2013-01-01

The intent of the security standards adopted by the Department of Health and Human Services (DHS) implementing some of the requirements of the Administrative Simplification (AS) subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was to improve Federal and private health care programs and to improve the…

Developing the security culture at the SEISMED Reference Centres.

PubMed

Fowler, J

1996-01-01

The paper gives a brief summary of the SEISMED project and the particular role played by the Reference Centres. Details are given of the hardware and application systems in use in the Royal Hospitals (NHS) Trust (RHT), one of the SEISMED Reference Centres. It proposes, without verification, a definition of a Security Culture based on three criteria. These are suggested to be the "Awareness" the "Acceptance" and the "Actions" of the management and staff to improve Information Systems Security throughout the RHT. The way that "Awareness" was increased is shown by the specific initiatives commenced as a result of a CRAMM Risk Analysis and the management and staff training programmes. The specific initiatives mentioned include, an Information Systems Security Policy, a contingency and disaster recovery plan, improvements in the physical protection of equipment and changes to the method of access control. The "Acceptance" by the staff of these measures is considered and the success or failure of "Developing A Security Culture" examined. The role of SEISMED in this process is assessed.

The security concern on internet banking adoption among Malaysian banking customers.

PubMed

Sudha, Raju; Thiagarajan, A S; Seetharaman, A

2007-01-01

The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.

High security chaotic multiple access scheme for visible light communication systems with advanced encryption standard interleaving

NASA Astrophysics Data System (ADS)

Qiu, Junchao; Zhang, Lin; Li, Diyang; Liu, Xingcheng

2016-06-01

Chaotic sequences can be applied to realize multiple user access and improve the system security for a visible light communication (VLC) system. However, since the map patterns of chaotic sequences are usually well known, eavesdroppers can possibly derive the key parameters of chaotic sequences and subsequently retrieve the information. We design an advanced encryption standard (AES) interleaving aided multiple user access scheme to enhance the security of a chaotic code division multiple access-based visible light communication (C-CDMA-VLC) system. We propose to spread the information with chaotic sequences, and then the spread information is interleaved by an AES algorithm and transmitted over VLC channels. Since the computation complexity of performing inverse operations to deinterleave the information is high, the eavesdroppers in a high speed VLC system cannot retrieve the information in real time; thus, the system security will be enhanced. Moreover, we build a mathematical model for the AES-aided VLC system and derive the theoretical information leakage to analyze the system security. The simulations are performed over VLC channels, and the results demonstrate the effectiveness and high security of our presented AES interleaving aided chaotic CDMA-VLC system.

Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Water Security

NASA Technical Reports Server (NTRS)

Hakimdavar, Raha; Wood, Danielle; Eylander, John; Peters-Lidard, Christa; Smith, Jane; Doorn, Brad; Green, David; Hummel, Corey; Moore, Thomas C.

2018-01-01

River basins for which transboundary coordination and governance is a factor are of concern to US national security, yet there is often a lack of sufficient data-driven information available at the needed time horizons to inform transboundary water decision-making for the intelligence, defense, and foreign policy communities. To address this need, a two-day workshop entitled Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Global Water Security was held in August 2017 in Maryland. The committee that organized and convened the workshop (the Organizing Committee) included representatives from the National Aeronautics and Space Administration (NASA), the US Army Corps of Engineers Engineer Research and Development Center (ERDC), and the US Air Force. The primary goal of the workshop was to advance knowledge on the current US Government and partners' technical information needs and gaps to support national security interests in relation to transboundary water. The workshop also aimed to identify avenues for greater communication and collaboration among the scientific, intelligence, defense, and foreign policy communities. The discussion around transboundary water was considered in the context of the greater global water challenges facing US national security.

Association between household food security and infant feeding practices in urban informal settlements in Nairobi, Kenya.

PubMed

Macharia, T N; Ochola, S; Mutua, M K; Kimani-Murage, E W

2018-02-01

Studies in urban informal settlements show widespread inappropriate infant and young child feeding (IYCF) practices and high rates of food insecurity. This study assessed the association between household food security and IYCF practices in two urban informal settlements in Nairobi, Kenya. The study adopted a longitudinal design that involved a census sample of 1110 children less than 12 months of age and their mothers aged between 12 and 49 years. A questionnaire was used to collect information on: IYCF practices and household food security. Logistic regression was used to determine the association between food insecurity and IYFC practices. The findings showed high household food insecurity; only 19.5% of the households were food secure based on Household Insecurity Access Score. Infant feeding practices were inappropriate: 76% attained minimum meal frequency; 41% of the children attained a minimum dietary diversity; and 27% attained minimum acceptable diet. With the exception of the minimum meal frequency, infants living in food secure households were significantly more likely to achieve appropriate infant feeding practices than those in food insecure households: minimum meal frequency (adjusted odds ratio (AOR)=1.26, P=0.530); minimum dietary diversity (AOR=1.84, P=0.046) and minimum acceptable diet (AOR=2.35, P=0.008). The study adds to the existing body of knowledge by demonstrating an association between household food security and infant feeding practices in low-income settings. The findings imply that interventions aimed at improving infant feeding practices and ultimately nutritional status need to also focus on improving household food security.

The exploration of the exhibition informatization

NASA Astrophysics Data System (ADS)

Zhang, Jiankang

2017-06-01

The construction and management of exhibition informatization is the main task and choke point during the process of Chinese exhibition industry’s transformation and promotion. There are three key points expected to realize a breakthrough during the construction of Chinese exhibition informatization, and the three aspects respectively are adopting service outsourcing to construct and maintain the database, adopting advanced chest card technology to collect various kinds of information, developing statistics analysis to maintain good cutomer relations. The success of Chinese exhibition informatization mainly calls for mature suppliers who can provide construction and maintenance of database, the proven technology, a sense of data security, advanced chest card technology, the ability of data mining and analysis and the ability to improve the exhibition service basing on the commercial information got from the data analysis. Several data security measures are expected to apply during the process of system developing, including the measures of the terminal data security, the internet data security, the media data security, the storage data security and the application data security. The informatization of this process is based on the chest card designing. At present, there are several types of chest card technology: bar code chest card; two-dimension code card; magnetic stripe chest card; smart-chip chest card. The information got from the exhibition data will help the organizers to make relevant service strategies, quantify the accumulated indexes of the customers, and improve the level of the customer’s satisfaction and loyalty, what’s more, the information can also provide more additional services like the commercial trips, VIP ceremonial reception.

Report: EPA’s National Security Information Program Could Be Improved

EPA Pesticide Factsheets

Report #12-P-0543, June 18, 2012. Under its classified NSI program, EPA has assigned responsibilities and provided guidance, training, and oversight. EPA program offices provide secure equipment and space, following NSI program specifications.

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

NASA Astrophysics Data System (ADS)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

Airport detectors and orthopaedic implants.

PubMed

van der Wal, Bart C H; Grimm, Bernd; Heyligers, Ide C

2005-08-01

As a result of the rising threats of terrorism, airport security has become a major issue. Patients with orthopaedic implants are concerned that they may activate alarms at airport security gates. A literature overview showed that the activation rate of the alarm by hand-held detectors is higher than for arch detectors (100% versus 56%). Arch detection rate has significantly increased from 0% before 1995 up to 83.3% after 1994. Reported factors which influence detection rates are implant mass, implant combinations, implant volume, transfer speed, side of implant, detector model, sensitivity settings, material and tissue masking. Detection rate has been improved by more sensitive devices and improved filter software. Doctors should be able to objectively inform patients. A form is presented which will easily inform the airport security staff.

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

PubMed

Somasundaram, M; Sivakumar, R

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

76 FR 2753 - Agency Information Collection Activities: Proposed Agency Information Collection Activities...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-14

... title V of the Riegle Community Development and Regulatory Improvement Act,\\2\\ the National Flood... renewing a loan secured by a building or a mobile home located in a special flood hazard area to advise the... transferring a loan secured by a building or a mobile home located in a special flood hazard area to notify...

78 FR 54454 - Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-04

... include the following items: --Cybersecurity Executive Order 13636, Improving Critical Infrastructure Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity Framework; Request for Information (RFI)--Developing a Framework to Improve Critical Infrastructure Cybersecurity (78 FR 13024...

Privacy vs usability: a qualitative exploration of patients' experiences with secure Internet communication with their general practitioner.

PubMed

Tjora, Aksel; Tran, Trung; Faxvaag, Arild

2005-05-31

Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve user interfaces.

Privacy vs Usability: A Qualitative Exploration of Patients' Experiences With Secure Internet Communication With Their General Practitioner

PubMed Central

Tran, Trung; Faxvaag, Arild

2005-01-01

Background Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. Objectives The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Methods Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Results Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Conclusions Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve user interfaces. PMID:15998606

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

Protecting clinical data in PACS, teleradiology systems, and research environments

NASA Astrophysics Data System (ADS)

Meissner, Marion C.; Collmann, Jeff R.; Tohme, Walid G.; Mun, Seong K.

1997-05-01

As clinical data is more widely stored in electronic patient record management systems and transmitted over the Internet and telephone lines, it becomes more accessible and therefore more useful, but also more vulnerable. Computer systems such as PACS, telemedicine applications, and medical research networks must protect against accidental or deliberate modification, disclosure, and violation of patient confidentiality in order to be viable. Conventional wisdom in the medical field and among lawmakers legislating the use of electronic medical records suggests that, although it may improve access to information, an electronic medical record cannot be as secure as a traditional paper record. This is not the case. Information security is a well-developed field in the computer and communications industry. If medical information systems, such as PACS, telemedicine applications, and research networks, properly apply information security techniques, they can ensure the accuracy and confidentiality of their patient information and even improve the security of their data over a traditional paper record. This paper will elaborate on some of these techniques and discuss how they can be applied to medical information systems. The following systems will be used as examples for the analysis: a research laboratory at Georgetown University Medical Center, the Deployable Radiology system installed to support the US Army's peace- keeping operation in Bosnia, a kidney dialysis telemedicine system in Washington, D.C., and various experiences with implementing and integrating PACS.

The appropriate and effective use of security technologies in U.S. schools : a guide for schools and law enforcement agencies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Green, Mary Wilson

The purpose of this report is to provide school administrators with the ability to determine their security system requirements, so they can make informed decisions when working with vendors and others to improve their security posture. This is accomplished by (1) explaining a systems-based approach to defining the objectives and needs of the system, and (2), providing information on the ability of common components (sensors, cameras, metal detectors, etc) to achieve those objectives, in an effectively integrated system.

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments

PubMed Central

Huang, Yuanfei; Ma, Fangchao

2017-01-01

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.’s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.’s scheme still has weaknesses. In this paper, we show that Moon et al.’s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient. PMID:29121050

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments.

PubMed

Guo, Hua; Wang, Pei; Zhang, Xiyong; Huang, Yuanfei; Ma, Fangchao

2017-01-01

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.'s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.'s scheme still has weaknesses. In this paper, we show that Moon et al.'s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient.

78 FR 25254 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-30

... include the following items: --Cybersecurity Executive Order 13636, Improving Critical Infrastructure Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity Framework; Request for Information (RFI)--Developing a Framework to Improve Critical Infrastructure Cybersecurity (78 FR 13024...

23 CFR 1327.3 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

..., denials, cancellations, accidents and interactions with the driver control and driver improvement... the State transmitting such information; and (3) The social security account number, if used by the... license number of such individual (if that number is different from the operator's social security account...

Introducing the CERT (Trademark) Resiliency Engineering Framework: Improving the Security and Sustainability Processes

DTIC Science & Technology

2007-05-01

Organizational Structure 40 6.1.3 Funding Model 40 6.1.4 Role of Information Technology 40 6.2 Considering Process Improvement 41 6.2.1 Dimensions of...to the process definition for resiliency engineering. 6.1.3 Funding Model Just as organizational structures tend to align across security and...responsibility. Adopting an enter- prise view of operational resiliency and a process improvement approach requires that the funding model evolve to one

Information Communication and Technology for Water Resource Management and Food Security in Kenya: A Case Study of Kericho and Uasin Gishu Districts

ERIC Educational Resources Information Center

Omboto, P. I.; Macharia, J.; Mbagaya, Grace; Standa, F. N.

2011-01-01

Recent reports on Kenya have indicated food insecurity and destruction of water catchments as serious problems facing the country. Despite the tremendous strides in Information and Communication Technology (ICT), the country has not taken advantage of the technology to improve food security by effectively managing her water resources. A survey on…

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

Statistical security for Social Security.

PubMed

Soneji, Samir; King, Gary

2012-08-01

The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

PubMed

Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

PubMed Central

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

PubMed Central

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

Using information technology for an improved pharmaceutical care delivery in developing countries. Study case: Benin.

PubMed

Edoh, Thierry Oscar; Teege, Gunnar

2011-10-01

One of the problems in health care in developing countries is the bad accessibility of medicine in pharmacies for patients. Since this is mainly due to a lack of organization and information, it should be possible to improve the situation by introducing information and communication technology. However, for several reasons, standard solutions are not applicable here. In this paper, we describe a case study in Benin, a West African developing country. We identify the problem and the existing obstacles for applying standard ECommerce solutions. We develop an adapted system approach and describe a practical test which has shown that the approach has the potential of actually improving the pharmaceutical care delivery. Finally, we consider the security aspects of the system and propose an organizational solution for some specific security problems.

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

A secure biometrics-based authentication scheme for telecare medicine information systems.

PubMed

Yan, Xiaopeng; Li, Weiheng; Li, Ping; Wang, Jiantao; Hao, Xinhong; Gong, Peng

2013-10-01

The telecare medicine information system (TMIS) allows patients and doctors to access medical services or medical information at remote sites. Therefore, it could bring us very big convenient. To safeguard patients' privacy, authentication schemes for the TMIS attracted wide attention. Recently, Tan proposed an efficient biometrics-based authentication scheme for the TMIS and claimed their scheme could withstand various attacks. However, in this paper, we point out that Tan's scheme is vulnerable to the Denial-of-Service attack. To enhance security, we also propose an improved scheme based on Tan's work. Security and performance analysis shows our scheme not only could overcome weakness in Tan's scheme but also has better performance.

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Sharing information about cancer with one's family is associated with improved quality of life.

PubMed

Lai, Carlo; Borrelli, Beatrice; Ciurluini, Paola; Aceto, Paola

2017-10-01

The aim of this study was to investigate the association between cancer patients' ability to share information about their illness with their social network and attachment style dimensions, alexithymia, and quality of life. We hypothesised that ability to share information about one's cancer with family, friends, and medical teams would be positively associated with quality of life and secure attachment and negatively associated with alexithymia. Forty-five cancer patients were recruited from the Psycho-oncology Unit of the San Camillo-Forlanini Hospital in Rome. We collected anamnestic data and self-report data on social sharing ability, quality of life, alexithymia, and attachment. Sharing with family (B = 4.66; SE = 1.82; β = .52; SE = 0.20; t(41) = 2.6; P = .0143) was the only predictor of global health status, and attachment security was the only predictor of mean social sharing (B = 0.25; SE = 0.06; β = .63; SE = 0.14; t(41) = 4.4; P < .0001). Encouraging patients to share information about their experience of cancer may help to improve their quality of life. Attachment security seems to promote social sharing. Psychological assessments of cancer patients should cover both ability to share information about one's cancer with family and attachment security. Copyright © 2016 John Wiley & Sons, Ltd.

Cryptanalysis and improvement of a quantum communication-based online shopping mechanism

NASA Astrophysics Data System (ADS)

Huang, Wei; Yang, Ying-Hui; Jia, Heng-Yue

2015-06-01

Recently, Chou et al. (Electron Commer Res 14:349-367, 2014) presented a novel controlled quantum secure direct communication protocol which can be used for online shopping. The authors claimed that their protocol was immune to the attacks from both external eavesdropper and internal betrayer. However, we find that this protocol is vulnerable to the attack from internal betrayer. In this paper, we analyze the security of this protocol to show that the controller in this protocol is able to eavesdrop the secret information of the sender (i.e., the customer's shopping information), which indicates that it cannot be used for secure online shopping as the authors expected. Accordingly, an improvement of this protocol, which could resist the controller's attack, is proposed. In addition, we present another protocol which is more appropriate for online shopping. Finally, a discussion about the difference in detail of the quantum secure direct communication process between regular quantum communications and online shopping is given.

Big data, little security: Addressing security issues in your platform

NASA Astrophysics Data System (ADS)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

Airline Security and a Strategy for Change

DTIC Science & Technology

2006-01-15

21 KEY TERMS: Biometrics, Federal Flight Deck Officer, Positive Passenger Bag Match , Airline Security CLASSIFICATION: Unclassified On September 11...subsequent to 9/11, then offers a recommended strategy which could provide both an improved security posture and the peace of mind demanded by travelers...expanding the Positive Passenger Bag Match criteria, and gathering information on passengers about special capabilities they might have for use by Captains

Impersonation attack on a quantum secure direct communication and authentication protocol with improvement

NASA Astrophysics Data System (ADS)

Amerimehr, Ali; Hadain Dehkordi, Massoud

2018-03-01

We analyze the security of a quantum secure direct communication and authentication protocol based on single photons. We first give an impersonation attack on the protocol. The cryptanalysis shows that there is a gap in the authentication procedure of the protocol so that an opponent can reveal the secret information by an undetectable attempt. We then propose an improvement for the protocol and show it closes the gap by applying a mutual authentication procedure. In the improved protocol single photons are transmitted once in a session, so it is easy to implement as the primary protocol. Furthermore, we use a novel technique for secret order rearrangement of photons by which not only quantum storage is eliminated also a secret key can be reused securely. So the new protocol is applicable in practical approaches like embedded system devices.

Patient empowerment by the means of citizen-managed Electronic Health Records: web 2.0 health digital identity scenarios.

PubMed

Falcão-Reis, Filipa; Correia, Manuel E

2010-01-01

With the advent of more sophisticated and comprehensive healthcare information systems, system builders are becoming more interested in patient interaction and what he can do to help to improve his own health care. Information systems play nowadays a crucial and fundamental role in hospital work-flows, thus providing great opportunities to introduce and improve upon "patient empowerment" processes for the personalization and management of Electronic Health Records (EHRs). In this paper, we present a patient's privacy generic control mechanisms scenarios based on the Extended OpenID (eOID), a user centric digital identity provider previously developed by our group, which leverages a secured OpenID 2.0 infrastructure with the recently released Portuguese Citizen Card (CC) for secure authentication in a distributed health information environment. eOID also takes advantage of Oauth assertion based mechanisms to implement patient controlled secure qualified role based access to his EHR, by third parties.

17 CFR 200.13 - Chief Operating Officer.

Code of Federal Regulations, 2012 CFR

2012-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... Financial Management, the Office of FOIA, Records Management, and Security, and the Office of Information... management improvements, telecommunications and information technology policies, and other government-wide...

17 CFR 200.13 - Chief Operating Officer.

Code of Federal Regulations, 2013 CFR

2013-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... Financial Management, the Office of FOIA, Records Management, and Security, and the Office of Information... management improvements, telecommunications and information technology policies, and other government-wide...

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

An improved control mode for the ping-pong protocol operation in imperfect quantum channels

NASA Astrophysics Data System (ADS)

Zawadzki, Piotr

2015-07-01

Quantum direct communication (QDC) can bring confidentiality of sensitive information without any encryption. A ping-pong protocol, a well-known example of entanglement-based QDC, offers asymptotic security in a perfect quantum channel. However, it has been shown (Wójcik in Phys Rev Lett 90(15):157901, 2003. doi:10.1103/PhysRevLett.90.157901) that it is not secure in the presence of losses. Moreover, legitimate parities cannot rely on dense information coding due to possible undetectable eavesdropping even in the perfect setting (Pavičić in Phys Rev A 87(4):042326, 2013. doi:10.1103/PhysRevA.87.042326). We have identified the source of the above-mentioned weaknesses in the incomplete check of the EPR pair coherence. We propose an improved version of the control mode, and we discuss its relation to the already-known attacks that undermine the QDC security. It follows that the new control mode detects these attacks with high probability and independently on a quantum channel type. As a result, an asymptotic security of the QDC communication can be maintained for imperfect quantum channels, also in the regime of dense information coding.

Improving security of the ping-pong protocol

NASA Astrophysics Data System (ADS)

Zawadzki, Piotr

2013-01-01

A security layer for the asymptotically secure ping-pong protocol is proposed and analyzed in the paper. The operation of the improvement exploits inevitable errors introduced by the eavesdropping in the control and message modes. Its role is similar to the privacy amplification algorithms known from the quantum key distribution schemes. Messages are processed in blocks which guarantees that an eavesdropper is faced with a computationally infeasible problem as long as the system parameters are within reasonable limits. The introduced additional information preprocessing does not require quantum memory registers and confidential communication is possible without prior key agreement or some shared secret.

In the Face of Cybersecurity: How the Common Information Model Can Be Used

DOE Office of Scientific and Technical Information (OSTI.GOV)

Skare, Paul; Falk, Herbert; Rice, Mark

2016-01-01

Efforts are underway to combine smart grid information, devices, networking, and emergency response information to create messages that are not dependent on specific standards development organizations (SDOs). This supports a future-proof approach of allowing changes in the canonical data models (CDMs) going forward without having to perform forklift replacements of solutions that use the messages. This also allows end users (electric utilities) to upgrade individual components of a larger system while keeping the message payload definitions intact. The goal is to enable public and private information sharing securely in a standards-based approach that can be integrated into existing operations. Wemore » provide an example architecture that could benefit from this multi-SDO, secure message approach. This article also describes how to improve message security« less

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

Assessing and comparing information security in swiss hospitals.

PubMed

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability.

Assessing and Comparing Information Security in Swiss Hospitals

PubMed Central

Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-01-01

Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008). Conclusions Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability. PMID:23611956

Usability Assessment of Secure Messaging for Clinical Document Sharing between Health Care Providers and Patients.

PubMed

Jahn, Michelle A; Porter, Brian W; Patel, Himalaya; Zillich, Alan J; Simon, Steven R; Russ, Alissa L

2018-04-01

 Web-based patient portals feature secure messaging systems that enable health care providers and patients to communicate information. However, little is known about the usability of these systems for clinical document sharing.  This article evaluates the usability of a secure messaging system for providers and patients in terms of its ability to support sharing of electronic clinical documents.  We conducted usability testing with providers and patients in a human-computer interaction laboratory at a Midwestern U.S. hospital. Providers sent a medication list document to a fictitious patient via secure messaging. Separately, patients retrieved the clinical document from a secure message and returned it to a fictitious provider. We collected use errors, task completion, task time, and satisfaction.  Twenty-nine individuals participated: 19 providers (6 physicians, 6 registered nurses, and 7 pharmacists) and 10 patients. Among providers, 11 (58%) attached and sent the clinical document via secure messaging without requiring assistance, in a median (range) of 4.5 (1.8-12.7) minutes. No patients completed tasks without moderator assistance. Patients accessed the secure messaging system within 3.6 (1.2-15.0) minutes; retrieved the clinical document within 0.8 (0.5-5.7) minutes; and sent the attached clinical document in 6.3 (1.5-18.1) minutes. Although median satisfaction ratings were high, with 5.8 for providers and 6.0 for patients (scale, 0-7), we identified 36 different use errors. Physicians and pharmacists requested additional features to support care coordination via health information technology, while nurses requested features to support efficiency for their tasks.  This study examined the usability of clinical document sharing, a key feature of many secure messaging systems. Our results highlight similarities and differences between provider and patient end-user groups, which can inform secure messaging design to improve learnability and efficiency. The observations suggest recommendations for improving the technical aspects of secure messaging for clinical document sharing. Schattauer GmbH Stuttgart.

Safety Psychology Applicating on Coal Mine Safety Management Based on Information System

NASA Astrophysics Data System (ADS)

Hou, Baoyue; Chen, Fei

In recent years, with the increase of intensity of coal mining, a great number of major accidents happen frequently, the reason mostly due to human factors, but human's unsafely behavior are affected by insecurity mental control. In order to reduce accidents, and to improve safety management, with the help of application security psychology, we analyse the cause of insecurity psychological factors from human perception, from personality development, from motivation incentive, from reward and punishment mechanism, and from security aspects of mental training , and put forward countermeasures to promote coal mine safety production,and to provide information for coal mining to improve the level of safety management.

Reversible Data Hiding Based on DNA Computing

PubMed Central

Xie, Yingjie

2017-01-01

Biocomputing, especially DNA, computing has got great development. It is widely used in information security. In this paper, a novel algorithm of reversible data hiding based on DNA computing is proposed. Inspired by the algorithm of histogram modification, which is a classical algorithm for reversible data hiding, we combine it with DNA computing to realize this algorithm based on biological technology. Compared with previous results, our experimental results have significantly improved the ER (Embedding Rate). Furthermore, some PSNR (peak signal-to-noise ratios) of test images are also improved. Experimental results show that it is suitable for protecting the copyright of cover image in DNA-based information security. PMID:28280504

Traffic Analysis for Network Security using Learning Theory and Streaming Algorithms

DTIC Science & Technology

2008-09-01

to have had friends who have immensely improved my research and presentation – David Brumley, Hubert Chan, Elena Nabieva, Vyas Sekar, and Runting Shi...Information Assurance and Security 2001, 2001. [15] Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. D. Tygar. Can machine learning be

Comment on "Secure quantum private information retrieval using phase-encoded queries"

NASA Astrophysics Data System (ADS)

Shi, Run-hua; Mu, Yi; Zhong, Hong; Zhang, Shun

2016-12-01

In this Comment, we reexamine the security of phase-encoded quantum private query (QPQ). We find that the current phase-encoded QPQ protocols, including their applications, are vulnerable to a probabilistic entangle-and-measure attack performed by the owner of the database. Furthermore, we discuss how to overcome this security loophole and present an improved cheat-sensitive QPQ protocol without losing the good features of the original protocol.

An Image Encryption Algorithm Based on Information Hiding

NASA Astrophysics Data System (ADS)

Ge, Xin; Lu, Bin; Liu, Fenlin; Gong, Daofu

Aiming at resolving the conflict between security and efficiency in the design of chaotic image encryption algorithms, an image encryption algorithm based on information hiding is proposed based on the “one-time pad” idea. A random parameter is introduced to ensure a different keystream for each encryption, which has the characteristics of “one-time pad”, improving the security of the algorithm rapidly without significant increase in algorithm complexity. The random parameter is embedded into the ciphered image with information hiding technology, which avoids negotiation for its transport and makes the application of the algorithm easier. Algorithm analysis and experiments show that the algorithm is secure against chosen plaintext attack, differential attack and divide-and-conquer attack, and has good statistical properties in ciphered images.

Ethics in Public Health Research

PubMed Central

Myers, Julie; Frieden, Thomas R.; Bherwani, Kamal M.; Henning, Kelly J.

2008-01-01

Public health agencies increasingly use electronic means to acquire, use, maintain, and store personal health information. Electronic data formats can improve performance of core public health functions, but potentially threaten privacy because they can be easily duplicated and transmitted to unauthorized people. Although such security breaches do occur, electronic data can be better secured than paper records, because authentication, authorization, auditing, and accountability can be facilitated. Public health professionals should collaborate with law and information technology colleagues to assess possible threats, implement updated policies, train staff, and develop preventive engineering measures to protect information. Tightened physical and electronic controls can prevent misuse of data, minimize the risk of security breaches, and help maintain the reputation and integrity of public health agencies. PMID:18382010

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

PubMed Central

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

76 FR 79275 - Truth in Savings (Regulation DD)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-21

... disclosure. Sensitive personal information, such as account numbers or social security numbers, should not be... improved, and consumers' ability to make informed decisions regarding deposit accounts would be... regulations, while making information on the other regulations available. The Bureau expects to conduct...

Protection of electronic health records (EHRs) in cloud.

PubMed

Alabdulatif, Abdulatif; Khalil, Ibrahim; Mai, Vu

2013-01-01

EHR technology has come into widespread use and has attracted attention in healthcare institutions as well as in research. Cloud services are used to build efficient EHR systems and obtain the greatest benefits of EHR implementation. Many issues relating to building an ideal EHR system in the cloud, especially the tradeoff between flexibility and security, have recently surfaced. The privacy of patient records in cloud platforms is still a point of contention. In this research, we are going to improve the management of access control by restricting participants' access through the use of distinct encrypted parameters for each participant in the cloud-based database. Also, we implement and improve an existing secure index search algorithm to enhance the efficiency of information control and flow through a cloud-based EHR system. At the final stage, we contribute to the design of reliable, flexible and secure access control, enabling quick access to EHR information.

Development of Individual Equipment Requirements for the Afghan National Army Needs Improvement

DTIC Science & Technology

2012-05-25

Secur n Security F Communic t of the Isla ency Managemen ining Missio ion Comman nal Clothin operation I TACOM L Frequency eb site of th rts or...of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and...conta or fax (571 Deputy Ins by fax (571 of Inspecto General for F25-04 ity Forces orces Fund ations-Electr mic Republ t Command n-Afghanis d

Y-12 Integrated Materials Management System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alspaugh, D. H.; Hickerson, T. W.

2002-06-03

The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclearmore » material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system.« less

Cryptanalysis on a scheme to share information via employing a discrete algorithm to quantum states

NASA Astrophysics Data System (ADS)

Amellal, H.; Meslouhi, A.; El Baz, M.; Hassouni, Y.; El Allati, A.

2017-03-01

Recently, Yang and Hwang [Int. J. Theor. Phys. 53, 224 (2014)] demonstrated that the scheme to share information via employing discrete algorithm to quantum states presented by Kang and Fang [Commun. Theor. Phys. 55, 239 (2011)] suffers from a major vulnerability allowing an eavesdropper to perform a measurement and resend attack. By introducing an additional checking state framework, the authors have proposed an improved protocol to overcome this weakness. This work calls into question the invoked vulnerability in order to clarify a misinterpretation in the same protocol stages also introduce a possible leakage information strategy, known as a faked state attack, despite the proposed improvement, which means that the same security problem may persist. Finally, an upgrading technic was introduced in order to enhance the security transmission.

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

A novel income security intervention to address poverty in a primary care setting: a retrospective chart review.

PubMed

Jones, Marcella K; Bloch, Gary; Pinto, Andrew D

2017-08-17

To examine the development and implementation of a novel income security intervention in primary care. A retrospective, descriptive chart review of all patients referred to the Income Security Heath Promotion service during the first year of the service (December 2013-December 2014). A multisite interdisciplinary primary care organisation in inner city Toronto, Canada, serving over 40 000 patients. The study population included 181 patients (53% female, mean age 48 years) who were referred to the Income Security Health Promotion service and engaged in care. The Income Security Health Promotion service consists of a trained health promoter who provides a mixture of expert advice and case management to patients to improve income security. An advisory group, made up of physicians, social workers, a community engagement specialist and a clinical manager, supports the service. Sociodemographic information, health status, referral information and encounter details were collected from patient charts. Encounters focused on helping patients with increasing their income (77.4%), reducing their expenses (58.6%) and improving their financial literacy (26.5%). The health promoter provided an array of services to patients, including assistance with taxes, connecting to community services, budgeting and accessing free services. The service could be improved with more specific goal setting, better links to other members of the healthcare team and implementing routine follow-up with each patient after discharge. Income Security Health Promotion is a novel service within primary care to assist vulnerable patients with a key social determinant of health. This study is a preliminary look at understanding the functioning of the service. Future research will examine the impact of the Income Security Health Promotion service on income security, financial literacy, engagement with health services and health outcomes. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2017. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Implementing an electronic medication overview in Belgium.

PubMed

Storms, Hannelore; Marquet, Kristel; Nelissen, Katherine; Hulshagen, Leen; Lenie, Jan; Remmen, Roy; Claes, Neree

2014-12-16

An accurate medication overview is essential to reduce medication errors. Therefore, it is essential to keep the medication overview up-to-date and to exchange healthcare information between healthcare professionals and patients. Digitally shared information yields possibilities to improve communication. However, implementing a digitally shared medication overview is challenging. This articles describes the development process of a secured, electronic platform designed for exchanging medication information as executed in a pilot study in Belgium, called "Vitalink". The goal of "Vitalink" is to improve the exchange of medication information between professionals working in healthcare and patients in order to achieve a more efficient cooperation and better quality of care. Healthcare professionals of primary and secondary health care and patients of four Belgian regions participated in the project. In each region project groups coordinated implementation and reported back to the steering committee supervising the pilot study. The electronic medication overview was developed based on consensus in the project groups. The steering committee agreed to establish secured and authorized access through the use of electronic identity documents (eID) and a secured, eHealth-platform conform prior governmental regulations regarding privacy and security of healthcare information. A successful implementation of an electronic medication overview strongly depends on the accessibility and usability of the tool for healthcare professionals. Coordinating teams of the project groups concluded, based on their own observations and on problems reported to them, that secured and quick access to medical data needed to be pursued. According to their observations, the identification process using the eHealth platform, crucial to ensure secured data, was very time consuming. Secondly, software packages should meet the needs of their users, thus be adapted to daily activities of healthcare professionals. Moreover, software should be easy to install and run properly. The project would have benefited from a cost analysis executed by the national bodies prior to implementation.

An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems.

PubMed

Lee, Tian-Fu

2013-12-01

A smartcard-based authentication and key agreement scheme for telecare medicine information systems enables patients, doctors, nurses and health visitors to use smartcards for secure login to medical information systems. Authorized users can then efficiently access remote services provided by the medicine information systems through public networks. Guo and Chang recently improved the efficiency of a smartcard authentication and key agreement scheme by using chaotic maps. Later, Hao et al. reported that the scheme developed by Guo and Chang had two weaknesses: inability to provide anonymity and inefficient double secrets. Therefore, Hao et al. proposed an authentication scheme for telecare medicine information systems that solved these weaknesses and improved performance. However, a limitation in both schemes is their violation of the contributory property of key agreements. This investigation discusses these weaknesses and proposes a new smartcard-based authentication and key agreement scheme that uses chaotic maps for telecare medicine information systems. Compared to conventional schemes, the proposed scheme provides fewer weaknesses, better security, and more efficiency.

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

PubMed

Mohit, Prerna; Amin, Ruhul; Karati, Arijit; Biswas, G P; Khan, Muhammad Khurram

2017-04-01

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

High-performance compression and double cryptography based on compressive ghost imaging with the fast Fourier transform

NASA Astrophysics Data System (ADS)

Leihong, Zhang; Zilan, Pan; Luying, Wu; Xiuhua, Ma

2016-11-01

To solve the problem that large images can hardly be retrieved for stringent hardware restrictions and the security level is low, a method based on compressive ghost imaging (CGI) with Fast Fourier Transform (FFT) is proposed, named FFT-CGI. Initially, the information is encrypted by the sender with FFT, and the FFT-coded image is encrypted by the system of CGI with a secret key. Then the receiver decrypts the image with the aid of compressive sensing (CS) and FFT. Simulation results are given to verify the feasibility, security, and compression of the proposed encryption scheme. The experiment suggests the method can improve the quality of large images compared with conventional ghost imaging and achieve the imaging for large-sized images, further the amount of data transmitted largely reduced because of the combination of compressive sensing and FFT, and improve the security level of ghost images through ciphertext-only attack (COA), chosen-plaintext attack (CPA), and noise attack. This technique can be immediately applied to encryption and data storage with the advantages of high security, fast transmission, and high quality of reconstructed information.

Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems.

PubMed

Chaudhry, Shehzad Ashraf; Naqvi, Husnain; Shon, Taeshik; Sher, Muhammad; Farash, Mohammad Sabzinejad

2015-06-01

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.'s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.'s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.'s protocol resists all known attacks.

mCare: using secure mobile technology to support soldier reintegration and rehabilitation.

PubMed

Poropatich, Ronald K; Pavliscsak, Holly H; Tong, James C; Little, Jeanette R; McVeigh, Francis L

2014-06-01

The U.S. Army Medical Department conducted a pilot mobile health project to determine the requirements for coordination of care for "Wounded Warriors" using mobile messaging. The primary objective was to determine if a secure mobile health (mhealth) intervention provided to geographically dispersed patients would improve contact rates and positively impact the military healthcare system. Over 21 months, volunteers enrolled in a Health Insurance Portability and Accountability Act-compliant, secure mobile messaging initiative called mCare. The study included males and females, 18-61 years old, with a minimum of 60 days of outpatient recovery. Volunteers were required to have a compatible phone. The mhealth intervention included appointment reminders, health and wellness tips, announcements, and other relevant information to this population exchanged between care teams and patients. Provider respondents reported that 85% would refer patients to mCare, and 56% noted improvement in appointment attendance (n=90). Patient responses also revealed high acceptability of mCare and refined the frequency and delivery times (n=114). The pilot project resulted in over 84,000 outbound messages and improved contact rates by 176%. The mCare pilot project demonstrated the feasibility and administrative effectiveness of a scalable mhealth application using secure mobile messaging and information exchanges, including personalized patient education.

A noise immunity controlled quantum teleportation protocol

NASA Astrophysics Data System (ADS)

Li, Dong-fen; Wang, Rui-jin; Zhang, Feng-li; Baagyere, Edward; Qin, Zhen; Xiong, Hu; Zhan, Huayi

2016-11-01

With the advent of the Internet and information and communication technology, quantum teleportation has become an important field in information security and its application areas. This is because quantum teleportation has the ability to attain a timely secret information delivery and offers unconditional security. And as such, the field of quantum teleportation has become a hot research topic in recent years. However, noise has serious effect on the safety of quantum teleportation within the aspects of information fidelity, channel capacity and information transfer. Therefore, the main purpose of this paper is to address these problems of quantum teleportation. Firstly, in order to resist collective noise, we construct a decoherence-free subspace under different noise scenarios to establish a two-dimensional fidelity quantum teleportation models. And also create quantum teleportation of multiple degree of freedom, and these models ensure the accuracy and availability of the exchange of information and in multiple degree of freedom. Secondly, for easy preparation, measurement and implementation, we use super dense coding features to build an entangled quantum secret exchange channel. To improve the channel utilization and capacity, an efficient super dense coding method based on ultra-entanglement exchange is used. Thirdly, continuous variables of the controlled quantum key distribution were designed for quantum teleportation; in addition, we perform Bell-basis measurement under the collective noise and also prepare the storage technology of quantum states to achieve one-bit key by three-photon encoding to improve its security and efficiency. We use these two methods because they conceal information, resist a third party attack and can detect eavesdropping. Our proposed methods, according to the security analysis, are able to solve the problems associated with the quantum teleportation under various noise environments.

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2015-08-01

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

76 FR 57615 - National Health Information Technology Week, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-15

... Health Information Technology Week, 2011 #0; #0; #0; Presidential Documents #0; #0; #0;#0;Federal... Technology Week, 2011 By the President of the United States of America A Proclamation Technological advances... Week, we highlight the critical importance of secure and efficient information systems to improving the...

Information Technology: Opportunities for Improving Acquisitions and Operations

DTIC Science & Technology

2017-04-01

United States Government Accountability Office Highlights of GAO-17-251SP, a GAO forum April 2017 INFORMATION TECHNOLOGY Opportunities...Richard McKinney Chief Information Officer, U.S. Department of Transportation Richard Spires Chief Executive Officer, Learning Tree International ...Former Chief Information Officer, U.S. Department of Homeland Security Former Chief Information Officer, Internal Revenue Service Appendix II

Meeting the ONCHIT population health mandate: a proposed model for security in selective transportable distributed environments.

PubMed

Lorence, Daniel; Chin, John; Richards, Michael

2010-08-01

Goal Two of the US ONCHIT Plan focuses on enabling the use of electronic health information for critical health improvement activities that promote the health of targeted communities, and the US population as a whole. Because of the focus on communities and populations, the activities under this second goal differ fundamentally from those of the first goal, which focus on the care of individuals. Proposed here is a model for health information management in such population-based environments, which allows selective access and use of information, and maintains transportability while ensuring security and confidentiality.

An authentication scheme for secure access to healthcare services.

PubMed

Khan, Muhammad Khurram; Kumari, Saru

2013-08-01

Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

Design and implementation of a secure workflow system based on PKI/PMI

NASA Astrophysics Data System (ADS)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

Proof of cipher text ownership based on convergence encryption

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage systems save disk space and bandwidth through deduplication technology, but with the use of this technology has been targeted security attacks: the attacker can get the original file just use hash value to deceive the server to obtain the file ownership. In order to solve the above security problems and the different security requirements of cloud storage system files, an efficient information theory security proof of ownership scheme is proposed. This scheme protects the data through the convergence encryption method, and uses the improved block-level proof of ownership scheme, and can carry out block-level client deduplication to achieve efficient and secure cloud storage deduplication scheme.

Cryptanalysis and Improvements for the Quantum Private Comparison Protocol Using EPR Pairs

NASA Astrophysics Data System (ADS)

Wang, Cong; Xu, Gang; Yang, Yi-Xian

2013-07-01

In this paper, we carry out an in-depth analysis of the quantum private comparison (QPC) protocol with the semi-honest third party (TP). The security of QPC protocol using the EPR pairs is re-examined. Unfortunately, we find that TP can use the fake EPR pairs to steal all the secret information. Furthermore, we give two simple and feasible solutions to improve the original QPC protocol. It is shown that the improved protocol is secure, which can resist various kinds of attacks from both the outside eavesdroppers and the inside participants, even the semi-honest TP.

76 FR 6652 - Proposed Collection: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... Products. OMB Number: 1535-0142. Abstract: The information from the survey will be used to improve customer... ``Conducting Focus Groups for Retail Securities Products.'' DATES: Written comments should be received on or... collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be...

Security and Communication Improve Community Trust

ERIC Educational Resources Information Center

Schneiderman, Mark

2015-01-01

Using student information in schools is nothing new nor is the reliance on information technologies supported by external service providers. What is new is the adoption of innovations like cloud computing and data analytics that are increasing teacher and family data access, creating actionable information to drive instruction and decision making,…

Teaching Hands-On Linux Host Computer Security

ERIC Educational Resources Information Center

Shumba, Rose

2006-01-01

In the summer of 2003, a project to augment and improve the teaching of information assurance courses was started at IUP. Thus far, ten hands-on exercises have been developed. The exercises described in this article, and presented in the appendix, are based on actions required to secure a Linux host. Publicly available resources were used to…

A Secure Behavior Modification Sensor System for Physical Activity Improvement

ERIC Educational Resources Information Center

Price, Alan

2011-01-01

Today, advances in wireless sensor networks are making it possible to capture large amounts of information about a person and their interaction within their home environment. However, what is missing is how to ensure the security of the collected data and its use to alter human behavior for positive benefit. In this research, exploration was…

75 FR 13775 - Agency Information Collection Activities: Proposed Collection; Comment Request, 1660-NEW...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-23

... Security Exercise and Evaluation Program (HSEEP) After Action Report (AAR) Improvement Plan (IP) AGENCY... (HSEEP) After Action Report (AAR) Improvement Plan (IP). SUMMARY: The Federal Emergency Management Agency... (HSEEP) After Action Report (AAR) Improvement Plan (IP). DATES: Comments must be submitted on or before...

Installation of secure, always available wireless LAN systems as a component of the hospital communication infrastructure.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-06-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. In addition, insuring that the network is always available is important. Herein, we discuss security countermeasures and points to insure availability that must be taken to insure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at Shimane University Hospital. Security countermeasures differ according to their purpose, such as for preventing illegal use or insuring availability, both of which are discussed. It is our hope that this information will assist others in their efforts to insure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme.

PubMed

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

PubMed

Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

2015-08-01

Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Common Criteria related security design patterns--validation on the intelligent sensor example designed for mine environment.

PubMed

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method.

Image encryption based on a delayed fractional-order chaotic logistic system

NASA Astrophysics Data System (ADS)

Wang, Zhen; Huang, Xia; Li, Ning; Song, Xiao-Na

2012-05-01

A new image encryption scheme is proposed based on a delayed fractional-order chaotic logistic system. In the process of generating a key stream, the time-varying delay and fractional derivative are embedded in the proposed scheme to improve the security. Such a scheme is described in detail with security analyses including correlation analysis, information entropy analysis, run statistic analysis, mean-variance gray value analysis, and key sensitivity analysis. Experimental results show that the newly proposed image encryption scheme possesses high security.

Extending AADL for Security Design Assurance of Cyber Physical Systems

DTIC Science & Technology

2015-12-16

a detailed system architecture design of a CPS can be analyzed using AADL to prevent such types of CWEs. We divided the work into two tasks as...security modeling to CPSs, and develop a case study to show how formal modeling using AADL could be applied to a CPS to improve the security design of the... CPS . These examples of recent attacks against automobiles have been reported:  A wireless device used by Progressive Insurance to gather information

The Natural Hospital Environment: a Socio-Technical-Material perspective.

PubMed

Fernando, Juanita; Dawson, Linda

2014-02-01

This paper introduces two concepts into analyses of information security and hospital-based information systems-- a Socio-Technical-Material theoretical framework and the Natural Hospital Environment. The research is grounded in a review of pertinent literature with previously published Australian (Victoria) case study data to analyse the way clinicians work with privacy and security in their work. The analysis was sorted into thematic categories, providing the basis for the Natural Hospital Environment and Socio-Technical-Material framework theories discussed here. Natural Hospital Environments feature inadequate yet pervasive computer use, aural privacy shortcomings, shared workspace, meagre budgets, complex regulation that hinders training outcomes and out-dated infrastructure and are highly interruptive. Working collaboratively in many cases, participants found ways to avoid or misuse security tools, such as passwords or screensavers for patient care. Workgroup infrastructure was old, architecturally limited, haphazard in some instances, and was less useful than paper handover sheets to ensure the quality of patient care outcomes. Despite valiant efforts by some participants, they were unable to control factors influencing the privacy of patient health information in public hospital settings. Future improvements to hospital-based organisational frameworks for e-health can only be made when there is an improved understanding of the Socio-Technical-Material theoretical framework and Natural Hospital Environment contexts. Aspects within control of clinicians and administrators can be addressed directly although some others are beyond their control. An understanding and acknowledgement of these issues will benefit the management and planning of improved and secure hospital settings. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.

2009-10-14

The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators ofmore » the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).« less

The Impact of Geographic Information Systems on Emergency Management Decision Making at the U.S. Department of Homeland Security

ERIC Educational Resources Information Center

King, Steven Gray

2012-01-01

Geographic information systems (GIS) reveal relationships and patterns from large quantities of diverse data in the form of maps and reports. The United States spends billions of dollars to use GIS to improve decisions made during responses to natural disasters and terrorist attacks, but precisely how GIS improves or impairs decision making is not…

Survey of Cyber Crime in Big Data

NASA Astrophysics Data System (ADS)

Rajeswari, C.; Soni, Krishna; Tandon, Rajat

2017-11-01

Big data is like performing computation operations and database operations for large amounts of data, automatically from the data possessor’s business. Since a critical strategic offer of big data access to information from numerous and various areas, security and protection will assume an imperative part in big data research and innovation. The limits of standard IT security practices are notable, with the goal that they can utilize programming sending to utilize programming designers to incorporate pernicious programming in a genuine and developing risk in applications and working frameworks, which are troublesome. The impact gets speedier than big data. In this way, one central issue is that security and protection innovation are sufficient to share controlled affirmation for countless direct get to. For powerful utilization of extensive information, it should be approved to get to the information of that space or whatever other area from a space. For a long time, dependable framework improvement has arranged a rich arrangement of demonstrated ideas of demonstrated security to bargain to a great extent with the decided adversaries, however this procedure has been to a great extent underestimated as “needless excess” and sellers In this discourse, essential talks will be examined for substantial information to exploit this develop security and protection innovation, while the rest of the exploration difficulties will be investigated.

Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals.

PubMed

Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung

2018-01-01

Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.

Fundamental finite key limits for one-way information reconciliation in quantum key distribution

NASA Astrophysics Data System (ADS)

Tomamichel, Marco; Martinez-Mateo, Jesus; Pacher, Christoph; Elkouss, David

2017-11-01

The security of quantum key distribution protocols is guaranteed by the laws of quantum mechanics. However, a precise analysis of the security properties requires tools from both classical cryptography and information theory. Here, we employ recent results in non-asymptotic classical information theory to show that one-way information reconciliation imposes fundamental limitations on the amount of secret key that can be extracted in the finite key regime. In particular, we find that an often used approximation for the information leakage during information reconciliation is not generally valid. We propose an improved approximation that takes into account finite key effects and numerically test it against codes for two probability distributions, that we call binary-binary and binary-Gaussian, that typically appear in quantum key distribution protocols.

Famine Early Warning Systems and Their Use of Satellite Remote Sensing Data

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Essam, Timothy; Leonard, Kenneth

2011-01-01

Famine early warning organizations have experience that has much to contribute to efforts to incorporate climate and weather information into economic and political systems. Food security crises are now caused almost exclusively by problems of food access, not absolute food availability, but the role of monitoring agricultural production both locally and globally remains central. The price of food important to the understanding of food security in any region, but it needs to be understood in the context of local production. Thus remote sensing is still at the center of much food security analysis, along with an examination of markets, trade and economic policies during food security analyses. Technology including satellite remote sensing, earth science models, databases of food production and yield, and modem telecommunication systems contributed to improved food production information. Here we present an econometric approach focused on bringing together satellite remote sensing and market analysis into food security assessment in the context of early warning.

Cryptanalysis and improvement of Yan et al.'s biometric-based authentication scheme for telecare medicine information systems.

PubMed

Mishra, Dheerendra; Mukhopadhyay, Sourav; Chaturvedi, Ankita; Kumari, Saru; Khan, Muhammad Khurram

2014-06-01

Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan's scheme and proposed an improved scheme to erase the drawbacks of Tan's scheme. We analyze Yan et al.'s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.'s scheme.

Secure Messaging in Electronic Health Records and Its Impact on Diabetes Clinical Outcomes: A Systematic Review.

PubMed

Kuo, Alyce; Dang, Stuti

2016-09-01

In 2009, President Barack Obama signed into law the Health Information Technology for Economic and Clinical Health (HITECH) Act, which aims for the universal adoption of electronic health records (EHRs) in primary care settings and "meaningful use" of this technology. The objectives of "meaningful use" are well defined and executed in stages; one of the objectives of stage 2, beginning in 2014, was implementation of a secure messaging system between patients and providers. Secure messaging has been shown to positively affect patients who struggle with managing chronic diseases on a day to day basis. This review aims to assess the clinical evidence supporting the use of secure messaging in EHRs in self-management of diabetes. A systematic search of PubMed was conducted, and 320 results were returned. Of these, 11 were selected based on outlined criteria. Evidence from 7 of the 11 included studies suggests significant improvement in patients' hemoglobin A1c (HbA1c) with the use of secure messaging. However, improvements in patients' secondary outcomes, such as blood pressure and cholesterol, were inconsistent. Further work must be done to determine how to best maximize the potential of available tools such as secure messaging and EHRs to improve patient outcomes.

Analysis of Security Protocols for Mobile Healthcare.

PubMed

Wazid, Mohammad; Zeadally, Sherali; Das, Ashok Kumar; Odelu, Vanga

2016-11-01

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient's health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009-2014.

PubMed

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G; Muhammed, Ado J G

2016-05-01

The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. © 2016 World Health Organization; licensee Oxford Journals.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009–2014

PubMed Central

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G.; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M.; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G.; Muhammed, Ado J. G.

2016-01-01

Background. The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. Methods. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Results. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. Conclusions. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. PMID:26655842

Smarter hospital communication: secure smartphone text messaging improves provider satisfaction and perception of efficacy, workflow.

PubMed

Przybylo, Jennifer A; Wang, Ange; Loftus, Pooja; Evans, Kambria H; Chu, Isabella; Shieh, Lisa

2014-09-01

Though current hospital paging systems are neither efficient (callbacks disrupt workflow), nor secure (pagers are not Health Insurance Portability and Accountability Act [HIPAA]-compliant), they are routinely used to communicate patient information. Smartphone-based text messaging is a potentially more convenient and efficient mobile alternative; however, commercial cellular networks are also not secure. To determine if augmenting one-way pagers with Medigram, a secure, HIPAA-compliant group messaging (HCGM) application for smartphones, could improve hospital team communication. Eight-week prospective, cluster-randomized, controlled trial Stanford Hospital Three inpatient medicine teams used the HCGM application in addition to paging, while two inpatient medicine teams used paging only for intra-team communication. Baseline and post-study surveys were collected from 22 control and 41 HCGM team members. When compared with paging, HCGM was rated significantly (P < 0.05) more effective in: (1) allowing users to communicate thoughts clearly (P = 0.010) and efficiently (P = 0.009) and (2) integrating into workflow during rounds (P = 0.018) and patient discharge (P = 0.012). Overall satisfaction with HCGM was significantly higher (P = 0.003). 85% of HCGM team respondents said they would recommend using an HCGM system on the wards. Smartphone-based, HIPAA-compliant group messaging applications improve provider perception of in-hospital communication, while providing the information security that paging and commercial cellular networks do not. © 2014 The Authors Journal of Hospital Medicine published by Wiley Periodicals, Inc. on behalf of Society of Hospital Medicine.

ADAPTmap: International coordinated data resource for improving goat production effiency

USDA-ARS?s Scientific Manuscript database

Goats provide vital food and economic security, particularly in developing countries. We created a database that is a nexus for all performance, type, geographic information system (GIS), production environment, and genome information on goats. This resource provides a platform for meta-analysis tha...

Secure scalable disaster electronic medical record and tracking system.

PubMed

Demers, Gerard; Kahn, Christopher; Johansson, Per; Buono, Colleen; Chipara, Octav; Griswold, William; Chan, Theodore

2013-10-01

Electronic medical records (EMRs) are considered superior in documentation of care for medical practice. Current disaster medical response involves paper tracking systems and radio communication for mass-casualty incidents (MCIs). These systems are prone to errors, may be compromised by local conditions, and are labor intensive. Communication infrastructure may be impacted, overwhelmed by call volume, or destroyed by the disaster, making self-contained and secure EMR response a critical capability. Report As the prehospital disaster EMR allows for more robust content including protected health information (PHI), security measures must be instituted to safeguard these data. The Wireless Internet Information System for medicAl Response in Disasters (WIISARD) Research Group developed a handheld, linked, wireless EMR system utilizing current technology platforms. Smart phones connected to radio frequency identification (RFID) readers may be utilized to efficiently track casualties resulting from the incident. Medical information may be transmitted on an encrypted network to fellow prehospital team members, medical dispatch, and receiving medical centers. This system has been field tested in a number of exercises with excellent results, and future iterations will incorporate robust security measures. A secure prehospital triage EMR improves documentation quality during disaster drills.

Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

2008-01-01

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with the goal of improved enterprise and business risk management. Economic uncertainty, intensively collaborative work styles, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation of a balanced approach. The Cyberspace Security Econometrics System (CSES) provides a measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder,more » CSES reflects the variance that may exist among the stakes one attaches to meeting each requirement. This paper summarizes the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural underpinnings.« less

A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth.

PubMed

Jiang, Qi; Lian, Xinxin; Yang, Chao; Ma, Jianfeng; Tian, Youliang; Yang, Yuanyuan

2016-11-01

Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.

Ensuring the security and availability of a hospital wireless LAN system.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-01-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. Herein we discuss security countermeasures that must be taken and issues concerning availability that must be considered to ensure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at a university hospital. Security countermeasures differ according to their purpose, such as preventing illegal use or ensuring availability, both of which are discussed. The main focus of the availability discussion is on signal reach, electromagnetic noise elimination, and maintaining power supply to the network apparatus. It is our hope that this information will assist others in their efforts to ensure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

An Improved Protocol for Controlled Deterministic Secure Quantum Communication Using Five-Qubit Entangled State

NASA Astrophysics Data System (ADS)

Kao, Shih-Hung; Lin, Jason; Tsai, Chia-Wei; Hwang, Tzonelih

2018-03-01

In early 2009, Xiu et al. (Opt. Commun. 282(2) 333-337 2009) presented a controlled deterministic secure quantum communication (CDSQC) protocol via a newly constructed five-qubit entangled quantum state. Later, Qin et al. (Opt. Commun. 282(13), 2656-2658 2009) pointed out two security loopholes in Xiu et al.'s protocol: (1) A correlation-elicitation (CE) attack can reveal the entire secret message; (2) A leakage of partial information for the receiver is noticed. Then, Xiu et al. (Opt. Commun. 283(2), 344-347 2010) presented a revised CDSQC protocol to remedy the CE attack problem. However, the information leakage problem still remains open. This work proposes a new CDSQC protocol using the same five-qubit entangled state which can work without the above mentioned security problems. Moreover, the Trojan Horse attacks can be automatically avoided without using detecting devices in the new CDSQC.

An Improved Protocol for Controlled Deterministic Secure Quantum Communication Using Five-Qubit Entangled State

NASA Astrophysics Data System (ADS)

Kao, Shih-Hung; Lin, Jason; Tsai, Chia-Wei; Hwang, Tzonelih

2018-06-01

In early 2009, Xiu et al. (Opt. Commun. 282(2) 333-337 2009) presented a controlled deterministic secure quantum communication (CDSQC) protocol via a newly constructed five-qubit entangled quantum state. Later, Qin et al. (Opt. Commun. 282(13), 2656-2658 2009) pointed out two security loopholes in Xiu et al.'s protocol: (1) A correlation-elicitation (CE) attack can reveal the entire secret message; (2) A leakage of partial information for the receiver is noticed. Then, Xiu et al. (Opt. Commun. 283(2), 344-347 2010) presented a revised CDSQC protocol to remedy the CE attack problem. However, the information leakage problem still remains open. This work proposes a new CDSQC protocol using the same five-qubit entangled state which can work without the above mentioned security problems. Moreover, the Trojan Horse attacks can be automatically avoided without using detecting devices in the new CDSQC.

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme

PubMed Central

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks. PMID:26866606

Legal issues concerning electronic health information: privacy, quality, and liability.

PubMed

Hodge, J G; Gostin, L O; Jacobson, P D

1999-10-20

Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections.

Common Criteria Related Security Design Patterns—Validation on the Intelligent Sensor Example Designed for Mine Environment

PubMed Central

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method. PMID:22399888

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

NASA Astrophysics Data System (ADS)

Romanov, Anton; Okamoto, Eiji

With the increasing demand for services provided by communication networks, quality and reliability of such services as well as confidentiality of data transfer are becoming ones of the highest concerns. At the same time, because of growing hacker's activities, quality of provided content and reliability of its continuous delivery strongly depend on integrity of data transmission and availability of communication infrastructure, thus on information security of a given IT landscape. But, the amount of resources allocated to provide information security (like security staff, technical countermeasures and etc.) must be reasonable from the economic point of view. This fact, in turn, leads to the need to employ a forecasting technique in order to make planning of IT budget and short-term planning of potential bottlenecks. In this paper we present an approach to make such a forecasting for a wide class of information security related incidents (ISRI) — unambiguously detectable ISRI. This approach is based on different auto regression models which are widely used in financial time series analysis but can not be directly applied to ISRI time series due to specifics related to information security. We investigate and address this specifics by proposing rules (special conditions) of collection and storage of ISRI time series, adherence to which improves forecasting in this subject field. We present an application of our approach to one type of unambiguously detectable ISRI — amount of spam messages which, if not mitigated properly, could create additional load on communication infrastructure and consume significant amounts of network capacity. Finally we evaluate our approach by simulation and actual measurement.

A secure EHR system based on hybrid clouds.

PubMed

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

Portfolio Management

NASA Technical Reports Server (NTRS)

Duncan, Sharon L.

2011-01-01

Enterprise Business Information Services Division (EBIS) supports the Laboratory and its functions through the implementation and support of business information systems on behalf of its business community. EBIS Five Strategic Focus Areas: (1) Improve project estimating, planning and delivery capability (2) Improve maintainability and sustainability of EBIS Application Portfolio (3) Leap forward in IT Leadership (4) Comprehensive Talent Management (5) Continuous IT Security Program. Portfolio Management is a strategy in which software applications are managed as assets

The impact of geographic information systems on emergency management decision making at the U.S. Department of Homeland Security

NASA Astrophysics Data System (ADS)

King, Steven Gray

Geographic information systems (GIS) reveal relationships and patterns from large quantities of diverse data in the form of maps and reports. The United States spends billions of dollars to use GIS to improve decisions made during responses to natural disasters and terrorist attacks, but precisely how GIS improves or impairs decision making is not known. This research examined how GIS affect decision making during natural disasters, and how GIS can be more effectively used to improve decision making for emergency management. Using a qualitative case study methodology, this research examined decision making at the U.S. Department of Homeland Security (DHS) during a large full-scale disaster exercise. This study indicates that GIS provided decision makers at DHS with an outstanding context for information that would otherwise be challenging to understand, especially through the integration of multiple data sources and dynamic three-dimensional interactive maps. Decision making was hampered by outdated information, a reliance on predictive models based on hypothetical data rather than actual event data, and a lack of understanding of the capabilities of GIS beyond cartography. Geospatial analysts, emergency managers, and other decision makers who use GIS should take specific steps to improve decision making based on GIS for disaster response and emergency management.

Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

PubMed Central

Richardson, Joshua E.; Ancker, Jessica S.

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

PubMed

Richardson, Joshua E; Ancker, Jessica S

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

NASA Technical Reports Server (NTRS)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto principle. Specifically, for all three datasets, from 86 to 88 the security related issues were located in two to four subsystems.- The severity levels of most security issues were moderate, in all three datasets.- Out of 21 primary security classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, these classes contributed from around 80 to 90 of all security issues in each dataset. This again proves the Pareto principle of uneven distribution of security issues, in this case across CWE classes, and supports the fact that addressing these dominant security classes provides the most cost efficient way to improve missions' security. The findings presented in this report uncovered the security vulnerability profiles and identified the common trends and dominant classes of security issues, which in turn can be used to select the most efficient secure design and coding best practices compiled by the part of the SARP project team associated with the NASA's Johnson Space Center. In addition, these findings provide valuable input to the NASA IVV initiative aimed at identification of the two 25 CWEs of ground and flight missions.

Agencies Should Assess Vulnerabilities and Improve Guidance for Protecting Export-Controlled Information at Companies

DTIC Science & Technology

2006-12-01

Supplement DOD Department of Defense DOL Department of Labor DTSA Defense Technology Security Administration EAR Export Administration Regulations...and outreach to companies on the export regulations. DOD: The Defense Technology Security Administration ( DTSA ) represents DOD on export control...and technologies, which DOD oversees. DTSA serves an advisory role in State’s and Commerce’s export license review processes and offers technical

The Transportation Security Administration’s Four Major Security Programs for Mass Transit--How They Can Be Improved to Address the Needs of Tier II Mass Transit Agencies

DTIC Science & Technology

2011-03-01

suggestions for reducing this burden, to Washington headquarters Services , Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway...56 2. U.S. Coast Guard (U.S.C.G)..............................................................56 3. U.S. Secret Service (USSS...57 4. Federal Protective Service (FPS)......................................................57 G

Gateway. Volume 13

DTIC Science & Technology

2003-01-01

Unclassified 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Hart, Sandra G ; Drury , Colin G ; Hancock, Peter A ; Szalma, James...interventions, thereby improving threat inspection and, ultimately, homeland security. n For more information please contact: Colin G. Drury , Ph.D. University...at Buffalo, SUNY Department of Industrial Engineering 342 Bell Hell Hall Buffalo, NY 14260 A Unified Model of Security Inspection Colin G. Drury

Analysis of health professional security behaviors in a real clinical setting: an empirical study.

PubMed

Fernández-Alemán, José Luis; Sánchez-Henarejos, Ana; Toval, Ambrosio; Sánchez-García, Ana Belén; Hernández-Hernández, Isabel; Fernandez-Luque, Luis

2015-06-01

The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=0.085, P=0.254). Age was weakly correlated with good security practices (Pearson's r=-0.169, P=0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (U=2536, P=0.792, n=178). The results of the study suggest that more efforts are required to improve security education for health personnel. It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-02

... agenda is expected to include the following items: --Cybersecurity Executive Order 13636, Improving Critical Infrastructure Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity... Cybersecurity (78 FR 13024, February 26, 2013); Notice of Inquiry (NOI)--Incentives to Adopt Improved...

Privacy, confidentiality, and electronic medical records.

PubMed Central

Barrows, R C; Clayton, P D

1996-01-01

The enhanced availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care, yet it brings a concomitant concern of greater risk for loss of privacy among health care participants. The authors review the conflicting goals of accessibility and security for electronic medical records and discuss nontechnical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. PMID:8653450

National Institute of Justice (NIJ): improving the effectiveness of law enforcement via homeland security technology improvements (Keynote Address)

NASA Astrophysics Data System (ADS)

Morgan, John S.

2005-05-01

Law enforcement agencies play a key role in protecting the nation from and responding to terrorist attacks. Preventing terrorism and promoting the nation"s security is the Department of Justice"s number one strategic priority. This is reflected in its technology development efforts, as well as its operational focus. The National Institute of Justice (NIJ) is the national focal point for the research, development, test and evaluation of technology for law enforcement. In addition to its responsibilities in supporting day-to-day criminal justice needs in areas such as less lethal weapons and forensic science, NIJ also provides critical support for counter-terrorism capacity improvements in state and local law enforcement in several areas. The most important of these areas are bomb response, concealed weapons detection, communications and information technology, which together offer the greatest potential benefit with respect to improving the ability to law enforcement agencies to respond to all types of crime including terrorist acts. NIJ coordinates its activities with several other key federal partners, including the Department of Homeland Security"s Science and Technology Directorate, the Technical Support Working Group, and the Department of Defense.

Emergency Response Manual

NASA Technical Reports Server (NTRS)

Barnett, Traci M.

2004-01-01

Safety and security is very important at NASA. The Security Management and Safeguards Office goal is ensure safety and security for all NASA Lewis and Plum Brook Station visitors and workers. The office protects against theft, sabotage, malicious damage, espionage, and other threats or acts of violence. There are three types of security at NASA: physical, IT, and personnel. IT is concerned with sensitive and classified information and computers. Physical security includes the officers who check visitors and workers in and patrol the facility. Personnel security is concerned with background checks during hiring. During my internship, I met people from and gained knowledge about all three types of security. I primarily worked with Dr. Richard Soppet in physical security. During my experience with physical security, I observed and worked with many aspects of it. I attended various security meetings at both NASA Lewis and Plum Brook. The meetings were about homeland security and other improvements that will be made to both facilities. I also spent time with a locksmith. The locksmith makes copies of keys and unlocks doors for people who need them. I rode around in a security vehicle with an officer as he patrolled. I also observed the officer make a search of a visitor s vehicle. All visitors vehicles are searched upon entering NASA. I spent time and observed in the dispatch office. The officer answers calls and sends out officers when needed. The officer also monitors the security cameras. My primary task was completing an emergency response manual. This manual would assist local law enforcement and fire agencies in case of an emergency. The manual has pictures and descriptions of the buildings. It also contains the information about hazards inside of the buildings. This information will be very helpul to law enforcement so that when called upon during an emergency, they will not create an even bigger problem with collateral damage.

77 FR 74740 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-17

... burden, to (1) Office of Information and Regulatory Affairs, Office of Management and Budget, Attention... improve worldwide balance of payments statistics. Respondents are primarily the largest banks, securities...

Security Protection on Trust Delegated Data in Public Mobile Networks

NASA Astrophysics Data System (ADS)

Weerasinghe, Dasun; Rajarajan, Muttukrishnan; Rakocevic, Veselin

This paper provides detailed solutions for trust delegation and security protection for medical records in public mobile communication networks. The solutions presented in this paper enable the development of software for mobile devices that can be used by emergency medical units in urgent need of sensitive personal information about unconscious patients. In today's world, technical improvements in mobile communication systems mean that users can expect to have access to data at any time regardless of their location. This paper presents a token-based procedure for the data security at a mobile device and delegation of trust between a requesting mobile unit and secure medical data storage. The data security at the mobile device is enabled using identity based key generation methodology.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis workstation and our teleradiology network system can increase diagnostic speed, diagnostic accuracy and security improvement of medical information.

Fundamental quantitative security in quantum key generation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yuen, Horace P.

2010-12-15

We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographicmore » context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.« less

75 FR 21295 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-23

... Medicare Advantage Quality Improvement Project; Use: The Social Security Act, section 1852 e(1), (2) and (3)(a)(i), and CFR 42, 422.152 describe CMS' regulatory authority to require each Medicare Advantage...; Title of Information Collection: Medicare Prescription Drug Plan (PDP) and Medicare Advantage...

The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

PubMed

Pandya, Sheel M

2010-05-01

Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.

Living with nuclear weapons

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carnesale, A.; Doty, P.; Hoffmann, S.

1983-01-01

At Harvard President Derek Bok's request, six Harvard professors explain nuclear arms issues to help citizens understand all sides of the national security debates. The goal is to encourage public participation in policy formulation. The book emphasizes that escapism will not improve security; that idealistic plans to eliminate nuclear weapons are a form of escapism. Learning to live with nuclear weapons, they suggest, requires an understanding of the current nuclear predicament and the implications of alternative weapons and policy choices. After reviewing these matters, they emphasize that informed persons will continue to disagree, but that knowledge will improve understanding andmore » appreciation of their differences and improve the quality of policy debates. 54 references, 5 figures, 2 tables. (DCK)« less

Resident Use of Text Messaging for Patient Care: Ease of Use or Breach of Privacy?

PubMed

Prochaska, Micah T; Bird, Amber-Nicole; Chadaga, Amar; Arora, Vineet M

2015-11-26

Short message service (SMS) text messaging is an efficient form of communication and pervasive in health care, but may not securely protect patient information. It is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care. We sought to compare residents' preferences for SMS text messaging compared with other forms of in-hospital communication when considering security versus ease of use. This study was a cross-sectional multi-institutional survey of internal medicine residents. Residents ranked different communication modalities based on efficiency, ease of use, and security using a Likert scale. Communication options included telephone, email, hospital paging, and SMS text messaging. Respondents also reported whether they had received confidential patient identifiers through any of these modalities. SMS text messaging was preferred by 71.7% (94/131) of respondents because of its efficiency and by 79.8% (103/129) of respondents because of its ease of use. For security, 82.5% (104/126) of respondents preferred the hospital paging system, whereas only 20.6% (26/126) of respondents preferred SMS text messaging for secure communication. In all, 70.9% (93/131) of respondents reported having received patient identifiers (first and/or last name), 81.7% (107/131) reported receiving patient initials, and 50.4% (66/131) reported receiving a patient's medical record number through SMS text messages. Residents prefer in-hospital communication through SMS text messaging because of its ease of use and efficiency. Despite security concerns, the majority of residents reported receiving confidential patient information through SMS text messaging. For providers, it is possible that the benefits of improved in-hospital communication with SMS text messaging and the presumed improvement in the coordination and delivery of patient care outweigh security concerns they may have. The tension between the security and convenience of SMS text messaging may represent an educational opportunity to ensure the compliance of mobile technology in the health care setting.

The Design and Implementation of a Low Cost and High Security Smart Home System Based on Wi-Fi and SSL Technologies

NASA Astrophysics Data System (ADS)

Xu, Chong-Yao; Zheng, Xin; Xiong, Xiao-Ming

2017-02-01

With the development of Internet of Things (IoT) and the popularity of intelligent mobile terminals, smart home system has come into people’s vision. However, due to the high cost, complex installation and inconvenience, as well as network security issues, smart home system has not been popularized. In this paper, combined with Wi-Fi technology, Android system, cloud server and SSL security protocol, a new set of smart home system is designed, with low cost, easy operation, high security and stability. The system consists of Wi-Fi smart node (WSN), Android client and cloud server. In order to reduce system cost and complexity of the installation, each Wi-Fi transceiver, appliance control logic and data conversion in the WSN is setup by a single chip. In addition, all the data of the WSN can be uploaded to the server through the home router, without having to transit through the gateway. All the appliance status information and environmental information are preserved in the cloud server. Furthermore, to ensure the security of information, the Secure Sockets Layer (SSL) protocol is used in the WSN communication with the server. What’s more, to improve the comfort and simplify the operation, Android client is designed with room pattern to control home appliances more realistic, and more convenient.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Using RFID to Enhance Security in Off-Site Data Storage

PubMed Central

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638

Using RFID to enhance security in off-site data storage.

PubMed

Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.

Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals

PubMed Central

Kim, Yong-Woon; Cho, Namin

2018-01-01

Objectives Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. Methods We researched papers published on ‘의료정보’ and ‘medical information’ in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. Results It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. Conclusions We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems. PMID:29503754

SSA Disability: Other Programs May Provide Lessons for Improving Return-to-Work Efforts. Testimony before the Subcommittee on Social Security, Committee on Ways and Means, House of Representatives.

ERIC Educational Resources Information Center

Bovbjerg, Barbara D.

This report compares the Social Security Administration's Disability Insurance (DI) program and the practices of the private sector and other countries in helping people with severe disabilities return to work. Information was gathered in in-depth interviews and a review of policy documents and program data at three private sector disability…

The need for integration of drought monitoring tools for proactive food security management in sub-Saharan Africa

USGS Publications Warehouse

Tadesse, T.; Haile, M.; Senay, G.; Wardlow, B.D.; Knutson, C.L.

2008-01-01

Reducing the impact of drought and famine remains a challenge in sub-Saharan Africa despite ongoing drought relief assistance in recent decades. This is because drought and famine are primarily addressed through a crisis management approach when a disaster occurs, rather than stressing preparedness and risk management. Moreover, drought planning and food security efforts have been hampered by a lack of integrated drought monitoring tools, inadequate early warning systems (EWS), and insufficient information flow within and between levels of government in many sub-Saharan countries. The integration of existing drought monitoring tools for sub-Saharan Africa is essential for improving food security systems to reduce the impacts of drought and famine on society in this region. A proactive approach emphasizing integration requires the collective use of multiple tools, which can be used to detect trends in food availability and provide early indicators at local, national, and regional scales on the likely occurrence of food crises. In addition, improving the ability to monitor and disseminate critical drought-related information using available modern technologies (e.g., satellites, computers, and modern communication techniques) may help trigger timely and appropriate preventive responses and, ultimately, contribute to food security and sustainable development in sub-Saharan Africa. ?? 2008 United Nations.

Clinical audit of emergency unit before and after establishment of the emergency medicine department.

PubMed

Amini, Afshin; Dindoost, Payam; Moghimi, Mehrdad; Kariman, Hamid; Shahrami, Ali; Dolatabadi, Ali Arhami; Ali-Mohammadi, Hossein; Alavai-Moghaddam, Mostafa; Derakhshanfar, Hojjat; Hatamabadi, HamidReza; Heidari, Kamran; Alamdari, Shahram; Meibodi, Mohammad Kalantar; Shojaee, Majid; Foroozanfar, Mohammad Mehdi; Hashemi, Behrooz; Sabzeghaba, Anita; Kabir, Ali

2012-02-01

To assess the deficiencies and potential areas through a medical audit of the emergency departments, in six general hospitals affiliated to Shahid Beheshti University of Medical Sciences at Tehran, Iran, after preparing specific wards-based international standards. A checklist was completed for all hospitals which met our eligibility criteria mainly observation and interviews with head nurses and managers of the emergency medicine unit of the hospitals before (2003) and after (2008) the establishment of emergency departments there. Domains studied included staffing, education and continuing professional development (CPD), facility (design), equipment, ancillary services, medical records, manuals and references, research, administration, pre-hospital care, information systems, disaster planning, bench-marking and hospital accreditation. Education and CPD (p = 0.042), design and facility (p = 0.027), equipment (p = 0.028), and disaster (p = 0.026) had significantly improved after the establishment of emergency departments. Nearly all domains showed a positive change though it was non-significant in a few. In terms of observation, better improvement was seen in disaster, security, design, and research. According to the score for each domain compared to what it was in the earlier phase, better improvement was observed in hospital accreditation, information systems, security, disaster planning, and research. Security, disaster planning, research, design and facility had improved in hospitals that wave studied, while equipment, records, ancillary services, administration and bench-marking had the lowest improvement even after the establishment of emergency department, and, hence, needed specific attention.

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Emergency Information Improvement Act of 2013

THOMAS, 113th Congress

Sen. Begich, Mark [D-AK

2013-12-12

Senate - 12/12/2013 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Improving Information Exchange and Coordination amongst Homeland Security Organizations (Briefing Charts)

DTIC Science & Technology

2005-06-01

need for user-defined dashboard • automated monitoring of web data sources • task driven data aggregation and display Working toward automated processing of task, resource, and intelligence updates

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Regulation of health information processing in an outsourcing environment.

PubMed

2004-06-01

Policy makers must consider the work force, technology, cost, and legal implications of their legislative proposals. AHIMA, AAMT, CHIA, and MTIA urge lawmakers to craft regulatory solutions that enforce HIPAA and support advancements in modern health information processing practices that improve the quality and cost of healthcare. We also urge increased investment in health information work force development and implementation of new technologies to advance critical healthcare outcomes--timely, accurate, accessible, and secure information to support patient care. It is essential that state legislatures reinforce the importance of improving information processing solutions for healthcare and not take actions that will produce unintended and detrimental consequences.

Blockchain Technology: A Data Framework to Improve Validity, Trust, and Accountability of Information Exchange in Health Professions Education.

PubMed

Funk, Eric; Riddell, Jeff; Ankel, Felix; Cabrera, Daniel

2018-06-12

Health professions educators face multiple challenges, among them the need to adapt educational methods to new technologies. In the last decades multiple new digital platforms have appeared in the learning arena, including massive open online courses and social media-based education. The major critique of these novel methods is the lack of the ability to ascertain the origin, validity, and accountability of the knowledge that is created, shared, and acquired. Recently, a novel technology based on secured data storage and transmission, called blockchain, has emerged as a way to generate networks where validity, trust, and accountability can be created. Conceptually blockchain is an open, public, distributed, and secure digital registry where information transactions are secured and have a clear origin, explicit pathways, and concrete value. Health professions education based on the blockchain will potentially allow improved tracking of content and the individuals who create it, quantify educational impact on multiple generations of learners, and build a relative value of educational interventions. Furthermore, institutions adopting blockchain technology would be able to provide certification and credentialing of healthcare professionals with no intermediaries. There is potential for blockchain to significantly change the future of health professions education and radically transform how patients, professionals, educators, and learners interact around safe, valid, and accountable information.

Surveillance systems for intermodal transportation

NASA Astrophysics Data System (ADS)

Jakovlev, Sergej; Voznak, Miroslav; Andziulis, Arunas

2015-05-01

Intermodal container monitoring is considered a major security issue in many major logistic companies and countries worldwide. Current representation of the problem, we face today, originated in 2002, right after the 9/11 attacks. Then, a new worldwide Container Security Initiative (CSI, 2002) was considered that shaped the perception of the transportation operations. Now more than 80 larger ports all over the world contribute to its further development and integration into everyday transportation operations and improve the regulations for the developing regions. Although, these new improvements allow us to feel safer and secure, constant management of transportation operations has become a very difficult problem for conventional data analysis methods and information systems. The paper deals with a proposal of a whole new concept for the improvement of the Containers Security Initiative (CSI) by virtually connecting safety, security processes and systems. A conceptual middleware approach with deployable intelligent agent modules is proposed to be used with possible scenarios and a testbed is used to test the solution. Middleware examples are visually programmed using National Instruments LabView software packages and Wireless sensor network hardware modules. An experimental software is used to evaluate he solution. This research is a contribution to the intermodal transportation and is intended to be used as a means or the development of intelligent transport systems.

Retirement and health benefits for Mexican migrant workers returning from the United States

PubMed Central

Aguila, Emma; Zissimopoulos, Julie

2013-01-01

In the absence of a bilateral agreement for the portability and totalization of social security contributions between the United States and Mexico, this article examines the access to pension and health insurance benefits and employment status of older Mexican return migrants. We find that return migrants who have spent less than a year in the United States have a similar level of access to social security benefits as non-migrants. Return migrants who have spent at least a year in the United States are less likely to have public health insurance or social security benefits, and could be more vulnerable to poverty in old age. These results inform the debate on a bilateral social security agreement between the United States and Mexico to improve return migrants’ social security. PMID:23750049

"BioONT": Improving Knowledge Organization and Representation in the Domain of Biometric Authentication

ERIC Educational Resources Information Center

Buerle, Stephen

2017-01-01

This dissertation explores some of the fundamental challenges facing the information assurance community as it relates to knowledge categorization, organization and representation within the field of information security and more specifically within the domain of biometric authentication. A primary objective of this research is the development of…

77 FR 26013 - Request for Information on Guidance for the Specification of a Secure, Online Reporting System...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-02

... Ave. SW., Washington, DC 20201. Attention: HIV Open Data Project. FOR FURTHER INFORMATION CONTACT... Open Government Directive,\\2\\ which seeks to improve access to government data in a manner that... advances the DHHS Open Government Plan. The HIV Open Data Project envisioned might offer several benefits...

75 FR 28035 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-19

..., Parent Company or Corporate Company, Name of Company Point of Contact (POC) for E-Verify Usage, POC Phone... information about user system usage. The information collected specifically on users includes: Name (last... improvement efforts and system enhancement planning, which may include conducting surveys, user interviews...

Security and Privacy Notices | NREL

Science.gov Websites

collect no personal information about you when you visit an NREL website, unless otherwise stated, unless the support staff to this home page, except when required by law enforcement investigation, and is use this information to improve our service to you or to respond to your request. There are times when

An improved authenticated key agreement protocol for telecare medicine information system.

PubMed

Liu, Wenhao; Xie, Qi; Wang, Shengbao; Hu, Bin

2016-01-01

In telecare medicine information systems (TMIS), identity authentication of patients plays an important role and has been widely studied in the research field. Generally, it is realized by an authenticated key agreement protocol, and many such protocols were proposed in the literature. Recently, Zhang et al. pointed out that Islam et al.'s protocol suffers from the following security weaknesses: (1) Any legal but malicious patient can reveal other user's identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if the patient's identity is compromised. Zhang et al. also proposed an improved authenticated key agreement scheme with privacy protection for TMIS. However, in this paper, we point out that Zhang et al.'s scheme cannot resist off-line password guessing attack, and it fails to provide the revocation of lost/stolen smartcard. In order to overcome these weaknesses, we propose an improved protocol, the security and authentication of which can be proven using applied pi calculus based formal verification tool ProVerif.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

A security proof of the round-robin differential phase shift quantum key distribution protocol based on the signal disturbance

NASA Astrophysics Data System (ADS)

Sasaki, Toshihiko; Koashi, Masato

2017-06-01

The round-robin differential phase shift (RRDPS) quantum key distribution (QKD) protocol is a unique QKD protocol whose security has not been understood through an information-disturbance trade-off relation, and a sufficient amount of privacy amplification was given independently of signal disturbance. Here, we discuss the security of the RRDPS protocol in the asymptotic regime when a good estimate of the bit error rate is available as a measure of signal disturbance. The uniqueness of the RRDPS protocol shows up as a peculiar form of information-disturbance trade-off curve. When the length of a block of pulses used for encoding and the signal disturbance are both small, it provides a significantly better key rate than that from the original security proof. On the other hand, when the block length is large, the use of the signal disturbance makes little improvement in the key rate. Our analysis will bridge a gap between the RRDPS protocol and the conventional QKD protocols.

Intelligent community management system based on the devicenet fieldbus

NASA Astrophysics Data System (ADS)

Wang, Yulan; Wang, Jianxiong; Liu, Jiwen

2013-03-01

With the rapid development of the national economy and the improvement of people's living standards, people are making higher demands on the living environment. And the estate management content, management efficiency and service quality have been higher required. This paper in-depth analyzes about the intelligent community of the structure and composition. According to the users' requirements and related specifications, it achieves the district management systems, which includes Basic Information Management: the management level of housing, household information management, administrator-level management, password management, etc. Service Management: standard property costs, property charges collecting, the history of arrears and other property expenses. Security Management: household gas, water, electricity and security and other security management, security management district and other public places. Systems Management: backup database, restore database, log management. This article also carries out on the Intelligent Community System analysis, proposes an architecture which is based on B / S technology system. And it has achieved a global network device management with friendly, easy to use, unified human - machine interface.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

The DISAM Journal of International Security Assistance Management. Volume 25, Number 3, Spring 2003

DTIC Science & Technology

2003-01-01

rights impact in Latin America (El Salvador, Guatemala, and Nicaragua). The focus is on research derived from secondary sources and student surveys...E. Berdahl, Information Systems, Incorporated, “ Impact of Foreign Military Sales Case Payment Schedule Improvements on Defense Security Assistance...specialists functioned as it was intended. Ashline’s story, recently reported in the New York Daily News, illustrates the impact that DCMA has on the

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

The old age health security in rural China: where to go?

PubMed

Dai, Baozhen

2015-11-04

The huge number of rural elders and the deepening health problems (e.g. growing threats of infectious diseases and chronic diseases etc.) place enormous pressure on old age health security in rural China. This study aims to provide information for policy-makers to develop effective measures for promoting rural elders' health care service access by examining the current developments and challenges confronted by the old age health security in rural China. Search resources are electronic databases, web pages of the National Bureau of Statistics of China and the National Health and Family Planning Commission of China on the internet, China Population and Employment Statistics Yearbook, China Civil Affairs' Statistical Yearbook and China Health Statistics Yearbooks etc. Articles were identified from Elsevier, Wiley, EBSCO, EMBASE, PubMed, SCI Expanded, ProQuest, and National Knowledge Infrastructure of China (CNKI) which is the most informative database in Chinese. Search terms were "rural", "China", "health security", "cooperative medical scheme", "social medical assistance", "medical insurance" or "community based medical insurance", "old", or "elder", "elderly", or "aged", "aging". Google scholar was searched with the same combination of keywords. The results showed that old age health security in rural China had expanded to all rural elders and substantially improved health care service utilization among rural elders. Increasing chronic disease prevalence rates, pressing public health issues, inefficient rural health care service provision system and lack of sufficient financing challenged the old age health security in rural China. Increasing funds from the central and regional governments for old age health security in rural China will contribute to reducing urban-rural disparities in provision of old age health security and increasing health equity among rural elders between different regions. Meanwhile, initiating provider payment reform may contribute to improving the efficiency of rural health care service provision system and promoting health care service access among rural elders.

New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

PubMed Central

Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

2009-01-01

The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

A secure and efficiently searchable health information architecture.

PubMed

Yasnoff, William A

2016-06-01

Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person's record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed. Copyright © 2016 Elsevier Inc. All rights reserved.

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.

PubMed

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

PubMed Central

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. PMID:22899887

Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation

PubMed Central

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains. PMID:22164064

Common criteria related security design patterns for intelligent sensors--knowledge engineering-based implementation.

PubMed

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains.

Design of the national health security preparedness index.

PubMed

Uzun Jacobson, Evin; Inglesby, Tom; Khan, Ali S; Rajotte, James C; Burhans, Robert L; Slemp, Catherine C; Links, Jonathan M

2014-01-01

The importance of health security in the United States has been highlighted by recent emergencies such as the H1N1 influenza pandemic, Superstorm Sandy, and the Boston Marathon bombing. The nation's health security remains a high priority today, with federal, state, territorial, tribal, and local governments, as well as nongovernment organizations and the private sector, engaging in activities that prevent, protect, mitigate, respond to, and recover from health threats. The Association of State and Territorial Health Officials (ASTHO), through a cooperative agreement with the Centers for Disease Control and Prevention (CDC) Office of Public Health Preparedness and Response (OPHPR), led an effort to create an annual measure of health security preparedness at the national level. The collaborative released the National Health Security Preparedness Index (NHSPI(™)) in December 2013 and provided composite results for the 50 states and for the nation as a whole. The Index results represent current levels of health security preparedness in a consistent format and provide actionable information to drive decision making for continuous improvement of the nation's health security. The overall 2013 National Index result was 7.2 on the reported base-10 scale, with areas of greater strength in the domains of health surveillance, incident and information management, and countermeasure management. The strength of the Index relies on the interdependencies of the many elements in health security preparedness, making the sum greater than its parts. Moving forward, additional health security-related disciplines and measures will be included alongside continued validation efforts.

Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

PubMed

Wu, Fan; Xu, Lili

2013-08-01

Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

PubMed

Mishra, Raghavendra; Barnwal, Amit Kumar

2015-05-01

The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

Persistent maritime traffic monitoring for the Canadian Arctic

NASA Astrophysics Data System (ADS)

Ulmke, M.; Battistello, G.; Biermann, J.; Mohrdieck, C.; Pelot, R.; Koch, W.

2017-05-01

This paper presents results of the Canadian-German research project PASSAGES (Protection and Advanced Surveillance System for the Arctic: Green, Efficient, Secure)1 on an advanced surveillance system for safety and security of maritime operations in Arctic areas. The motivation for a surveillance system of the Northwest Passage is the projected growth of maritime traffic along Arctic sea routes and the need for securing Canada's sovereignty by controlling its arctic waters as well as for protecting the safety of international shipping and the intactness of the arctic marine environment. To ensure border security and to detect and prevent illegal activities it is necessary to develop a system for surveillance and reconnaissance that brings together all related means, assets, organizations, processes and structures to build one homogeneous and integrated system. The harsh arctic conditions require a new surveillance concept that fuses heterogeneous sensor data, contextual information, and available pre-processed surveillance data and combines all components to efficiently extract and provide the maximum available amount of information. The fusion of all these heterogeneous data and information will provide improved and comprehensive situation awareness for risk assessment and decision support of different stakeholder groups as governmental authorities, commercial users and Northern communities.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

Enhancement of A5/1 encryption algorithm

NASA Astrophysics Data System (ADS)

Thomas, Ria Elin; Chandhiny, G.; Sharma, Katyayani; Santhi, H.; Gayathri, P.

2017-11-01

Mobiles have become an integral part of today’s world. Various standards have been proposed for the mobile communication, one of them being GSM. With the rising increase of mobile-based crimes, it is necessary to improve the security of the information passed in the form of voice or data. GSM uses A5/1 for its encryption. It is known that various attacks have been implemented, exploiting the vulnerabilities present within the A5/1 algorithm. Thus, in this paper, we proceed to look at what these vulnerabilities are, and propose the enhanced A5/1 (E-A5/1) where, we try to improve the security provided by the A5/1 algorithm by XORing the key stream generated with a pseudo random number, without increasing the time complexity. We need to study what the vulnerabilities of the base algorithm (A5/1) is, and try to improve upon its security. This will help in the future releases of the A5 family of algorithms.

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

PubMed Central

Lee, Tian-Fu; Wang, Zeng-Bo

2017-01-01

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions. PMID:29207509

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

PubMed Central

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. PMID:28052843

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

Mobile agent application and integration in electronic anamnesis system.

PubMed

Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

2012-06-01

Electronic anamnesis is to transform ordinary paper trails to digitally formatted health records, which include the patient's general information, health status, and follow-ups on chronic diseases. Its main purpose is to let the records could be stored for a longer period of time and could be shared easily across departments and hospitals. Which means hospital management could use less resource on maintaining ever-growing database and reduce redundancy, so less money would be spent for managing the health records. In the foreseeable future, building up a comprehensive and integrated medical information system is a must, because it is critical to hospital resource integration and quality improvement. If mobile agent technology is adopted in the electronic anamnesis system, it would help the hospitals to make the medical practices more efficiently and conveniently. Nonetheless, most of the hospitals today are still using paper-based health records to manage the medical information. The reason why the institutions continue using traditional practices to manage the records is because there is no well-trusted and reliable electronic anamnesis system existing and accepted by both institutions and patients. The threat of privacy invasion is one of the biggest concerns when the topic of electronic anamnesis is brought up, because the security threats drag us back from using such a system. So, the medical service quality is difficult to be improved substantially. In this case, we have come up a theory to remove such security threats and make electronic anamnesis more appealing for use. Our theory is to integrate the mobile agent technology with the backbone of electronic anamnesis to construct a hierarchical access control system to retrieve the corresponding information based upon the permission classes. The system would create a classification for permission among the users inside the medical institution. Under this framework, permission control center would distribute an access key to each user, so they would only allow using the key to access information correspondingly. In order to verify the reliability of the proposed system framework, we have also conducted a security analysis to list all the possible security threats that may harm the system and to prove the system is reliable and safe. If the system is adopted, the doctors would be able to quickly access the information while performing medical examinations. Hence, the efficiency and quality of healthcare service would be greatly improved.

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

PubMed

Das, Ashok Kumar

2015-03-01

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

On the security of a dynamic ID-based authentication scheme for telecare medical information systems.

PubMed

Lin, Han-Yu

2013-04-01

Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients' electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.

Florida public transportation anti-terrorism resource guide

DOT National Transportation Integrated Search

2001-10-01

The Center for Urban Transportation (CUTR) at the University of South Florida (USF) assembled this guide to provide public transit agencies in Florida with information on current resources available to assist them with improving system security and g...

Border Security Information Improvement Act of 2012

THOMAS, 112th Congress

Rep. Canseco, Francisco "Quico" [R-TX-23

2012-09-10

Senate - 09/20/2012 Received in the Senate and Read twice and referred to the Committee on the Judiciary. (All Actions) Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

CMMI(Registered) for Development, Version 1.3

DTIC Science & Technology

2010-11-01

ISO /IEC 15288:2008 Systems and Software Engineering – System Life Cycle Processes [ ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security...IEC 2005 International Organization for Standardization and International Electrotechnical Commission. ISO /IEC 27001 Information Technology...International Electrotechnical Commission ( ISO /IEC) body of standards. CMMs focus on improving processes in an organization. They contain the

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

National Marrow Donor Program

DTIC Science & Technology

2008-08-05

Research in HLA Typing, Hematopoietic Stem Cell Transplantation and Clinical Studies to Improve Outcomes 16. SECURITY CLASSIFICATION OF: 19a. NAME...new action item was added to Workflow Management screen for the SCTOD ( Stem Cell Therapeutic Outcomes Data) Data Form. The information will be passed...Improvement Amendment NRP National Response Plan CME Continuing Medical Education NST Non-myeloablative Allogeneic Stem Cell Transplantation COG

Securing the Next Ripple in Information Security: The Defense Industrial Base (DIB)

DTIC Science & Technology

2012-06-14

Cybersecurity model for the DIB needs to be more preventative rather than responsive and a model should stress continuous improvement. In a 2012 data breach investigation...of what they do, but most become a target because of what they do (or don’t do)”, in the 2011 Data Breach Investigations Report. Therefore the...txt Verizon Risk Team (2012). Data Breach Investigations Report. Verizon Business, March 2012. http://www.verizonbusiness.com/resources

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Efficient quantum dialogue without information leakage

NASA Astrophysics Data System (ADS)

Yin, Ai-Han; Tang, Zhi-Hui; Chen, Dong

2015-02-01

A two-step quantum dialogue scheme is put forward with a class of three-qubit W state and quantum dense coding. Each W state can carry three bits of secret information and the measurement result is encrypted without information leakage. Furthermore, we utilize the entangle properties of W state and decoy photon checking technique to realize three-time channel detection, which can improve the efficiency and security of the scheme.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

Time Pattern Locking Scheme for Secure Multimedia Contents in Human-Centric Device

PubMed Central

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties. PMID:25202737

Time pattern locking scheme for secure multimedia contents in human-centric device.

PubMed

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties.

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

2009-01-01

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES) that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. Formore » a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.« less

Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T

2014-01-01

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. The Cyberspace Security Econometrics System (CSES) provides a measure (i.e., a quantitative indication) of reliability, performance, and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder, CSESmore » accounts for the variance that may exist among the stakes one attaches to meeting each requirement. The basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings contained in this copyright.« less

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

75 FR 59278 - Homeland Security Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-27

... information among TSA and federal and local law enforcement agencies concerning transportation infrastructure... about the potential capabilities and vulnerabilities identified in a cyber exercise and discuss... Operational Improvements. Lessons Learned from the cyber exercise. Basis for Closure: In accordance with...

CERT Resilience Management Model, Version 1.0

DTIC Science & Technology

2010-05-01

practice such as ISO 27000 , COBIT, or ITIL. If you are a member of an established process improvement community, particularly one centered on CMMI...Systems Audit and Control Association ISO International Organization for Standardization ISSA Information Systems Security Association IT

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

PubMed Central

2018-01-01

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes. PMID:29518023

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes.

PubMed

Ali, Bako; Awad, Ali Ismail

2018-03-08

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or "things" to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

The double-edged sword of electronic health records: implications for patient disclosure.

PubMed

Campos-Castillo, Celeste; Anthony, Denise L

2015-04-01

Electronic health record (EHR) systems are linked to improvements in quality of care, yet also privacy and security risks. Results from research studies are mixed about whether patients withhold personal information from their providers to protect against the perceived EHR privacy and security risks. This study seeks to reconcile the mixed findings by focusing on whether accounting for patients' global ratings of care reveals a relationship between EHR provider-use and patient non-disclosure. A nationally representative sample from the 2012 Health Information National Trends Survey was analyzed using bivariate and multivariable logit regressions to examine whether global ratings of care suppress the relationship between EHR provider-use and patient non-disclosure. 13% of respondents reported having ever withheld information from a provider because of privacy/security concerns. Bivariate analysis showed that withholding information was unrelated to whether respondents' providers used an EHR. Multivariable analysis showed that accounting for respondents' global ratings of care revealed a positive relationship between having a provider who uses an EHR and withholding information. After accounting for global ratings of care, findings suggest that patients may non-disclose to providers to protect against the perceived EHR privacy and security risks. Despite evidence that EHRs inhibit patient disclosure, their advantages for promoting quality of care may outweigh the drawbacks. Clinicians should leverage the EHR's value in quality of care and discuss patients' privacy concerns during clinic visits, while policy makers should consider how to address the real and perceived privacy and security risks of EHRs. © The Author 2014. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

Responsiveness of Food Security Reporting to Environmental Variability and Agricultural Production Deficits

NASA Astrophysics Data System (ADS)

Brickley, E. B.; Brown, M. E.

2010-12-01

This paper uses 1342 food security update reports from the US Agency for International Development (USAID)’s Famine Early Warning System Network (FEWS NET) in an analysis that focuses on the environmental, market, and livelihood influences on the food security in 17 countries in Africa from 2000-2009. A textual analysis was conducted using the reports as a primary data source to evaluate the responsiveness of food security analysis to environmental variability and food production deficits. The research shows that FEWS NET analysts demonstrate a consistent approach across all 17 countries as to the discussion and use of rainfall information, agricultural production, food prices and food access parameters. There are significant differences in the use of remote sensing and other technical information between East, West and Southern African country analysts, with satellite remote sensing of vegetation being used 28% of the time, rainfall imagery 84% and gridded crop models only 10% of the time. Significantly more discussion of biophysical information was seen during the rainy season than during the dry season, and different satellite products were used during periods of drought than periods of adequate moisture. As the demand for early warning information grows to more countries in different ecosystems, there is likely to be an increased need for the effective utilization of remote sensing, market, and livelihood data, and it is also probable that this information will be critical for improved policy-making regarding climate extremes in the future.

Access control and confidentiality in radiology

NASA Astrophysics Data System (ADS)

Noumeir, Rita; Chafik, Adil

2005-04-01

A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care.

PubMed

Xie, Qi; Liu, Wenhao; Wang, Shengbao; Han, Lidong; Hu, Bin; Wu, Ting

2014-09-01

Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

Health Information Exchange: What do patients want?

PubMed

Medford-Davis, Laura N; Chang, Lawrence; Rhodes, Karin V

2017-12-01

To determine whether emergency department patients want to share their medical records across health systems through Health Information Exchange and if so, whether they prefer to sign consent or share their records automatically, 982 adult patients presenting to an emergency department participated in a questionnaire-based interview. The majority (N = 906; 92.3%) were willing to share their data in a Health Information Exchange. Half (N = 490; 49.9%) reported routinely getting healthcare outside the system and 78.6 percent reported having records in other systems. Of those who were willing to share their data in a Health Information Exchange, 54.3 percent wanted to sign consent but 90 percent of those would waive consent in the case of an emergency. Privacy and security were primary concerns of patients not willing to participate in Health Information Exchange and preferring to sign consent. Improved privacy and security protections could increase participation, and findings support consideration of "break-the-glass" provider access to Health Information Exchange records in an emergent situation.

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster.

PubMed

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data.

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster

PubMed Central

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data. PMID:23569622

DOD Education Benefits: Further Actions Needed to Improve Oversight of Tuition Assistance Program. Testimony before the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, United States Senate. GAO-11-389T

ERIC Educational Resources Information Center

Scott, George A.

2011-01-01

This testimony discusses the Department of Defense's (DOD) oversight of its Military Tuition Assistance (TA) Program. In fiscal year 2010, the TA Program provided $531 million in tuition assistance to approximately 302,000 service members who elected to pursue off-duty postsecondary education. DOD offers these benefits to service members in order…

Privacy and Access Control for IHE-Based Systems

NASA Astrophysics Data System (ADS)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

Classified Information and Technical Libraries. Final Report. Army Technical Library Improvement Studies (ATLIS), Report No. 11.

ERIC Educational Resources Information Center

Luger, Herbert P.; Booser, Ronald J.

A survey of the literature in the last ten years and interviews with library and security personnel indicated: (1)the problems of handling classified information in libraries have been scanted; (2) there is wide divergence in policies and practices of disseminating such materials; (3)interlibrary cooperation with respect to classified holdings is…

Activities report of PTT Research

NASA Astrophysics Data System (ADS)

In the field of postal infrastructure research, activities were performed on postcode readers, radiolabels, and techniques of operations research and artificial intelligence. In the field of telecommunication, transportation, and information, research was made on multipurpose coding schemes, speech recognition, hypertext, a multimedia information server, security of electronic data interchange, document retrieval, improvement of the quality of user interfaces, domotics living support (techniques), and standardization of telecommunication prototcols. In the field of telecommunication infrastructure and provisions research, activities were performed on universal personal telecommunications, advanced broadband network technologies, coherent techniques, measurement of audio quality, near field facilities, local beam communication, local area networks, network security, coupling of broadband and narrowband integrated services digital networks, digital mapping, and standardization of protocols.

A Decomposition Method for Security Constrained Economic Dispatch of a Three-Layer Power System

NASA Astrophysics Data System (ADS)

Yang, Junfeng; Luo, Zhiqiang; Dong, Cheng; Lai, Xiaowen; Wang, Yang

2018-01-01

This paper proposes a new decomposition method for the security-constrained economic dispatch in a three-layer large-scale power system. The decomposition is realized using two main techniques. The first is to use Ward equivalencing-based network reduction to reduce the number of variables and constraints in the high-layer model without sacrificing accuracy. The second is to develop a price response function to exchange signal information between neighboring layers, which significantly improves the information exchange efficiency of each iteration and results in less iterations and less computational time. The case studies based on the duplicated RTS-79 system demonstrate the effectiveness and robustness of the proposed method.

Practical aspects of handling data protection and data security.

PubMed

Louwerse, C P

1991-01-01

Looking at practical applications of health care information systems, we must conclude that in the field of data protection there still is too large a gap between what is feasible and necessary on one hand, and what is achieved in actual realizations on the other. To illustrate this point, we sketch the actual data protection measures in a large hospital information system, and describe the effects of changes affecting the system, such as increasing use of personal computers, and growing intensity of use of the system. Trends in the development of new and additional systems are indicated, and a summary of possible weak points and gaps in the security is given, some suggestions for improvement are made.

Cyberspace Security Econometrics System (CSES)

DOE Office of Scientific and Technical Information (OSTI.GOV)

2012-07-27

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing complance pressures require careful consideration and adaption. The CSES provides a measure (i.e. a quantitative indication) of reliability, performance, and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. For a given stakeholder, CSES accounts for the variancemore » that may exist among the stakes one attaches to meeting each requirement.« less

Landscape ecological security assessment based on projection pursuit in Pearl River Delta.

PubMed

Gao, Yang; Wu, Zhifeng; Lou, Quansheng; Huang, Huamei; Cheng, Jiong; Chen, Zhangli

2012-04-01

Regional landscape ecological security is an important issue for ecological security, and has a great influence on national security and social sustainable development. The Pearl River Delta (PRD) in southern China has experienced rapid economic development and intensive human activities in recent years. This study, based on landscape analysis, provides a method to discover the alteration of character among different landscape types and to understand the landscape ecological security status. Based on remotely sensed products of the Landsat 5 TM images in 1990 and the Landsat 7 ETM+ images in 2005, landscape classification maps of nine cities in the PRD were compiled by implementing Remote Sensing and Geographic Information System technology. Several indices, including aggregation, crush index, landscape shape index, Shannon's diversity index, landscape fragile index, and landscape security adjacent index, were applied to analyze spatial-temporal characteristics of landscape patterns in the PRD. A landscape ecological security index based on these outcomes was calculated by projection pursuit using genetic algorithm. The landscape ecological security of nine cities in the PRD was thus evaluated. The main results of this research are listed as follows: (1) from 1990 to 2005, the aggregation index, crush index, landscape shape index, and Shannon's diversity index of nine cities changed little in the PRD, while the landscape fragile index and landscape security adjacent index changed obviously. The landscape fragile index of nine cities showed a decreasing trend; however, the landscape security adjacent index has been increasing; (2) from 1990 to 2005, landscape ecology of the cities of Zhuhai and Huizhou maintained a good security situation. However, there was a relatively low value of ecological security in the cities of Dongguan and Foshan. Except for Foshan and Guangzhou, whose landscape ecological security situation were slightly improved, the cities had reduced values in landscape ecological security, with the most decreased number 0.52 in Zhaoqing. Results of this study offer important information for regional eco-construction and natural resource exploitation.

Medical Devices Transition to Information Systems: Lessons Learned

PubMed Central

Charters, Kathleen G.

2012-01-01

Medical devices designed to network can share data with a Clinical Information System (CIS), making that data available within clinician workflow. Some lessons learned by transitioning anesthesia reporting and monitoring devices (ARMDs) on a local area network (LAN) to integration of anesthesia documentation within a CIS include the following categories: access, contracting, deployment, implementation, planning, security, support, training and workflow integration. Areas identified for improvement include: Vendor requirements for access reconciled with the organizations’ security policies and procedures. Include clauses supporting transition from stand-alone devices to information integrated into clinical workflow in the medical device procurement contract. Resolve deployment and implementation barriers that make the process less efficient and more costly. Include effective field communication and creative alternatives in planning. Build training on the baseline knowledge of trainees. Include effective help desk processes and metrics. Have a process for determining where problems originate when systems share information. PMID:24199054

77 FR 72673 - Critical Infrastructure Protection and Resilience Month, 2012

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-05

.... Cyber incidents can have devastating consequences on both physical and virtual infrastructure, which is... work within existing authorities to fortify our country against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between...

78 FR 16699 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Executive Order \\1\\ to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Cryptanalysis and Improvement of an Image Encryption Scheme Using Fourier Series

NASA Astrophysics Data System (ADS)

Ahmad, Musheer; Doja, M. N.; Beg, M. M. Sufyan

2017-12-01

This paper proposes cryptanalysis of an image encryption scheme reported in (Khan, J Vib Control 21(16):3450-3455, 2015). The encryption scheme synthesized nonlinear substitution-box using Fourier series to accomplish encryption of color images. Security investigation unveils that the scheme has inherent flaws which can be exploited by an attacker to reveal the plain-image information. We show that the encryption scheme is breakable under chosen-plaintext attack without owning secret key. The simulation analyses bring to notice that Khan's scheme is insecure for encryption of images during secure communication. Besides, an improved image encryption scheme is proposed which is backed up by better statistical results and performance.

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

NASA Astrophysics Data System (ADS)

Graham, Christopher J.

2012-05-01

Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

Stennis holds Information Technology Expo

NASA Image and Video Library

2010-06-16

Brian Wagner (l to r) with the U.S. Navy, Andrew Hiukenbein with NVision Solutions and Theresa Avoskey with the Naval Oceanographic Office at Stennis Space Center learn about the latest improvements in making flash drives secure during an Information Technology Expo held June 16. Various area companies visited Stennis during the day to offer exhibits for employees on a range of information technology topics. The theme of the daylong expo was 'The Road to Green IT Computing.'

Understanding food security issues in remote Western Australian Indigenous communities.

PubMed

Pollard, Christina M; Nyaradi, Anett; Lester, Matthew; Sauer, Kay

2014-08-01

Food insecurity in remote Western Australian (WA) Indigenous communities. This study explored remote community store managers' views on issues related to improving food security in order to inform health policy. A census of all remote WA Indigenous community store managers was conducted in 2010. Telephone interviews sought managers' perceptions of community food insecurity, problems with their store, and potential policy options for improving the supply, accessibility, affordability and consumption of nutritious foods. Descriptive analyses were conducted using SPSS for Windows version 17.0. Managers stated that freight costs and irregular deliveries contributed to high prices and a limited range of foods. Poor store infrastructure, compromised cold chain logistics, and commonly occurring power outages affected food quality. Half of the managers said there was hunger in their community because people did not have enough money to buy food. The role of nutritionists beyond a clinical and educational role was not understood. Food security interventions in remote communities need to take into consideration issues such as freight costs, transport and low demand for nutritious foods. Store managers provide important local knowledge regarding the development and implementation of food security interventions. SO WHAT? Agencies acting to address the issue of food insecurity in remote WA Indigenous communities should heed the advice of community store managers that high food prices, poor quality and limited availability are mainly due to transport inefficiencies and freight costs. Improving healthy food affordability in communities where high unemployment and low household income abound is fundamental to improving food security, yet presents a significant challenge.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

Study on the key technology of optical encryption based on compressive ghost imaging with double random-phase encoding

NASA Astrophysics Data System (ADS)

Zhang, Leihong; Pan, Zilan; Liang, Dong; Ma, Xiuhua; Zhang, Dawei

2015-12-01

An optical encryption method based on compressive ghost imaging (CGI) with double random-phase encoding (DRPE), named DRPE-CGI, is proposed. The information is first encrypted by the sender with DRPE, the DRPE-coded image is encrypted by the system of computational ghost imaging with a secret key. The key of N random-phase vectors is generated by the sender and will be shared with the receiver who is the authorized user. The receiver decrypts the DRPE-coded image with the key, with the aid of CGI and a compressive sensing technique, and then reconstructs the original information by the technique of DRPE-decoding. The experiments suggest that cryptanalysts cannot get any useful information about the original image even if they eavesdrop 60% of the key at a given time, so the security of DRPE-CGI is higher than that of the security of conventional ghost imaging. Furthermore, this method can reduce 40% of the information quantity compared with ghost imaging while the qualities of reconstructing the information are the same. It can also improve the quality of the reconstructed plaintext information compared with DRPE-GI with the same sampling times. This technique can be immediately applied to encryption and data storage with the advantages of high security, fast transmission, and high quality of reconstructed information.

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Potential impact of HITECH security regulations on medical imaging.

PubMed

Prior, Fred; Ingeholm, Mary Lou; Levine, Betty A; Tarbox, Lawrence

2009-01-01

Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act (ARRA) of 2009 [1] include a provision commonly referred to as the "Health Information Technology for Economic and Clinical Health Act" or "HITECH Act" that is intended to promote the electronic exchange of health information to improve the quality of health care. Subtitle D of the HITECH Act includes key amendments to strengthen the privacy and security regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The HITECH act also states that "the National Coordinator" must consult with the National Institute of Standards and Technology (NIST) in determining what standards are to be applied and enforced for compliance with HIPAA. This has led to speculation that NIST will recommend that the government impose the Federal Information Security Management Act (FISMA) [2], which was created by NIST for application within the federal government, as requirements to the public Electronic Health Records (EHR) community in the USA. In this paper we will describe potential impacts of FISMA on medical image sharing strategies such as teleradiology and outline how a strict application of FISMA or FISMA-based regulations could have significant negative impacts on information sharing between care providers.

Managing security and privacy concerns over data storage in healthcare research.

PubMed

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

The Promise of Information and Communication Technology in Healthcare: Extracting Value From the Chaos.

PubMed

Mamlin, Burke W; Tierney, William M

2016-01-01

Healthcare is an information business with expanding use of information and communication technologies (ICTs). Current ICT tools are immature, but a brighter future looms. We examine 7 areas of ICT in healthcare: electronic health records (EHRs), health information exchange (HIE), patient portals, telemedicine, social media, mobile devices and wearable sensors and monitors, and privacy and security. In each of these areas, we examine the current status and future promise, highlighting how each might reach its promise. Steps to better EHRs include a universal programming interface, universal patient identifiers, improved documentation and improved data analysis. HIEs require federal subsidies for sustainability and support from EHR vendors, targeting seamless sharing of EHR data. Patient portals must bring patients into the EHR with better design and training, greater provider engagement and leveraging HIEs. Telemedicine needs sustainable payment models, clear rules of engagement, quality measures and monitoring. Social media needs consensus on rules of engagement for providers, better data mining tools and approaches to counter disinformation. Mobile and wearable devices benefit from a universal programming interface, improved infrastructure, more rigorous research and integration with EHRs and HIEs. Laws for privacy and security need updating to match current technologies, and data stewards should share information on breaches and standardize best practices. ICT tools are evolving quickly in healthcare and require a rational and well-funded national agenda for development, use and assessment. Copyright © 2016 Southern Society for Clinical Investigation. Published by Elsevier Inc. All rights reserved.

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

Varying the valuating function and the presentable bank in computerized adaptive testing.

PubMed

Barrada, Juan Ramón; Abad, Francisco José; Olea, Julio

2011-05-01

In computerized adaptive testing, the most commonly used valuating function is the Fisher information function. When the goal is to keep item bank security at a maximum, the valuating function that seems most convenient is the matching criterion, valuating the distance between the estimated trait level and the point where the maximum of the information function is located. Recently, it has been proposed not to keep the same valuating function constant for all the items in the test. In this study we expand the idea of combining the matching criterion with the Fisher information function. We also manipulate the number of strata into which the bank is divided. We find that the manipulation of the number of items administered with each function makes it possible to move from the pole of high accuracy and low security to the opposite pole. It is possible to greatly improve item bank security with much fewer losses in accuracy by selecting several items with the matching criterion. In general, it seems more appropriate not to stratify the bank.

Coverage of the Test of Memory Malingering, Victoria Symptom Validity Test, and Word Memory Test on the Internet: is test security threatened?

PubMed

Bauer, Lyndsey; McCaffrey, Robert J

2006-01-01

In forensic neuropsychological settings, maintaining test security has become critically important, especially in regard to symptom validity tests (SVTs). Coaching, which can entail providing patients or litigants with information about the cognitive sequelae of head injury, or teaching them test-taking strategies to avoid detection of symptom dissimulation has been examined experimentally in many research studies. Emerging evidence supports that coaching strategies affect psychological and neuropsychological test performance to differing degrees depending on the coaching paradigm and the tests administered. The present study sought to examine Internet coverage of SVTs because it is potentially another source of coaching, or information that is readily available. Google searches were performed on the Test of Memory Malingering, the Victoria Symptom Validity Test, and the Word Memory Test. Results indicated that there is a variable amount of information available about each test that could threaten test security and validity should inappropriately interested parties find it. Steps that could be taken to improve this situation and limitations to this exploration are discussed.

Three Modes of Hydrogeophysical Investigation: Puzzles, Mysteries, and Conundrums

NASA Astrophysics Data System (ADS)

Ferre, P. A.

2011-12-01

In an article in the New Yorker in 2007, Malcolm Gladwell discussed the distinction that national security expert Gregory Treverton has made between puzzles and mysteries. Specifically, puzzles are problems that we understand and that will eventually be solved when we amass enough information. (Think crossword puzzles.) Mysteries are problems for which we have the necessary information, but it is often overwhelmed by irrelevant or misleading input. To solve a mystery, we require improved analysis. (Think find-a-word.) Gladwell goes on to explain that, in the national security realm, the Cold War was a puzzle while the current national security condition is a mystery. I will discuss the past, current, and future trajectories of hydrogeophysics in terms of puzzles and mysteries. I will also add a third class of problem: conundrums - those for which we lack sufficient information about their structure to know how to solve them. A conundrum is a mystery with an unexpected twist. I hope to make the case that the future growth of hydrogeophysics lies in our ability to address this more challenging and more interesting class of problem.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aldridge, Chris D.

Mobile biometric devices (MBDs) capable of both enrolling individuals in databases and performing identification checks of subjects in the field are seen as an important capability for military, law enforcement, and homeland security operations. The technology is advancing rapidly. The Department of Homeland Security Science and Technology Directorate through an Interagency Agreement with Sandia sponsored a series of pilot projects to obtain information for the first responder law enforcement community on further identification of requirements for mobile biometric device technology. Working with 62 different jurisdictions, including components of the Department of Homeland Security, Sandia delivered a series of reports onmore » user operation of state-of-the-art mobile biometric devices. These reports included feedback information on MBD usage in both operational and exercise scenarios. The findings and conclusions of the project address both the limitations and possibilities of MBD technology to improve operations. Evidence of these possibilities can be found in the adoption of this technology by many agencies today and the cooperation of several law enforcement agencies in both participating in the pilot efforts and sharing of information about their own experiences in efforts undertaken separately.« less

Comparison of consumers’ views on electronic data sharing for healthcare and research

PubMed Central

Joseph, Jill G; Ohno-Machado, Lucila

2015-01-01

New models of healthcare delivery such as accountable care organizations and patient-centered medical homes seek to improve quality, access, and cost. They rely on a robust, secure technology infrastructure provided by health information exchanges (HIEs) and distributed research networks and the willingness of patients to share their data. There are few large, in-depth studies of US consumers’ views on privacy, security, and consent in electronic data sharing for healthcare and research together. Objective This paper addresses this gap, reporting on a survey which asks about California consumers’ views of data sharing for healthcare and research together. Materials and Methods The survey conducted was a representative, random-digit dial telephone survey of 800 Californians, performed in Spanish and English. Results There is a great deal of concern that HIEs will worsen privacy (40.3%) and security (42.5%). Consumers are in favor of electronic data sharing but elements of transparency are important: individual control, who has access, and the purpose for use of data. Respondents were more likely to agree to share deidentified information for research than to share identified information for healthcare (76.2% vs 57.3%, p < .001). Discussion While consumers show willingness to share health information electronically, they value individual control and privacy. Responsiveness to these needs, rather than mere reliance on Health Insurance Portability and Accountability Act (HIPAA), may improve support of data networks. Conclusion Responsiveness to the public’s concerns regarding their health information is a pre-requisite for patient-centeredness. This is one of the first in-depth studies of attitudes about electronic data sharing that compares attitudes of the same individual towards healthcare and research. PMID:25829461

Performance analysis of AES-Blowfish hybrid algorithm for security of patient medical record data

NASA Astrophysics Data System (ADS)

Mahmud H, Amir; Angga W, Bayu; Tommy; Marwan E, Andi; Siregar, Rosyidah

2018-04-01

A file security is one method to protect data confidentiality, integrity and information security. Cryptography is one of techniques used to secure and guarantee data confidentiality by doing conversion to the plaintext (original message) to cipher text (hidden message) with two important processes, they are encrypt and decrypt. Some researchers proposed a hybrid method to improve data security. In this research we proposed hybrid method of AES-blowfish (BF) to secure the patient’s medical report data into the form PDF file that sources from database. Generation method of private and public key uses two ways of approach, those are RSA method f RSA and ECC. We will analyze impact of these two ways of approach for hybrid method at AES-blowfish based on time and Throughput. Based on testing results, BF method is faster than AES and AES-BF hybrid, however AES-BF hybrid is better for throughput compared with AES and BF is higher.

A Collaborative Secure Localization Algorithm Based on Trust Model in Underwater Wireless Sensor Networks

PubMed Central

Han, Guangjie; Liu, Li; Jiang, Jinfang; Shu, Lei; Rodrigues, Joel J.P.C.

2016-01-01

Localization is one of the hottest research topics in Underwater Wireless Sensor Networks (UWSNs), since many important applications of UWSNs, e.g., event sensing, target tracking and monitoring, require location information of sensor nodes. Nowadays, a large number of localization algorithms have been proposed for UWSNs. How to improve location accuracy are well studied. However, few of them take location reliability or security into consideration. In this paper, we propose a Collaborative Secure Localization algorithm based on Trust model (CSLT) for UWSNs to ensure location security. Based on the trust model, the secure localization process can be divided into the following five sub-processes: trust evaluation of anchor nodes, initial localization of unknown nodes, trust evaluation of reference nodes, selection of reference node, and secondary localization of unknown node. Simulation results demonstrate that the proposed CSLT algorithm performs better than the compared related works in terms of location security, average localization accuracy and localization ratio. PMID:26891300

New perspectives in ecosystem services science as instruments to understand environmental securities

PubMed Central

Villa, Ferdinando; Voigt, Brian; Erickson, Jon D.

2014-01-01

As societal demand for food, water and other life-sustaining resources grows, the science of ecosystem services (ES) is seen as a promising tool to improve our understanding, and ultimately the management, of increasingly uncertain supplies of critical goods provided or supported by natural ecosystems. This promise, however, is tempered by a relatively primitive understanding of the complex systems supporting ES, which as a result are often quantified as static resources rather than as the dynamic expression of human–natural systems. This article attempts to pinpoint the minimum level of detail that ES science needs to achieve in order to usefully inform the debate on environmental securities, and discusses both the state of the art and recent methodological developments in ES in this light. We briefly review the field of ES accounting methods and list some desiderata that we deem necessary, reachable and relevant to address environmental securities through an improved science of ES. We then discuss a methodological innovation that, while only addressing these needs partially, can improve our understanding of ES dynamics in data-scarce situations. The methodology is illustrated and discussed through an application related to water security in the semi-arid landscape of the Great Ruaha river of Tanzania. PMID:24535393

Secure quantum private information retrieval using phase-encoded queries

NASA Astrophysics Data System (ADS)

Olejnik, Lukasz

2011-08-01

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.100.230502 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

Secure quantum private information retrieval using phase-encoded queries

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olejnik, Lukasz

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offersmore » substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.« less

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

77 FR 75970 - Information Collection Activity; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-26

... (RUS) makes mortgage loans and loan guarantees to electric and telecommunications systems to provide and improve electric and telecommunications service in rural areas pursuant to the Rural... RUS borrowers are ordinarily mortgaged or pledged to the Federal Government as security for RUS loans...

78 FR 19277 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-29

... Obama signed an Executive Order to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

Public attitudes toward health information exchange: perceived benefits and concerns.

PubMed

Dimitropoulos, Linda; Patel, Vaishali; Scheffler, Scott A; Posnack, Steve

2011-12-01

To characterize consumers' attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits. A cross-sectional study. A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE. A majority of the 1847 respondents reported they were either "very" or "somewhat" concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data. Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Implantable electronics: emerging design issues and an ultra light-weight security solution.

PubMed

Narasimhan, Seetharam; Wang, Xinmu; Bhunia, Swarup

2010-01-01

Implantable systems that monitor biological signals require increasingly complex digital signal processing (DSP) electronics for real-time in-situ analysis and compression of the recorded signals. While it is well-known that such signal processing hardware needs to be implemented under tight area and power constraints, new design requirements emerge with their increasing complexity. Use of nanoscale technology shows tremendous benefits in implementing these advanced circuits due to dramatic improvement in integration density and power dissipation per operation. However, it also brings in new challenges such as reliability and large idle power (due to higher leakage current). Besides, programmability of the device as well as security of the recorded information are rapidly becoming major design considerations of such systems. In this paper, we analyze the emerging issues associated with the design of the DSP unit in an implantable system. Next, we propose a novel ultra light-weight solution to address the information security issue. Unlike the conventional information security approaches like data encryption, which come at large area and power overhead and hence are not amenable for resource-constrained implantable systems, we propose a multilevel key-based scrambling algorithm, which exploits the nature of the biological signal to effectively obfuscate it. Analysis of the proposed algorithm in the context of neural signal processing and its hardware implementation shows that we can achieve high level of security with ∼ 13X lower power and ∼ 5X lower area overhead than conventional cryptographic solutions.

Robust anonymous authentication scheme for telecare medical information systems.

PubMed

Xie, Qi; Zhang, Jun; Dong, Na

2013-04-01

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.'s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.'s scheme also has some weaknesses. In particular, Chen et al.'s scheme does not provide user's privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user's smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2014-09-01

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior.

PubMed

Walker, Daniel M; Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-04

As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. These findings suggest that consumers' beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. ©Daniel M Walker, Tyler Johnson, Eric W Ford, Timothy R Huerta. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 04.01.2017.

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

PubMed

Choi, Younsung; Lee, Youngsook; Moon, Jongho; Won, Dongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Provisioning in Agricultural Communities: Local, Regional and Global Cereal Prices and Local Production on Three Continents

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Tondel, Fabien; Essam, Timothy; Thorne, Jennifer A.; Mann, Bristol F.; Eilerts, Gary

2012-01-01

Monitoring and incorporating diverse market and staple food information into food price indices is critical for food price analyses. Satellite remote sensing data and earth science models have an important role to play in improving humanitarian aid timing, delivery and distribution. Incorporating environmental observations into econometric models will improve food security analysis and understanding of market functioning.

Networking and Information Technology Research and Development. Supplement to the President’s Budget for FY 2002

DTIC Science & Technology

2001-07-01

Web-based applications to improve health data systems and quality of care; innovative strategies for data collection in clinical settings; approaches...research to increase interoperability and integration of software in distributed systems ; protocols and tools for data annotation and management; and...Generation National Defense and National Security Systems .......................... 27 Improved Health Care Systems for All Citizens

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

Food security and nutritional outcomes among urban poor orphans in Nairobi, Kenya.

PubMed

Kimani-Murage, Elizabeth W; Holding, Penny A; Fotso, Jean-Christophe; Ezeh, Alex C; Madise, Nyovani J; Kahurani, Elizabeth N; Zulu, Eliya M

2011-06-01

The study examines the relationship between orphanhood status and nutritional status and food security among children living in the rapidly growing and uniquely vulnerable slum settlements in Nairobi, Kenya. The study was conducted between January and June 2007 among children aged 6-14 years, living in informal settlements of Nairobi, Kenya. Anthropometric measurements were taken using standard procedures and z scores generated using the NCHS/WHO reference. Data on food security were collected through separate interviews with children and their caregivers, and used to generate a composite food security score. Multiple regression analysis was done to determine factors related to vulnerability with regards to food security and nutritional outcomes. The results show that orphans were more vulnerable to food insecurity than non-orphans and that paternal orphans were the most vulnerable orphan group. However, these effects were not significant for nutritional status, which measures long-term food deficiencies. The results also show that the most vulnerable children are boys, those living in households with lowest socioeconomic status, with many dependants, and female-headed and headed by adults with low human capital (low education). This study provides useful insights to inform policies and practice to identify target groups and intervention programs to improve the welfare of orphans and vulnerable children living in urban poor communities.

A Secure Information Framework with APRQ Properties

NASA Astrophysics Data System (ADS)

Rupa, Ch.

2017-08-01

Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

77 FR 60607 - National Cybersecurity Awareness Month, 2012

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-04

... released the Blueprint for a Secure Cyber Future--a strategic plan to protect government, the private sector, and the public against cyber threats today and tomorrow. As we continue to improve our... infrastructure, facilitating greater cyber information sharing between government and the private sector, and...

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

Increasing clinical presence of mobile communication technology: avoiding the pitfalls.

PubMed

Visvanathan, Akila; Gibb, Alan P; Brady, Richard R W

2011-10-01

Mobile communication technologies are employed in many diverse areas of healthcare delivery to provide improved quality and efficiency of communication and facilitate increased rapidity of data or information transfer. Mobile phones enable healthcare professionals to possess a portable platform from which to provide many healthcare-related applications and are a popular means to directly communicate with colleagues and patients. As involvement of mobile communication technology in healthcare delivery continues to rapidly expand, there are also important considerations of relevance to patient safety and security as a result. Here, we review the previous evidence of reported clinical risks associated with mobile communication technology, such as electromagnetic interference, confidentiality and data security, distraction/noise, infection control, and cross contamination. In conclusion, although mobile phones provide much putative potential improvement to healthcare delivery, further evaluation and research are required to both inform and protect health professionals and users of such technology in the healthcare environment and provide the evidence base to support the provision of clear and comprehensive guidelines.

[Process and key points of clinical literature evaluation of post-marketing traditional Chinese medicine].

PubMed

Liu, Huan; Xie, Yanming

2011-10-01

The clinical literature evaluation of the post-marketing traditional Chinese medicine is a comprehensive evaluation by the comprehensive gain, analysis of the drug, literature of drug efficacy, safety, economy, based on the literature evidence and is part of the evaluation of evidence-based medicine. The literature evaluation in the post-marketing Chinese medicine clinical evaluation is in the foundation and the key position. Through the literature evaluation, it can fully grasp the information, grasp listed drug variety of traditional Chinese medicines second development orientation, make clear further clinical indications, perfect the medicines, etc. This paper discusses the main steps and emphasis of the clinical literature evaluation. Emphasizing security literature evaluation should attach importance to the security of a comprehensive collection drug information. Safety assessment should notice traditional Chinese medicine validity evaluation in improving syndrome, improveing the living quality of patients with special advantage. The economics literature evaluation should pay attention to reliability, sensitivity and practicability of the conclusion.

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

Patients’ Data Management System Protected by Identity-Based Authentication and Key Exchange

PubMed Central

Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti

2017-01-01

A secure and distributed framework for the management of patients’ information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients’ data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed. PMID:28362328

Patients' Data Management System Protected by Identity-Based Authentication and Key Exchange.

PubMed

Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti

2017-03-31

A secure and distributed framework for the management of patients' information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients' data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed.

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

The Chain-Link Fence Model: A Framework for Creating Security Procedures

ERIC Educational Resources Information Center

Houghton, Robert F.

2013-01-01

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

Changes in body weight and food security of adult North Korean refugees living in South Korea

PubMed Central

Jeong, HaYoung; Kim, Sin-Gon

2017-01-01

BACKGROUND/OBJECTIVES Relocation to new environments can have a negative impact on health by altering body weight and dietary patterns. This study attempted to elucidate changes in body weight, food security, and their current food and nutrient consumption in adult North Korean refugees (NKR) living in South Korea (SK). SUBJECTS/METHODS This study analyzed data on 149 adult NKR from a North Korean refugee health in SK cohort at four time points (leaving North Korea, entering SK, first examination, and second examination). Body weight was self-reported at the two earlier time points and directly measured at the two later time points. Food security, diet-related behaviors (dietary habits and food consumption), and sociodemographic information were obtained using a self-administered questionnaire. Nutrient intake information was obtained by one-day 24-hour recall. Statistical analyses were performed with SPSS ver 23.0. RESULTS Body weight increased during relocation by an average of 4 kg, although diversified patterns were observed during the settlement period in SK. Approximately 39.6% of subjects maintained their body weight between the first and second examinations, whereas 38.6% gained and 22.1% lost at least 3% of their body weight at the first examination by the second examination. Food security status improved from 12.1% food secure proportion to 61.7%. NKR showed generally good food and nutrient consumption (index of nutrient quality: 0.77–1.93). The body weight loss group showed the most irregular meal consumption pattern (P < 0.05), and eating-out was infrequent in all three groups. Consumption frequencies of food groups did not differ by group, except in the fish group (P = 0.036). CONCLUSION This study observed considerable body weight adjustment during the settlement period in SK after initial weight gain, whereas food security consistently improved. More detailed understanding of this process is needed to assist healthy settlement for NKR in SK. PMID:28765777

Changes in body weight and food security of adult North Korean refugees living in South Korea.

PubMed

Jeong, HaYoung; Lee, Soo-Kyung; Kim, Sin-Gon

2017-08-01

Relocation to new environments can have a negative impact on health by altering body weight and dietary patterns. This study attempted to elucidate changes in body weight, food security, and their current food and nutrient consumption in adult North Korean refugees (NKR) living in South Korea (SK). This study analyzed data on 149 adult NKR from a North Korean refugee health in SK cohort at four time points (leaving North Korea, entering SK, first examination, and second examination). Body weight was self-reported at the two earlier time points and directly measured at the two later time points. Food security, diet-related behaviors (dietary habits and food consumption), and sociodemographic information were obtained using a self-administered questionnaire. Nutrient intake information was obtained by one-day 24-hour recall. Statistical analyses were performed with SPSS ver 23.0. Body weight increased during relocation by an average of 4 kg, although diversified patterns were observed during the settlement period in SK. Approximately 39.6% of subjects maintained their body weight between the first and second examinations, whereas 38.6% gained and 22.1% lost at least 3% of their body weight at the first examination by the second examination. Food security status improved from 12.1% food secure proportion to 61.7%. NKR showed generally good food and nutrient consumption (index of nutrient quality: 0.77-1.93). The body weight loss group showed the most irregular meal consumption pattern ( P < 0.05), and eating-out was infrequent in all three groups. Consumption frequencies of food groups did not differ by group, except in the fish group ( P = 0.036). This study observed considerable body weight adjustment during the settlement period in SK after initial weight gain, whereas food security consistently improved. More detailed understanding of this process is needed to assist healthy settlement for NKR in SK.

Hacking and securing the AR.Drone 2.0 quadcopter: investigations for improving the security of a toy

NASA Astrophysics Data System (ADS)

Pleban, Johann-Sebastian; Band, Ricardo; Creutzburg, Reiner

2014-02-01

In this article we describe the security problems of the Parrot AR.Drone 2.0 quadcopter. Due to the fact that it is promoted as a toy with low acquisition costs, it may end up being used by many individuals which makes it a target for harmful attacks. In addition, the videostream of the drone could be of interest for a potential attacker due to its ability of revealing confidential information. Therefore, we will perform a security threat analysis on this particular drone. We will set the focus mainly on obvious security vulnerabilities like the unencrypted Wi-Fi connection or the user management of the GNU/Linux operating system which runs on the drone. We will show how the drone can be hacked in order to hijack the AR.Drone 2.0. Our aim is to sensitize the end-user of AR.Drones by describing the security vulnerabilities and to show how the AR.Drone 2.0 could be secured from unauthorized access. We will provide instructions to secure the drones Wi-Fi connection and its operation with the official Smartphone App and third party PC software.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

Improvements of cyberspace and effects to the battlefield

NASA Astrophysics Data System (ADS)

Gedıklı, Münir

2014-06-01

Wars previously being executed at land and sea have also become applicable in air and space due to the advancements of aircraft and satellite systems. Rapid improvements in information technologies have triggered the concept of cyberspace which is considered as the fifth dimension of war. While transferring information quickly from physical area to electronic/digital area, cyberspace has caused to emerge a lot of threats and methods like cyber-attack, cyber-crime, cyber war which are spreading too rapidly. Individuals, institutions and establishments have begun to take their own cyber security precautions to cope with these threats. This study gives information about the concepts and advances on cyberspace in order to raise comprehensive awareness. The study also focuses on the effects of these improvements in the battlefield, and analyzes them.

Agencies Need Improved Financial Data Reporting for Private Security Contractors

DTIC Science & Technology

2008-10-30

Source DoDa DoSb USAIDc Total 1 Multiple Funds Used for Contract $712.0 $1,443.3 $493.8 $2,649.1 2 Operations and Maintenance Account 1,150.1 0.0 0.0...display a currently valid OMB control number. 1 . REPORT DATE 30 OCT 2008 2 . REPORT TYPE 3. DATES COVERED 00-00-2008 to 00-00-2008 4. TITLE AND...routinely capturing financial information for all contracts and subcontracts for private security services, citing FAR 15.403- 1 (b)( 2 ) as prohibiting it

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

6 CFR 7.11 - Components' responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION Administration § 7.11 Components' responsibilities. Each DHS component shall appoint a security... security information; (b) Report violations of the provisions of this regulation to the Chief Security... component acquire adequate security education and training, as required by the DHS classified information...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 14 2013-01-01 2013-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 14 2014-01-01 2014-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 14 2011-01-01 2011-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 14 2012-01-01 2012-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Cyber indicators of compromise: a domain ontology for security information and event management

DTIC Science & Technology

2017-03-01

COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT by Marsha D. Rowell March 2017 Thesis Co-Advisors: J. D...to automate this work is Security Information and Event Management (SIEM). In short, SIEM technology works by aggregating log information , and then...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

49 CFR 1520.1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY... of records and information that TSA has determined to be Sensitive Security Information, as defined...

Testing Integrity Symposium: Issues and Recommendations for Best Practice

ERIC Educational Resources Information Center

National Center for Education Statistics, 2013

2013-01-01

Educators, parents, and the public depend on accurate, valid, reliable, and timely information about student academic performance. Testing irregularities--breaches of test security or improper administration of academic testing--undermine efforts to use those data to improve student achievement. Unfortunately, there have been high-profile and…

3 CFR 8910 - Proclamation 8910 of November 30, 2012. Critical Infrastructure Protection and Resilience Month...

Code of Federal Regulations, 2013 CFR

2013-01-01

... also its vulnerabilities to emerging threats. Cyber incidents can have devastating consequences on both... against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between government and the private sector, and protecting the privacy...

The prospective role of personal health records in streamlining and accelerating the disability determination process.

PubMed

Horan, Thomas A; Daniels, Susan M; Feldman, Sue S

2009-07-01

The disability community could benefit significantly from the widespread adoption of health information technology, in particular from its ability to streamline and accelerate processing of the estimated 3 million disability benefits applications filed with the Social Security Administration each year. Disability determination is an inefficient, largely paper-based process requiring large volumes of clinical data compiled from multiple provider sources. That, coupled with a lack of transparency within the process, adds unnecessary delays and expense. The objective of this paper is to outline the case for how personal health records, particularly those populated with information from provider-held electronic health records and payer claims data, offer a means to achieve financial savings from shortened disability determination processes, as well as a tool for disability health self-management and care coordination. Drawing from research and policy forums and testimony before the American Health Information Community, the importance of including the disability community as the nation moves forward with health information technology initiatives is explored. Our research suggests that systemwide improvements such as the Nationwide Health Information Network and other such health information technology initiatives could be used to bring benefits to the disability community. The time has come to use health information technology initiatives so that federal policy makers can takes steps to reduce the inefficiencies in the Social Security Administration disability determination process while improving the program's value to those who need it the most.

78 FR 19073 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-28

... individual custodians; end-investors providing security-by-security information will require an average of...; end-investors providing security-by-security information will require an average of 146 hours; and... keeping burdens on respondents, including the use of information technologies to automate the collection...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2013 CFR

2013-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2014 CFR

2014-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2011 CFR

2011-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2012 CFR

2012-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

46 CFR 503.58 - Appeals of denials of mandatory declassification review requests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PUBLIC INFORMATION Information Security Program § 503.58 Appeals of denials of mandatory declassification... Security Classification Appeals Panel. The appeal should be addressed to, Executive Secretary, Interagency Security Classification Appeals Panel, Attn: Classification Challenge Appeals, c/o Information Security...

78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

75 FR 45151 - National Security Division; Agency Information Collection Activities: Proposed Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0006] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

A Counter-IED Preparedness Methodology for Large Event Planning

DOE Office of Scientific and Technical Information (OSTI.GOV)

Payne, Patricia W; Koch, Daniel B

Since 2009, Oak Ridge National Laboratory (ORNL) has been involved in a project sponsored by the Department of Homeland Security Science and Technology Directorate aimed at improving preparedness against Improvised Explosive Devices (IED) at large sporting events. Led by the University of Southern Mississippi (USM) as part of the Southeast Region Research Initiative, the project partners have been developing tools and methodologies for use by security personnel and first responders at sports stadiums. ORNL s contribution has been to develop an automated process to gather and organize disparate data that is usually part of an organization s security plan. Themore » organized data informs a table-top exercise (TTX) conducted by USM using additional tools developed by them and their subcontractors. After participating in several pilot TTXs, patterns are beginning to emerge that would enable improvements to be formulated to increase the level of counter-IED preparedness. This paper focuses on the data collection and analysis process and shares insights gained to date.« less

Security scheme in IMDD-OFDM-PON system with the chaotic pilot interval and scrambling

NASA Astrophysics Data System (ADS)

Chen, Qianghua; Bi, Meihua; Fu, Xiaosong; Lu, Yang; Zeng, Ran; Yang, Guowei; Yang, Xuelin; Xiao, Shilin

2018-01-01

In this paper, a random chaotic pilot interval and permutations scheme without any requirement of redundant sideband information is firstly proposed for the physical layer security-enhanced intensity modulation direct detection orthogonal frequency division multiplexing passive optical network (IMDD-OFDM-PON) system. With the help of the position feature of inserting the pilot, a simple logistic chaos map is used to generate the random pilot interval and scramble the chaotic subcarrier allocation of each column pilot data for improving the physical layer confidentiality. Due to the dynamic chaotic permutations of pilot data, the enhanced key space of ∼103303 is achieved in OFDM-PON. Moreover, the transmission experiment of 10-Gb/s 16-QAM encrypted OFDM data is successfully demonstrated over 20-km single-mode fiber, which indicates that the proposed scheme not only improves the system security, but also can achieve the same performance as in the common IMDD-OFDM-PON system without encryption scheme.

6 CFR 7.21 - Classification of information, limitations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Classification of information, limitations. 7.21... NATIONAL SECURITY INFORMATION Classified Information § 7.21 Classification of information, limitations. (a... protection in the interest of national security. (d) Information may be reclassified after it has been...

The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

PubMed Central

Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-01-01

Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals’ perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Conclusions Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a “meaningful choice” in how their data are shared, and enable individuals to access information they need to manage their care. PMID:25843686