Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers.

PubMed

Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

2014-01-01

This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents' concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). This study underscores the need for enhanced measures to secure patients' PHI to avoid undermining their trust.

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

The Evolution of the Automated Continuous Evaluation System (ACES) for Personnel Security

DTIC Science & Technology

2013-11-12

information. It applies business rules to the data, produces a report that flags issues of potential security concern, and electronically transmits...Form 86 (SF- 86) to check these data sources, verify what has been submitted, and collect more information. It applies business rules to the data...subject information. It applies business rules to analyze the data returned, produces a report that flags issues of potential security concern, and

The security concern on internet banking adoption among Malaysian banking customers.

PubMed

Sudha, Raju; Thiagarajan, A S; Seetharaman, A

2007-01-01

The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.

76 FR 70207 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-10

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of Proposed Rule Change Regarding Professional Qualifications and Information Concerning Associated Persons November 3... information concerning associated persons. The proposed rule change was published for comment in the Federal...

78 FR 14400 - Southern USA Resources, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-05

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Southern USA Resources, Inc., Order of... lack of current and accurate information concerning the securities of Southern USA Resources, Inc. (``Southern USA'') because of questions regarding the accuracy of publicly-disseminated information concerning...

Developing an Undergraduate Information Systems Security Track

ERIC Educational Resources Information Center

Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

2013-01-01

Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

14 CFR 1203.901 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program Committee § 1203.901 Responsibilities. (a) The Chairperson reports to the Administrator concerning the management and direction of the NASA Information Security Program as provided for...

14 CFR 1203.901 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program Committee § 1203.901 Responsibilities. (a) The Chairperson reports to the Administrator concerning the management and direction of the NASA Information Security Program as provided for...

78 FR 50134 - Altus Pharmaceuticals, Inc., Blackhawk Capital Group BDC, Inc., Cargo Connection Logistics...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... lack of current and accurate information concerning the securities of Cargo Connection Logistics... Group BDC, Inc., Cargo Connection Logistics Holding, Inc., Diapulse Corporation of America, Globus... current and accurate information concerning the securities of Altus Pharmaceuticals, Inc. because it has...

77 FR 65054 - Agency Information Collection Activities; Proposed Information Collection; Comment Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-24

... Activities; Proposed Information Collection; Comment Request; Securities Exchange Act Disclosure Rules (12 CFR Part 11) and Securities of Federal Savings Associations (12 CFR Part 194) AGENCY: Office of the... concerning its information collection titled, ``Securities Exchange Act Disclosure Rules (12 CFR part 11) and...

78 FR 48697 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-09

... INFORMATION: FEMA's Homeland Security Grant Program (HSGP) is an important part of the Administration's larger... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0034... concerning the collection of information to administer the Homeland Security Grant Program (HSGP). DATES...

45 CFR 601.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.3 Security program. The Director, Division of... employees concerned with classified information or material. (b) Encouraging Foundation personnel to...

45 CFR 601.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.3 Security program. The Director, Division of... employees concerned with classified information or material. (b) Encouraging Foundation personnel to...

45 CFR 601.3 - Security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.3 Security program. The Director, Division of... employees concerned with classified information or material. (b) Encouraging Foundation personnel to...

45 CFR 601.3 - Security program.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.3 Security program. The Director, Division of... employees concerned with classified information or material. (b) Encouraging Foundation personnel to...

45 CFR 601.3 - Security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.3 Security program. The Director, Division of... employees concerned with classified information or material. (b) Encouraging Foundation personnel to...

Public attitudes toward health information exchange: perceived benefits and concerns.

PubMed

Dimitropoulos, Linda; Patel, Vaishali; Scheffler, Scott A; Posnack, Steve

2011-12-01

To characterize consumers' attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits. A cross-sectional study. A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE. A majority of the 1847 respondents reported they were either "very" or "somewhat" concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data. Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.

An updated look at document security: from initiation to storage or shredder.

PubMed

McConnell, Charles R

2014-01-01

In these days of close attention to security of information handled electronically, there is often a tendency to overlook the security of hard-copy documents. Document security can involve many areas of business, but the health care department manager's concerns are primarily for patient records and employee documentation. Document security is closely related to growing concerns for individual privacy; guidelines are furnished for protecting employee privacy by separating retention practices for business information from personal information. Sensitive documentation requires rules and procedures for processing, retaining, accessing, storing, and eventually destroying. Also, documents that are missing or incomplete at times present unique problems for the organization. The department manager is provided with some simple rules for safeguarding employee and patient documentation.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes

PubMed Central

2018-01-01

Background The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs’ success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. Objective The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Methods Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Results Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Conclusions Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients’ frequency of accessing health records, patients’ positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. PMID:29643052

An Empirical Examination of Fear Appeal's Effect on Behavioral Intention to Comply with Anti-Spyware Software Information Security Recommendations among College Students

ERIC Educational Resources Information Center

Brown, David A.

2017-01-01

Information security is a concern for managers implementing protection measures. Implementing information security measures requires communicating both the reason and remediation for the protection measure. Examining how an anti-spyware security communication affects an individual's intention to implement a protection measure could help improve…

Do You Take Credit Cards? Security and Compliance for the Credit Card Payment Industry

ERIC Educational Resources Information Center

Willey, Lorrie; White, Barbara Jo

2013-01-01

Security is a significant concern in business and in information systems (IS) education from both a technological and a strategic standpoint. Students can benefit from the study of information systems security when security concepts are introduced in the context of real-world industry standards. The development of a data security standard for…

Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

ERIC Educational Resources Information Center

Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

2003-01-01

Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

77 FR 70780 - Federal Acquisition Regulation; Submission for OMB Review; Contractors Performing Private...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

...; Submission for OMB Review; Contractors Performing Private Security Functions Outside the United States... new information collection requirement concerning Contractors Performing Private Security Functions... identified by Information Collection 9000- 0184, Contractors Performing Private Security Functions Outside...

78 FR 63310 - Agency Information Collection Activities: Information Collection Renewal; Comment Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-23

... DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities: Information Collection Renewal; Comment Request; Securities Offering Disclosure Rules AGENCY... comment concerning the renewal of an information collection titled, ``Securities Offering Disclosure Rules...

5 CFR 1312.29 - Destruction.

Code of Federal Regulations, 2010 CFR

2010-01-01

.... Classified official record material will be processed to the Information Systems and Technology, Records.../CSS Directorate for Information Systems Security, Ft. Meade, Maryland 20755. Specifications concerning..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified...

The Curious National Security Pendulum: Openness and/or Censorship.

ERIC Educational Resources Information Center

Marwick, Christine M.

1979-01-01

Lawsuits illustrate the increasing concern over national security in regulating the security classification system, and government attitudes toward information have shifted from secrecy to openness to censorship. The Central Intelligence Agency's suppression of unclassified printed information is a case in point. (SW)

Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

ERIC Educational Resources Information Center

Foltz, C. Bryan; Renwick, Janet S.

2011-01-01

The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

10 CFR 95.27 - Protection while in use.

Code of Federal Regulations, 2011 CFR

2011-01-01

... SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.27 Protection while in use. While in use... disclosure authorization (see § 95.36 for additional information concerning disclosure authorizations). [64...

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

PubMed Central

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. PMID:28052843

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

PubMed

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

ERIC Educational Resources Information Center

Kassa, Woldeloul

2016-01-01

Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

Information security : is your information safe?

DOT National Transportation Integrated Search

1999-01-01

This article characterizes the problem of cyber-terrorism, outlines the Federal government's response to several security-related concerns, and describes the Volpe Center's critical support to this response. The possibility of catastrophic terrorist ...

Security and privacy of EHR systems--ethical, social and legal requirements.

PubMed

Kluge, Eike-Henner W

2003-01-01

This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes.

PubMed

Kisekka, Victoria; Giboney, Justin Scott

2018-04-11

The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs' success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients' frequency of accessing health records, patients' positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. ©Victoria Kisekka, Justin Scott Giboney. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 11.04.2018.

5 CFR 1312.5 - Authority to classify.

Code of Federal Regulations, 2011 CFR

2011-01-01

..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.5 Authority to classify. (a) The authority to originally classify information or material under this part shall be limited to those officials concerned with matters...

Geospatial Informational Security Risks and Concerns of the U.S. Air Force GeoBase Program

DTIC Science & Technology

2007-03-01

multiple governmental directives such as the Government Performance and Results Act (GPRA), Paperwork Reduction Act (PRA), and Office of Management and... governments , non- governmental organizations (NGOs), universities, and commercial sector contractors (Lachman, 2006). One command noted that over...Defense, or the United States Government . AFIT/GEM/ENV/07-M1 GEOSPATIAL INFORMATIONAL SECURITY RISKS AND CONCERNS OF THE UNITED STATES

12 CFR 202.3 - Limited exceptions for certain classes of transactions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... securities credit: (i) Section 202.5(b) concerning information about the sex of an applicant; (ii) Section...(b) concerning information about the sex of an applicant, but only to the extent necessary for...) concerning information about income derived from alimony, child support, or separate maintenance payments; (v...

12 CFR 202.3 - Limited exceptions for certain classes of transactions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... securities credit: (i) Section 202.5(b) concerning information about the sex of an applicant; (ii) Section...(b) concerning information about the sex of an applicant, but only to the extent necessary for...) concerning information about income derived from alimony, child support, or separate maintenance payments; (v...

12 CFR 202.3 - Limited exceptions for certain classes of transactions.

Code of Federal Regulations, 2014 CFR

2014-01-01

... securities credit: (i) Section 202.5(b) concerning information about the sex of an applicant; (ii) Section...(b) concerning information about the sex of an applicant, but only to the extent necessary for...) concerning information about income derived from alimony, child support, or separate maintenance payments; (v...

The Terrorist Threat to Inbound U.S. Passenger Flights: Inadequate Government Response

DTIC Science & Technology

2009-01-01

and several passengers who assisted her in subduing the criminal. It was unfortunate that French airport security had no explosives detector at...foreign airport security authorities. It is true that a few nations have, on their own, begun to use trace detectors on outgoing flights, at least...airports to inform passengers bound for Haiti and Indonesia of security concerns there. Similar concerns over airport security – which could have led

Securing services in the cloud: an investigation of the threats and the mitigations

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2012-05-01

The stakeholder's security concerns over data in the clouds (Voice, Video and Text) are a real concern to DoD, the IC and private sector. This is primarily due to the lack of physical isolation of data when migrating to shared infrastructure platforms. The security concerns are related to privacy and regulatory compliance required in many industries (healthcare, financial, law enforcement, DoD, etc) and the corporate knowledge databases. The new paradigm depends on the service provider to ensure that the customer's information is continuously monitored and is kept available, secure, access controlled and isolated from potential adversaries.

A Reading Preference and Risk Taxonomy for Printed Proprietary Information Compromise in the Aerospace and Defense Industry

ERIC Educational Resources Information Center

Stalker, Joshua Dylan

2012-01-01

The protection of proprietary information that users print from their information systems is a significant and relevant concern in the field of information security to both researchers and practitioners. Information security researchers have repeatedly indicated that human behaviors and perception are important factors influencing the information…

Will you accept the government's friend request? Social networks and privacy concerns.

PubMed

Siegel, David A

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

PubMed Central

Siegel, David A.

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

33 CFR 105.405 - Format and content of the Facility Security Plan (FSP).

Code of Federal Regulations, 2010 CFR

2010-07-01

... Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and... resubmission of the FSP. (c) The Facility Vulnerability and Security Measures Summary (Form CG-6025) must be completed using information in the FSA concerning identified vulnerabilities and information in the FSP...

Strategies to Minimize the Effects of Information Security Threats on Business Performance

ERIC Educational Resources Information Center

Okoye, Stella Ifeyinwa

2017-01-01

Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory…

49 CFR 1549.7 - Approval, amendment, renewal of the security program and certification of a certified cargo...

Code of Federal Regulations, 2010 CFR

2010-10-01

... information requested by TSA concerning Security Threat Assessments. (viii) A statement acknowledging and ensuring that each individual will successfully complete a Security Threat Assessment under § 1549.111... Security Coordinator for an applicant successfully completes a security threat assessment, TSA will provide...

Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior.

PubMed

Walker, Daniel M; Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-04

As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. These findings suggest that consumers' beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. ©Daniel M Walker, Tyler Johnson, Eric W Ford, Timothy R Huerta. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 04.01.2017.

A bill to establish the Small Business Information Security Task Force to address information security concerns relating to credit card data and other proprietary information.

THOMAS, 111th Congress

Sen. Snowe, Olympia J. [R-ME

2009-05-19

Senate - 05/19/2009 Read twice and referred to the Committee on Small Business and Entrepreneurship. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Information Security and Privacy in Network Environments.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

76 FR 15368 - Minimum Security Devices and Procedures

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-21

... DEPARTMENT OF THE TREASURY Office of Thrift Supervision Minimum Security Devices and Procedures... concerning the following information collection. Title of Proposal: Minimum Security Devices and Procedures... establish a written security program is necessitated by the Bank Protection Act (12 U.S.C. 1881-1884), which...

76 FR 72715 - Agency Information Collection Activities: Cargo Manifest/Declaration, Stow Plan, Container Status...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-25

... Activities: Cargo Manifest/ Declaration, Stow Plan, Container Status Messages and Importer Security Filing... concerning the following information collection. Title: Cargo Manifest/Declaration, Stow Plan, Container... and other Federal agencies to comment on an information collection requirement concerning the Cargo...

76 FR 20433 - MaxLife Fund Corp.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-12

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] MaxLife Fund Corp.; Order of Suspension of... current and accurate information concerning the securities of MaxLife Fund Corp. (``MaxLife'') because of questions that have arisen concerning representations made by MaxLife, the control of its stock, its market...

78 FR 59409 - In the Matter of AcuNetx, Inc., Alliance Pharmaceutical Corp., BBV Vietnam SE.A. Acquisition Corp...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-26

... Pharmaceutical Corp., BBV Vietnam SE.A. Acquisition Corp., Cash Technologies, Inc., Conspiracy Entertainment... that there is a lack of current and accurate information concerning the securities of Cash Technologies... concerning the securities of Conspiracy Entertainment Holdings, Inc. because it has not filed any periodic...

75 FR 5156 - Ariel Corp., Classica Group, Inc., Commodore Environmental Services, Inc., Dupont Direct...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... Environmental Services, Inc., Dupont Direct Financial Holdings, Inc., New Paradigm Software Corp. (n/k/a Brunton... concerning the securities of Commodore Environmental Services, Inc. because it has not filed any periodic... accurate information concerning the securities of New Paradigm Software Corp. (n/k/a Brunton Vineyards...

18 CFR 3b.202 - Collection of information from individuals concerned.

Code of Federal Regulations, 2010 CFR

2010-04-01

... the Commission for inclusion in a system of records which may result in adverse determinations about... providing all or any part of the requested information. (c) Social security numbers will not be required... requested to disclose his social security number to the Commission, he will be informed under what statutory...

77 FR 56845 - Multi-Agency Informational Meeting Concerning Compliance With the Federal Select Agent Program...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-14

... Informational Meeting Concerning Compliance With the Federal Select Agent Program; Public Webcast AGENCY... with the Federal Select Agent Program. The purpose of this notice is to notify all interested parties... changes to the select agent regulations; occupational health, information and physical security; personnel...

78 FR 56234 - Multi-Agency Informational Meeting Concerning Compliance with the Select Agent Regulations...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... Informational Meeting Concerning Compliance with the Select Agent Regulations; Public Webcast AGENCY: Centers... purpose of the webcast is to provide guidance related to the select agent regulations established under... Justice Information Services. Changes to Section 11(Security) of the select agent regulations including...

78 FR 14807 - Notice of Proposed Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-07

... DEPARTMENT OF HOMELAND SECURITY United States Secret Service Notice of Proposed Information... request as required by the Paperwork Reduction Act of 1995. Currently, the U.S. Secret Service, within the U.S. Department of Homeland Security, is soliciting comments concerning the SSF 3237, U.S. Secret...

12 CFR 202.3 - Limited exceptions for certain classes of transactions.

Code of Federal Regulations, 2012 CFR

2012-01-01

... securities credit: (i) Section 202.5(b) concerning information about the sex of an applicant; (ii) Section... concerning open-end accounts, to the extent the action taken is on the basis of a change of name or marital...(b) concerning information about the sex of an applicant, but only to the extent necessary for...

12 CFR 202.3 - Limited exceptions for certain classes of transactions.

Code of Federal Regulations, 2013 CFR

2013-01-01

... securities credit: (i) Section 202.5(b) concerning information about the sex of an applicant; (ii) Section... concerning open-end accounts, to the extent the action taken is on the basis of a change of name or marital...(b) concerning information about the sex of an applicant, but only to the extent necessary for...

76 FR 13438 - In the Matter of AdAl Group, Inc., Com/Tech Communications Technologies, Inc., Dialog Group, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-11

.../k/a GB Holdings Liquidation, Inc.), Information Management Technologies Corporation, Interiors, Inc... and Exchange Commission that there is a lack of current and accurate information concerning the... accurate information concerning the securities of Com/Tech Communications Technologies, Inc. because it has...

12 CFR 792.63 - Collection of information from individuals; information forms.

Code of Federal Regulations, 2010 CFR

2010-01-01

... FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED... information concerning religion, political beliefs or activities, association memberships (other than those...

State-of-the-art research on electromagnetic information security

NASA Astrophysics Data System (ADS)

Hayashi, Yu-ichi

2016-07-01

As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets

ERIC Educational Resources Information Center

Thaw, David Bernard

2011-01-01

Current scholarly understanding of information security regulation in the United States is limited. Several competing mechanisms exist, many of which are untested in the courts and before state regulators, and new mechanisms are being proposed on a regular basis. Perhaps of even greater concern, the pace at which technology and threats change far…

77 FR 75223 - Spencer Pharmaceutical Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Spencer Pharmaceutical Inc.; Order of Suspension of Trading December 17, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Spencer Pharmaceutical Inc...

NASA Blue Team: Determining Operational Security Posture of Critical Systems and Networks

NASA Technical Reports Server (NTRS)

Alley, Adam David

2016-01-01

Emergence of Cybersecurity has increased the focus on security risks to Information Technology (IT) assets going beyond traditional Information Assurance (IA) concerns: More sophisticated threats have emerged from increasing sources as advanced hacker tools and techniques have emerged and proliferated to broaden the attack surface available across globally interconnected networks.

78 FR 60998 - Proposed Collection: Information Collection Surrounding the Sale and Issue of Marketable Book...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-02

... Collection Surrounding the Sale and Issue of Marketable Book-Entry Securities ACTION: Notice and request for... Department of the Treasury is soliciting comments concerning the Sale and Issue of Marketable Book-Entry... Marketable Book-Entry Securities. OMB Number: 1535-0112. Abstract: The information is requested to ensure...

76 FR 53164 - Puda Coal, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-25

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Puda Coal, Inc.; Order of Suspension of Trading August 19, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Puda Coal, Inc. (``Puda'') because (1) Puda...

75 FR 8156 - Electronic Game Card, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Electronic Game Card, Inc.; Order of Suspension of Trading February 19, 2010. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Electronic Game Card, Inc...

78 FR 62931 - Pacific Clean Water Technologies, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-22

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Pacific Clean Water Technologies, Inc.; Order of Suspension of Trading October 11, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Pacific Clean Water...

75 FR 22168 - Global Medical Products Holdings, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-27

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Global Medical Products Holdings, Inc., Order of Suspension of Trading April 23, 2010. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Global Medical Products...

75 FR 27847 - China Technology Global Corp.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Technology Global Corp.; Order of Suspension of Trading May 14, 2010. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Technology Global Corp...

76 FR 6170 - Andresmin Gold Corp., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-03

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Andresmin Gold Corp., Order of Suspension of Trading February 1, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Andresmin Gold Corp. because it has not...

77 FR 58424 - China Mobile Media Technology, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Mobile Media Technology, Inc., Order of Suspension of Trading September 18, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Mobile Media...

78 FR 58376 - Home System Group, Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Home System Group, Order of Suspension of Trading September 19, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Home System Group because Home System Group...

78 FR 71021 - Life Stem Genetics Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-27

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Life Stem Genetics Inc.; Order of Suspension of Trading November 25, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Life Stem Genetics Inc. because...

77 FR 76160 - New Generation Biofuels Holdings, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-26

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] New Generation Biofuels Holdings, Inc.; Order of Suspension of Trading December 21, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of New Generation Biofuels...

77 FR 26796 - HydroGenetics, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-07

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] HydroGenetics, Inc.; Order of Suspension of... and accurate information concerning the securities of HydroGenetics, Inc. (``HydroGenetics'') because... require a suspension of trading in the securities of HydroGenetics. Therefore, it is ordered, pursuant to...

Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines

ERIC Educational Resources Information Center

Waguespack, Leslie J.

2014-01-01

With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…

78 FR 77769 - CompuSonics Video Corporation, Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-24

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] CompuSonics Video Corporation, Order of Suspension of Trading December 20, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of CompuSonics Video Corporation...

78 FR 32696 - Jupiter Enterprises, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-31

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Jupiter Enterprises, Inc., Order of Suspension of Trading May 29, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Jupiter Enterprises, Inc. because it has not...

78 FR 43959 - In the Matter of American Technologies Group, Inc., Bonanza Oil & Gas, Inc., and Gulf Coast Oil...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-22

..., Inc., Bonanza Oil & Gas, Inc., and Gulf Coast Oil & Gas, Inc.; Order of Suspension of Trading July 18... Commission that there is a lack of current and accurate information concerning the securities of Bonanza Oil... concerning the securities of Gulf Coast Oil & Gas, Inc. because it has not filed any periodic reports since...

75 FR 23223 - Multi-Agency Informational Meeting Concerning Compliance With the Federal Select Agent Program...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

...] Multi-Agency Informational Meeting Concerning Compliance With the Federal Select Agent Program; Public... Select Agent Program established under the Public Health Security and Bioterrorism Preparedness and... Roberson, Veterinary Permit Examiner, APHIS Select Agent Program, VS, ASAP, APHIS, 4700 River Road Unit 2...

Ensuring the security and availability of a hospital wireless LAN system.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-01-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. Herein we discuss security countermeasures that must be taken and issues concerning availability that must be considered to ensure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at a university hospital. Security countermeasures differ according to their purpose, such as preventing illegal use or ensuring availability, both of which are discussed. The main focus of the availability discussion is on signal reach, electromagnetic noise elimination, and maintaining power supply to the network apparatus. It is our hope that this information will assist others in their efforts to ensure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Why Phishing Works: Project for an Information Security Capstone Course

ERIC Educational Resources Information Center

Pollacia, Lissa; Ding, Yan Zong; Yang, Seung

2015-01-01

This paper presents a project which was conducted in a capstone course in Information Security. The project focused on conducting research concerning the various aspects of phishing, such as why phishing works and who is more likely to be deceived by phishing. Students were guided through the process of conducting research: finding background and…

An Analysis of Information Technology Managers' and Executives' Security Concerns on Willingness to Adopt Cloud Computing Solutions

ERIC Educational Resources Information Center

Tanque, Marcus M.

2012-01-01

The research conducted in this study inquires about Information Technology (IT) managers' and executives' attitudes, beliefs, and knowledge on Cloud Computing (CC) security. The study evaluated how these factors affect IT managers' and executives' willingness to adopt CC solutions in their organizations. Confidentiality,…

Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

PubMed Central

Richardson, Joshua E.; Ancker, Jessica S.

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

PubMed

Richardson, Joshua E; Ancker, Jessica S

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

76 FR 16462 - In the Matter of Heli Electronics Corp., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Heli Electronics Corp., Order of Suspension of Trading March 21, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Heli Electronics Corp...

76 FR 6499 - China 9D Construction Group; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-04

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China 9D Construction Group; Order of Suspension of Trading February 2, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China 9D Construction Group...

78 FR 55134 - China Cablecom Holdings Ltd., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-09

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Cablecom Holdings Ltd., Order of Suspension of Trading September 5, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Cablecom Holdings Ltd. (n/k...

78 FR 50480 - In the Matter of Redfin Network, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Redfin Network, Inc.; Order of Suspension of Trading August 15, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Redfin Network, Inc...

76 FR 28117 - Order of Suspension of Trading; City Network, Inc.

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; City Network, Inc. May 11, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of City Network, Inc. because it has not filed...

Database Security: What Students Need to Know

ERIC Educational Resources Information Center

Murray, Meg Coffin

2010-01-01

Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The Defense Information Systems Agency of the US Department of…

78 FR 55769 - North China Horticulture, Inc., File No. 500-1; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-11

... SECURITIES AND EXCHANGE COMMISSION North China Horticulture, Inc., File No. 500-1; Order of Suspension of Trading September 6, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of North China Horticulture, Inc...

78 FR 21634 - Order of Suspension of Trading; in the Matter of Integrity Bancshares, Inc.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-11

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; in the Matter of Integrity Bancshares, Inc. April 9, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Integrity...

78 FR 4481 - Order of Suspension of Trading; in the Matter of Medex, Inc.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-22

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; in the Matter of Medex, Inc. January 17, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Medex, Inc. (``Medex'') because...

78 FR 47813 - In the Matter of Bergamo Acquisition Corp.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-06

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Bergamo Acquisition Corp.; Order of Suspension of Trading August 2, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Bergamo Acquisition...

77 FR 31682 - In the Matter of Indocan Resources, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-29

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Indocan Resources, Inc.; Order of Suspension of Trading May 24, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Indocan Resources, Inc...

75 FR 36456 - Channel America Television Network, Inc., EquiMed, Inc., Kore Holdings, Inc., Robotic Vision...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-25

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Channel America Television Network, Inc., EquiMed, Inc., Kore Holdings, Inc., Robotic Vision Systems, Inc. (n/k/a Acuity Cimatrix, Inc.), Security... information concerning the securities of Channel America Television Network, Inc. because it has not filed any...

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Image Hashes as Templates for Verification

DOE Office of Scientific and Technical Information (OSTI.GOV)

Janik, Tadeusz; Jarman, Kenneth D.; Robinson, Sean M.

2012-07-17

Imaging systems can provide measurements that confidently assess characteristics of nuclear weapons and dismantled weapon components, and such assessment will be needed in future verification for arms control. Yet imaging is often viewed as too intrusive, raising concern about the ability to protect sensitive information. In particular, the prospect of using image-based templates for verifying the presence or absence of a warhead, or of the declared configuration of fissile material in storage, may be rejected out-of-hand as being too vulnerable to violation of information barrier (IB) principles. Development of a rigorous approach for generating and comparing reduced-information templates from images,more » and assessing the security, sensitivity, and robustness of verification using such templates, are needed to address these concerns. We discuss our efforts to develop such a rigorous approach based on a combination of image-feature extraction and encryption-utilizing hash functions to confirm proffered declarations, providing strong classified data security while maintaining high confidence for verification. The proposed work is focused on developing secure, robust, tamper-sensitive and automatic techniques that may enable the comparison of non-sensitive hashed image data outside an IB. It is rooted in research on so-called perceptual hash functions for image comparison, at the interface of signal/image processing, pattern recognition, cryptography, and information theory. Such perceptual or robust image hashing—which, strictly speaking, is not truly cryptographic hashing—has extensive application in content authentication and information retrieval, database search, and security assurance. Applying and extending the principles of perceptual hashing to imaging for arms control, we propose techniques that are sensitive to altering, forging and tampering of the imaged object yet robust and tolerant to content-preserving image distortions and noise. Ensuring that the information contained in the hashed image data (available out-of-IB) cannot be used to extract sensitive information about the imaged object is of primary concern. Thus the techniques are characterized by high unpredictability to guarantee security. We will present an assessment of the performance of our techniques with respect to security, sensitivity and robustness on the basis of a methodical and mathematically precise framework.« less

78 FR 50135 - Soil Biogenics Ltd., File No. 500-1; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... SECURITIES AND EXCHANGE COMMISSION Soil Biogenics Ltd., File No. 500-1; Order of Suspension of Trading August 14, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Soil Biogenics Ltd. because it has not filed...

78 FR 59738 - Left Behind Games, Inc., File No. 500-1; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-27

... SECURITIES AND EXCHANGE COMMISSION Left Behind Games, Inc., File No. 500-1; Order of Suspension of Trading September 25, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Left Behind Games, Inc. (``Left Behind...

77 FR 16113 - ASP Ventures Corp., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] ASP Ventures Corp., Order of Suspension of Trading March 15, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of ASP Ventures Corp. because it has not filed any periodic reports since the period ended...

77 FR 55248 - eHydrogen Solutions, Inc., and ChromoCure, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-07

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] eHydrogen Solutions, Inc., and ChromoCure, Inc.; Order of Suspension of Trading September 5, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of eHydrogen...

78 FR 4907 - In the Matter of AlphaTrade.com; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of AlphaTrade.com ; Order of Suspension of Trading January 18, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of AlphaTrade.com because it has not...

77 FR 5865 - In the Matter of Beicang Iron & Steel, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Beicang Iron & Steel, Inc.; Order of Suspension of Trading February 2, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Beicang Iron...

77 FR 26588 - In the Matter of Recycle Tech, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-04

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Recycle Tech, Inc.; Order of Suspension of Trading May 2, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Recycle Tech, Inc. (``Recycle Tech...

77 FR 5865 - In the Matter of Blue Earth Refineries, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Blue Earth Refineries, Inc.; Order of Suspension of Trading February 2, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Blue Earth...

78 FR 32696 - China Properties Developments, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-31

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Properties Developments, Inc.; Order of Suspension of Trading May 29, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Properties Developments, Inc. because it has not filed any periodic...

78 FR 32696 - China Environmental Protection, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-31

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Environmental Protection, Inc., Order of Suspension of Trading May 29, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Environmental Protection, Inc. because it has not filed any periodi...

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

75 FR 80042 - Information Privacy and Innovation in the Internet Economy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-21

... statistics that provide evidence of concern--or comments explaining why concerns are unwarranted--about cloud computing data privacy and security in the commercial context. We also seek data that links any such concerns to decisions to adopt, or refrain from adopting, cloud computing services. (41) The Task Force...

Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

ERIC Educational Resources Information Center

Zahadat, Nima

2016-01-01

With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

78 FR 69925 - Order of Suspension of Trading; In the Matter of HouseRaising, Inc., iElement Corporation...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

...., and PC Universe, Inc. November 19, 2013. It appears to the Securities and Exchange Commission that... information concerning the securities of PC Universe, Inc. because it has not filed any periodic reports since...

76 FR 18264 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-01

..., Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy... resumption of quotations in a quotation medium by a broker-dealer for over-the- counter (``OTC'') securities... quotation for publication, in a quotation medium unless they have reviewed specified information concerning...

The Campus Executive's Role in Security and Liability Issues.

ERIC Educational Resources Information Center

Bromley, Max; Territo, Leonard

1986-01-01

Executives at institutions of higher education have become increasingly concerned about serious crimes being committed on their campuses. The liability issue, criminal activity information, physical security and design issues, student patrol escorts, crime prevention training, and task force development are discussed. (MLW)

Managing the Process of Protection Level Assessment of the Complex Organization and Technical Industrial Enterprises

NASA Astrophysics Data System (ADS)

Gorlov, A. P.; Averchenkov, V. I.; Rytov, M. Yu; Eryomenko, V. T.

2017-01-01

The article is concerned with mathematical simulation of protection level assessment of complex organizational and technical systems of industrial enterprises by creating automated system, which main functions are: information security (IS) audit, forming of the enterprise threats model, recommendations concerning creation of the information protection system, a set of organizational-administrative documentation.

An examination of electronic health information privacy in older adults.

PubMed

Le, Thai; Thompson, Hilaire; Demiris, George

2013-01-01

Older adults are the quickest growing demographic group and are key consumers of health services. As the United States health system transitions to electronic health records, it is important to understand older adult perceptions of privacy and security. We performed a secondary analysis of the Health Information National Trends Survey (2012, Cycle 1), to examine differences in perceptions of electronic health information privacy between older adults and the general population. We found differences in the level of importance placed on access to electronic health information (older adults placed greater emphasis on provider as opposed to personal access) and tendency to withhold information out of concerns for privacy and security (older adults were less likely to withhold information). We provide recommendations to alleviate some of these privacy concerns. This may facilitate greater use of electronic health communication between patient and provider, while promoting shared decision making.

Protecting Privacy and Confidentiality in a Multiple Use, Multiple User Mental Health Information System.

ERIC Educational Resources Information Center

Bank, Rheta; Laska, Eugene M.

1978-01-01

These aspects of maintaining the security of computer-processed information concerning mental health patients are discussed: legal protection, technological safeguards, and managerial responsibility. (CTM)

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

NASA Astrophysics Data System (ADS)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

Geospatial cryptography: enabling researchers to access private, spatially referenced, human subjects data for cancer control and prevention.

PubMed

Jacquez, Geoffrey M; Essex, Aleksander; Curtis, Andrew; Kohler, Betsy; Sherman, Recinda; Emam, Khaled El; Shi, Chen; Kaufmann, Andy; Beale, Linda; Cusick, Thomas; Goldberg, Daniel; Goovaerts, Pierre

2017-07-01

As the volume, accuracy and precision of digital geographic information have increased, concerns regarding individual privacy and confidentiality have come to the forefront. Not only do these challenge a basic tenet underlying the advancement of science by posing substantial obstacles to the sharing of data to validate research results, but they are obstacles to conducting certain research projects in the first place. Geospatial cryptography involves the specification, design, implementation and application of cryptographic techniques to address privacy, confidentiality and security concerns for geographically referenced data. This article defines geospatial cryptography and demonstrates its application in cancer control and surveillance. Four use cases are considered: (1) national-level de-duplication among state or province-based cancer registries; (2) sharing of confidential data across cancer registries to support case aggregation across administrative geographies; (3) secure data linkage; and (4) cancer cluster investigation and surveillance. A secure multi-party system for geospatial cryptography is developed. Solutions under geospatial cryptography are presented and computation time is calculated. As services provided by cancer registries to the research community, de-duplication, case aggregation across administrative geographies and secure data linkage are often time-consuming and in some instances precluded by confidentiality and security concerns. Geospatial cryptography provides secure solutions that hold significant promise for addressing these concerns and for accelerating the pace of research with human subjects data residing in our nation's cancer registries. Pursuit of the research directions posed herein conceivably would lead to a geospatially encrypted geographic information system (GEGIS) designed specifically to promote the sharing and spatial analysis of confidential data. Geospatial cryptography holds substantial promise for accelerating the pace of research with spatially referenced human subjects data.

Exploring the Lack of Interoperability of Databases within Department of Homeland Security Interagency Environment Concerning Maritime Port Security

DTIC Science & Technology

2009-03-01

37 Figure 8 New Information Sharing Model from United States Intelligence Community Information Sharing...PRIDE while the Coast Guard has MISSLE and the newly constructed WATCHKEEPER. All these databases contain intelligence on incoming vessels...decisions making. Experts rely heavily on future projections as hallmarks of skilled performance." (Endsley et al. 2006) The SA model above

Taiwan's perspective on electronic medical records' security and privacy protection: lessons learned from HIPAA.

PubMed

Yang, Che-Ming; Lin, Herng-Ching; Chang, Polun; Jian, Wen-Shan

2006-06-01

The protection of patients' health information is a very important concern in the information age. The purpose of this study is to ascertain what constitutes an effective legal framework in protecting both the security and privacy of health information, especially electronic medical records. All sorts of bills regarding electronic medical data protection have been proposed around the world including Health Insurance Portability and Accountability Act (HIPAA) of the U.S. The trend of a centralized bill that focuses on managing computerized health information is the part that needs our further attention. Under the sponsor of Taiwan's Department of Health (DOH), our expert panel drafted the "Medical Information Security and Privacy Protection Guidelines", which identifies nine principles and entails 12 articles, in the hope that medical organizations will have an effective reference in how to manage their medical information in a confidential and secured fashion especially in electronic transactions.

78 FR 54934 - In the Matter of K's Media, File No. 500-1; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-06

... SECURITIES AND EXCHANGE COMMISSION In the Matter of K's Media, File No. 500-1; Order of Suspension... lack of current and accurate information concerning the securities of K's Media because it has not... of the above-listed company. Therefore, it is ordered, pursuant to Section 12(k) of the Securities...

78 FR 70617 - In the Matter of Pure H20 Bio-Technologies, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-26

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Pure H20 Bio-Technologies, Inc.; Order of Suspension of Trading November 22, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Pure H20 Bio...

78 FR 60993 - In the Matter of China Ruitai International Holdings Co., Ltd.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-02

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of China Ruitai International Holdings Co., Ltd.; Order of Suspension of Trading September 30, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Ruitai International Holdings Co.,...

78 FR 62931 - China Ritar Power Corp., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-22

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Ritar Power Corp., Order of Suspension of Trading October 4, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Ritar Power Corp. because China Ritar Power Corp. has not filed any periodic...

78 FR 23622 - In the Matter of NewTech Brake Corp., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of NewTech Brake Corp., Order of Suspension of Trading April 17, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of NewTech Brake Corp. because it...

77 FR 50204 - Star Entertainment Group, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Star Entertainment Group, Inc., Order of... lack of current and accurate information concerning the securities of Star Entertainment Group, Inc. (``Star Entertainment'') because of questions regarding the accuracy of the company's financial statements...

77 FR 59690 - Titan Resources International, Corp.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-28

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Titan Resources International, Corp.; Order of... a lack of current and accurate information concerning the securities of Titan Resources International, Corp. (``Titan''). Titan is a Wyoming corporation purportedly based in Ontario, Canada. Questions...

77 FR 65602 - Chimera Energy Corporation; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-29

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Chimera Energy Corporation; Order of... lack of current and accurate information concerning the securities of Chimera Energy Corporation (``Chimera'') because of questions regarding the accuracy of statements by Chimera in press releases to...

Is the biggest security threat to medical information simply a lack of understanding?

PubMed

Williams, Patricia A H

2011-01-01

Connecting Australian health services and the e-health initiative is a major focus in the current health environment. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However, the main problem may not be these issues in sharing information but the fact that the point of origin of such records is still relatively insecure. This paper highlights why this may be the case. Research into the security of medical information has shown that many primary healthcare providers are unable to create an environment with effective information security. Numerous factors contribute to this complex situation including a trustful environment, the resultant security culture and the capability of individual healthcare organisations. Further, the growing importance of new directions in the use of patient information is considered. This paper discusses these issues and positions them within the complex environment that is healthcare. In our current health system infrastructure, the points of origin of patient information are our most vulnerable. This entwined with progressively new uses of this information expose additional security concerns, such as re-identification of information, that require attention.

A Demonstration of a Trusted Computer Interface Between a Multilevel Secure Command and Control System and Untrusted Tactical Data Systems.

DTIC Science & Technology

1987-03-01

information and work in a completely secure environment. Information used with today’s C3I systems must be protected. To better understand the role of...and security was of minor concern. The user either worked on his own behalf or as a programmer for someone else. The computer power was limited. With...Although the modules may be of the same classification level, the manager may want to limit each team’s access to the module on which they are working

"Willing but unwilling": attitudinal barriers to adoption of home-based health information technology among older adults.

PubMed

Young, Rachel; Willis, Erin; Cameron, Glen; Geana, Mugur

2014-06-01

While much research focuses on adoption of electronic health-care records and other information technology among health-care providers, less research explores patient attitudes. This qualitative study examines barriers to adoption of home-based health information technology, particularly personal electronic health records, among older adults. We conducted in-depth interviews (30-90 min duration) with 35 American adults, aged 46-72 years, to determine their perceptions of and attitudes toward home-based health information technology. Analysis of interview data revealed that most barriers to adoption fell under four themes: technological discomfort, privacy or security concerns, lack of relative advantage, and perceived distance from the user representation. Based on our findings, systems to promote home-based health information technology should incorporate familiar computer applications, alleviate privacy and security concerns, and align with older adults' active and engaged self-image.

75 FR 21261 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-23

... replace with ``Full name, Social Security Number (SSN); individual case reports concerning the exercise of..., requests for local authorities to refrain from exercising their jurisdiction, communications with lawyers... provide full name, Social Security Number (SSN) or other information verifiable from the record itself. In...

77 FR 73509 - Emerging World Pharma, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-10

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Emerging World Pharma, Inc.; Order of... lack of current and accurate information concerning the securities of Emerging World Pharma, Inc. (``Emerging World''). Emerging World is a Florida corporation purportedly based in Manassas, Virginia and...

75 FR 34183 - Micro Laboratories, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Micro Laboratories, Inc.; Order of Suspension... of current and accurate information concerning the securities of Micro Laboratories, Inc. (``Micro Laboratories'') because it has not filed any periodic reports since the period ended June 30, 2005. Micro...

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Practical cryptographic strategies in the post-quantum era

NASA Astrophysics Data System (ADS)

Kabanov, I. S.; Yunusov, R. R.; Kurochkin, Y. V.; Fedorov, A. K.

2018-02-01

Quantum key distribution technologies promise information-theoretic security and are currently being deployed in com-mercial applications. We review new frontiers in information security technologies in communications and distributed storage applications with the use of classical, quantum, hybrid classical-quantum, and post-quantum cryptography. We analyze the cur-rent state-of-the-art, critical characteristics, development trends, and limitations of these techniques for application in enterprise information protection systems. An approach concerning the selection of practical encryption technologies for enterprises with branched communication networks is discussed.

Emergency Response Manual

NASA Technical Reports Server (NTRS)

Barnett, Traci M.

2004-01-01

Safety and security is very important at NASA. The Security Management and Safeguards Office goal is ensure safety and security for all NASA Lewis and Plum Brook Station visitors and workers. The office protects against theft, sabotage, malicious damage, espionage, and other threats or acts of violence. There are three types of security at NASA: physical, IT, and personnel. IT is concerned with sensitive and classified information and computers. Physical security includes the officers who check visitors and workers in and patrol the facility. Personnel security is concerned with background checks during hiring. During my internship, I met people from and gained knowledge about all three types of security. I primarily worked with Dr. Richard Soppet in physical security. During my experience with physical security, I observed and worked with many aspects of it. I attended various security meetings at both NASA Lewis and Plum Brook. The meetings were about homeland security and other improvements that will be made to both facilities. I also spent time with a locksmith. The locksmith makes copies of keys and unlocks doors for people who need them. I rode around in a security vehicle with an officer as he patrolled. I also observed the officer make a search of a visitor s vehicle. All visitors vehicles are searched upon entering NASA. I spent time and observed in the dispatch office. The officer answers calls and sends out officers when needed. The officer also monitors the security cameras. My primary task was completing an emergency response manual. This manual would assist local law enforcement and fire agencies in case of an emergency. The manual has pictures and descriptions of the buildings. It also contains the information about hazards inside of the buildings. This information will be very helpul to law enforcement so that when called upon during an emergency, they will not create an even bigger problem with collateral damage.

76 FR 6640 - Advantage Life Products, Inc., and B-Teller, Inc. (n/k/a CA Goldfields, Inc.), Order of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

..., Inc. (n/k/a CA Goldfields, Inc.), Order of Suspension of Trading February 3, 2011. It appears to the... current and accurate information concerning the securities of B-Teller, Inc. (n/k/a CA Goldfields, Inc...(k) of the Securities Exchange Act of 1934, that trading in the securities of the above-listed...

Cyber security evaluation of II&C technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas, Ken

The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) tomore » address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a cyber security team with expertise in nuclear utility cyber security programs and experience in conducting these evaluations. The evaluation has determined that, for the most part, cyber security will not be a limiting factor in the application of these technologies to nuclear power plant applications.« less

Management Guide to the Protection of Information Resources.

ERIC Educational Resources Information Center

Helsing, Cheryl; And Others

This guide introduces information systems security concerns and outlines the issues that must be addressed by all agency managers in meeting their responsibilities to protect information systems within their organizations. It describes the essential components of an effective information resource protection process that applies to an individual…

32 CFR 147.15 - Guideline M-Misuse of Information technology systems.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Guideline M-Misuse of Information technology... CLASSIFIED INFORMATION Adjudication § 147.15 Guideline M—Misuse of Information technology systems. (a) The... technology systems may raise security concerns about an individual's trustworthiness, willingness, and...

76 FR 12144 - Advanced Optics Electronics, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-04

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Advanced Optics Electronics, Inc.; Order of... lack of current and accurate information concerning the securities of Advanced Optics Electronics, Inc... in Advanced Optics Electronics, Inc. Therefore, it is ordered, pursuant to Section 12(k) of the...

76 FR 36951 - In the Matter of Shiming U.S., Inc., Si Mei Te Food Ltd. (f/k/a China Discovery Acquisition Corp...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-23

... Electronics, Inc.; Order of Suspension of Trading June 21, 2011. It appears to the Securities and Exchange... information concerning the securities of SJ Electronics, Inc. because it has not filed any periodic reports...

78 FR 66097 - Acies Corporation, Immtech Pharmaceuticals, Inc., MRU Holdings, Inc., MSTI Holdings, Inc., Nestor...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-04

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Acies Corporation, Immtech Pharmaceuticals, Inc., MRU Holdings, Inc., MSTI Holdings, Inc., Nestor, Inc., New Generation Holdings, Inc., and Nuevo... that there is a lack of current and accurate information concerning the securities of New Generation...

17 CFR 17.02 - Form, manner and time of filing reports.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Form, manner and time of filing reports. 17.02 Section 17.02 Commodity and Securities Exchanges COMMODITY FUTURES TRADING... markets located in that time zone, and central time for information concerning all other markets. (b...

76 FR 60953 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-30

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of Proposed Rule Change Regarding Professional Qualifications and Information Concerning Associated Persons September 26, 2011... Organization's Statement of the Terms of Substance of the Proposed Rule Change The MSRB is filing with the SEC...

Cryptographic Research and NSA: Report of the Public Cryptography Study Group.

ERIC Educational Resources Information Center

Davida, George I.

1981-01-01

The Public Cryptography Study Group accepted the claim made by the National Security Agency that some information in some publications concerning cryptology could be inimical to national security, and is allowing the establishment of a voluntary mechanism, on an experimental basis, for NSA to review cryptology manuscripts. (MLW)

Report of the Public Cryptography Study Group.

ERIC Educational Resources Information Center

American Council on Education, Washington, DC.

Concerns of the National Security Agency (NSA) that information contained in some articles about cryptography in learned and professional journals and in monographs might be inimical to the national security are addressed. The Public Cryptography Study Group, with one dissenting opinion, recommends that a voluntary system of prior review of…

78 FR 74216 - Guar Global Ltd.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-10

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Guar Global Ltd.; Order of Suspension of... and the protection of investors require a suspension of trading in the securities of Guar Global Ltd. (``Guar Global'') because of concerns regarding the accuracy and adequacy of information in the...

76 FR 28499 - Data Fortress Systems Group Ltd., Digital Youth Network Corp., Fantom Technologies, Inc., and KIK...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-17

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Data Fortress Systems Group Ltd., Digital Youth Network Corp., Fantom Technologies, Inc., and KIK Technology International, Inc., Order of... of current and accurate information concerning the securities of Data Fortress Systems Group Ltd...

78 FR 72139 - Nevada Gold Corp.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-02

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1 ] Nevada Gold Corp.; Order of Suspension of... current and accurate information concerning the securities of Nevada Gold Corp. (``Nevada Gold'') because of questions regarding the accuracy of assertions by Nevada Gold, and by others, to investors in...

78 FR 57921 - Patch International, Inc., QuadTech International, Inc., Strategic Resources, Ltd., and Virtual...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Patch International, Inc., QuadTech International, Inc., Strategic Resources, Ltd., and Virtual Medical Centre, Inc.; Order of Suspension of Trading... lack of current and accurate information concerning the securities of Virtual Medical Centre, Inc...

77 FR 26796 - Order of Suspension of Trading; Airtrax, Inc., Amedia Networks, Inc., American Business Financial...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-07

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; Airtrax, Inc., Amedia Networks, Inc., American Business Financial Services, Inc., Appalachian Bancshares, Inc., and... information concerning the securities of American Business Financial Services, Inc. because it has not filed...

78 FR 73915 - Community Alliance, Inc., Defi Global, Inc., Easy Energy, Inc., Industry Concept Holdings, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Community Alliance, Inc., Defi Global, Inc., Easy Energy, Inc., Industry Concept Holdings, Inc., and Transworld Benefits International, Inc.; Order... that there is a lack of current and accurate information concerning the securities of Industry Concept...

78 FR 69516 - In The Matter of: Sovereign Lithium, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In The Matter of: Sovereign Lithium, Inc... securities of Sovereign Lithium, Inc. (``Sovereign Lithium'') because of concerns regarding the accuracy and adequacy of information in the marketplace and potentially manipulative transactions in Sovereign Lithium's...

76 FR 17726 - In the Matter of Euro Solar Parks, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-30

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Euro Solar Parks, Inc.; Order... there is a lack of current and accurate information concerning the securities of Euro Solar Parks, Inc. (``Euro Solar'') because of [[Page 17727

77 FR 22622 - AP Henderson Group, BPO Management Services, Inc., Capital Mineral Investors, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] AP Henderson Group, BPO Management Services, Inc., Capital Mineral Investors, Inc., CardioVascular BioTherapeutics, Inc., and 1st Centennial... that there is a lack of current and accurate information concerning the securities of 1st Centennial...

76 FR 70520 - RMD Technologies, Inc., Rockwall Holdings, Inc., Southmark Corp., Stargold Mines, Inc., Stelax...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-14

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] RMD Technologies, Inc., Rockwall Holdings, Inc., Southmark Corp., Stargold Mines, Inc., Stelax Industries, Ltd., Stem Cell Innovations, Inc., and Surfect... there is a lack of current and accurate information concerning the securities of Stem Cell Innovations...

78 FR 8682 - Americas Energy Company-AECo; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-06

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Americas Energy Company--AECo; Order of... lack of current and accurate information concerning the securities of Americas Energy Company-AECo (``Americas'') because Americas has not filed any periodic reports since the period ended September 30, 2011...

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Health Information Security in Hospitals: the Application of Security Safeguards.

PubMed

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

12 CFR 368.5 - Customer information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Customer information. 368.5 Section 368.5 Banks... GOVERNMENT SECURITIES SALES PRACTICES § 368.5 Customer information. Prior to the execution of a transaction... make reasonable efforts to obtain information concerning: (a) The customer's financial status; (b) The...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. But, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. We built this method on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. Particularly, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

77 FR 29399 - Order of Suspension of Trading; In the Matter of 1-800-ATTORNEY, Inc., et al.

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-17

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; In the Matter of 1-800-ATTORNEY, Inc., et al. May 14, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of 1-800-ATTORNEY, Inc. because questions have arisen as to its...

Healthcare teams over the Internet: programming a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2003-07-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modern healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has, therefore, become a major concern. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security model is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control (HAC) security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Healthcare teams over the Internet: towards a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2002-01-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modem healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has therefore become a major concern for healthcare applications over the Internet. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security policy is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization.

PubMed

He, Ying; Johnson, Chris

2017-12-01

Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.

Resident Use of Text Messaging for Patient Care: Ease of Use or Breach of Privacy?

PubMed

Prochaska, Micah T; Bird, Amber-Nicole; Chadaga, Amar; Arora, Vineet M

2015-11-26

Short message service (SMS) text messaging is an efficient form of communication and pervasive in health care, but may not securely protect patient information. It is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care. We sought to compare residents' preferences for SMS text messaging compared with other forms of in-hospital communication when considering security versus ease of use. This study was a cross-sectional multi-institutional survey of internal medicine residents. Residents ranked different communication modalities based on efficiency, ease of use, and security using a Likert scale. Communication options included telephone, email, hospital paging, and SMS text messaging. Respondents also reported whether they had received confidential patient identifiers through any of these modalities. SMS text messaging was preferred by 71.7% (94/131) of respondents because of its efficiency and by 79.8% (103/129) of respondents because of its ease of use. For security, 82.5% (104/126) of respondents preferred the hospital paging system, whereas only 20.6% (26/126) of respondents preferred SMS text messaging for secure communication. In all, 70.9% (93/131) of respondents reported having received patient identifiers (first and/or last name), 81.7% (107/131) reported receiving patient initials, and 50.4% (66/131) reported receiving a patient's medical record number through SMS text messages. Residents prefer in-hospital communication through SMS text messaging because of its ease of use and efficiency. Despite security concerns, the majority of residents reported receiving confidential patient information through SMS text messaging. For providers, it is possible that the benefits of improved in-hospital communication with SMS text messaging and the presumed improvement in the coordination and delivery of patient care outweigh security concerns they may have. The tension between the security and convenience of SMS text messaging may represent an educational opportunity to ensure the compliance of mobile technology in the health care setting.

Encryption protection for communication satellites

NASA Astrophysics Data System (ADS)

Sood, D. R.; Hoernig, O. W., Jr.

In connection with the growing importance of the commercial communication satellite systems and the introduction of new technological developments, users and operators of these systems become increasingly concerned with aspects of security. The user community is concerned with maintaining confidentiality and integrity of the information being transmitted over the satellite links, while the satellite operators are concerned about the safety of their assets in space. In response to these concerns, the commercial satellite operators are now taking steps to protect the communication information and the satellites. Thus, communication information is being protected by end-to-end encryption of the customer communication traffic. Attention is given to the selection of the NBS DES algorithm, the command protection systems, and the communication protection systems.

12 CFR 222.1 - Purpose, scope, and effective dates.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) Section 115, concerning truncation of the social security number in a consumer report; (iv) Section 151(a... consumer reports; (viii) Section 155, concerning notice by debt collectors with respect to fraudulent... part generally applies to persons that obtain and use information about consumers to determine the...

A single-pixel X-ray imager concept and its application to secure radiographic inspections

DOE PAGES

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.; ...

2017-07-01

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. But, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. We built this method on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. Particularly, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

A single-pixel X-ray imager concept and its application to secure radiographic inspections

NASA Astrophysics Data System (ADS)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.; White, Timothy A.; Pitts, William Karl; Jarman, Kenneth D.; Seifert, Allen

2017-07-01

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. However, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. The method is built on the theory of compressive sensing and the single pixel optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. In particular, it is found that an inspection with low noise ( < 1 %) and high undersampling ( > 256 ×) exhibits high robustness and security.

A Predictive Validity Study of Creative and Effective Managerial Performance.

ERIC Educational Resources Information Center

Moffie, D. J.; Goodner, Susan

This study tests the following hypotheses concerning the job creativity of managers: (1) There is a significant relationship between psychological test scores secured on subjects 15 to 20 years ago and creative performance on the job today, (2) there is a significant relationship between biographical information secured from subjects at the time…

76 FR 77578 - In the Matter of: Brendan Technologies, Inc., CenterStaging Corp., PGMI, Inc., Thermal Energy...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-13

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of: Brendan Technologies, Inc., CenterStaging Corp., PGMI, Inc., Thermal Energy Storage, Inc., and Trinity3 Corporation; Order of... there is a lack of current and accurate information concerning the securities of Thermal Energy Storage...

76 FR 35259 - In the Matter of Dawn Technologies, Inc., Distinctive Devices, Inc., Haber, Inc., and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Dawn Technologies, Inc., Distinctive Devices, Inc., Haber, Inc., and Independence Brewing Co.; Order of Suspension of Trading June 14... a lack of current and accurate information concerning the securities of Independence Brewing Co...

77 FR 19680 - Extension of Agency Information Collection Activity Under OMB Review: Rail Transportation Security

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-02

... receivers of certain hazardous materials; and passenger railroad carriers, including each carrier operating light rail or heavy rail transit service on track that is part of the general railroad system of transportation and rail transit systems. Also, these persons are required to report significant security concerns...

77 FR 12102 - In the Matter of: American United Gold Corporation, AMS Homecare Inc., Aucxis Corp., and CYOP...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-28

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of: American United Gold Corporation, AMS Homecare Inc., Aucxis Corp., and CYOP Systems International Inc.; Order of Suspension of... current and accurate information concerning the securities of American United Gold Corporation because it...

78 FR 63559 - Order Of Suspension of Trading; In the Matter of ARX Gold Corp.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-24

... of ARX Gold Corp. October 22, 2013. It appears to the Securities and Exchange Commission (``Commission'') that there is a lack of current and accurate information concerning the securities of ARX Gold Corp. (``ARX Gold''), quoted under the ticker symbol DUCP, because of questions regarding the...

77 FR 5864 - BluePoint Linux Software Corp., China Bottles Inc., Long-e International, Inc., and Nano...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] BluePoint Linux Software Corp., China Bottles Inc., Long-e International, Inc., and Nano Superlattice Technology, Inc.; Order of Suspension of... current and accurate information concerning the securities of BluePoint Linux Software Corp. because it...

76 FR 35935 - In the Matter of: BP International, Inc., CyGene Laboratories, Inc., Delek Resources, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of: BP International, Inc., CyGene Laboratories, Inc., Delek Resources, Inc., Flooring America, Inc., International Diversified... there is a lack of current and accurate information concerning the securities of CyGene Laboratories...

77 FR 68881 - DIAS Holding, Inc., EarthBlock Technologies, Inc., Ensurapet, Inc., FIIC Holdings, Inc., GeM...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] DIAS Holding, Inc., EarthBlock Technologies, Inc., Ensurapet, Inc., FIIC Holdings, Inc., GeM Solutions, Inc., Gold Star Tutoring Services Inc., and... accurate information concerning the securities of EarthBlock Technologies, Inc. because it has not filed...

77 FR 19744 - Advanced BioPhotonics, Inc., Advanced Viral Research Corp., Brantley Capital Corp., Brilliant...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-02

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Advanced BioPhotonics, Inc., Advanced Viral Research Corp., Brantley Capital Corp., Brilliant Technologies Corporation, 4C Controls, Inc., and 2-Track... Commission that there is a lack of current and accurate information concerning the securities of Advanced Bio...

77 FR 25774 - Order of Suspension of Trading; In the Matter of Berman Center, Inc., Cyberkinetics...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-01

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; In the Matter of Berman Center, Inc., Cyberkinetics Neurotechnology Systems, Inc., and Java Detour, Inc. April 27... information concerning the securities of Java Detour, Inc. because it has not filed any periodic reports since...

77 FR 10004 - C$ cMoney, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-21

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] C$ cMoney, Inc.; Order of Suspension of... current and accurate information concerning the securities of C$ cMoney, Inc. (``cMoney'') because of questions regarding the accuracy of assertions by cMoney, and by others, in press releases to investors and...

12 CFR 344.9 - Personal securities trading reporting by bank officers and employees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... decisions for the accounts of customers; (2) Participate in the determination of such recommendations or decisions; or (3) In connection with their duties, obtain information concerning which securities are being purchased or sold or recommend such action, must report to the bank, within 30-calendar days after the end...

38 CFR 75.111 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

...) INFORMATION SECURITY MATTERS Data Breaches § 75.111 Purpose and scope. This subpart implements provisions of... Information Technology Act of 2006. It only concerns actions to address a data breach regarding sensitive personal information that is processed or maintained by VA. This subpart does not supersede the...

The Secure Medical Research Workspace: An IT Infrastructure to Enable Secure Research on Clinical Data

PubMed Central

Owen, Phillips; Mostafa, Javed; Lamm, Brent; Wang, Xiaoshu; Schmitt, Charles P.; Ahalt, Stanley C.

2013-01-01

Abstract Clinical data have tremendous value for translational research, but only if security and privacy concerns can be addressed satisfactorily. A collaboration of clinical and informatics teams, including RENCI, NC TraCS, UNC's School of Information and Library Science, Information Technology Service's Research Computing and other partners at the University of North Carolina at Chapel Hill have developed a system called the Secure Medical Research Workspace (SMRW) that enables researchers to use clinical data securely for research. SMRW significantly minimizes the risk presented when using identified clinical data, thereby protecting patients, researchers, and institutions associated with the data. The SMRW is built on a novel combination of virtualization and data leakage protection and can be combined with other protection methodologies and scaled to production levels. PMID:23751029

76 FR 41273 - National Emergency Communications Plan (NECP) Tribal Report

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-13

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0025] National Emergency Communications Plan... Communications (CS&C), Office of Emergency Communications (OEC), will submit the following information collection... concerning New Information Collection Request, National Emergency Communications Plan Tribal Report. DHS...

76 FR 8742 - Proposed Information Collection Activity; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Administration for Children and Families Proposed... the Social Security Act (the Act) to authorize the Secretary, through the Federal Parent Locator... with information maintained by insurers (or their agents) concerning insurance claims, settlements...

21 CFR 1301.91 - Employee responsibility to report drug diversion.

Code of Federal Regulations, 2010 CFR

2010-04-01

... diversion from his employer by a fellow employee has an obligation to report such information to a responsible security official of the employer. The employer shall treat such information as confidential and.... The employer shall inform all employees concerning this policy. [40 FR 17143, Apr. 17, 1975] ...

The double-edged sword of electronic health records: implications for patient disclosure.

PubMed

Campos-Castillo, Celeste; Anthony, Denise L

2015-04-01

Electronic health record (EHR) systems are linked to improvements in quality of care, yet also privacy and security risks. Results from research studies are mixed about whether patients withhold personal information from their providers to protect against the perceived EHR privacy and security risks. This study seeks to reconcile the mixed findings by focusing on whether accounting for patients' global ratings of care reveals a relationship between EHR provider-use and patient non-disclosure. A nationally representative sample from the 2012 Health Information National Trends Survey was analyzed using bivariate and multivariable logit regressions to examine whether global ratings of care suppress the relationship between EHR provider-use and patient non-disclosure. 13% of respondents reported having ever withheld information from a provider because of privacy/security concerns. Bivariate analysis showed that withholding information was unrelated to whether respondents' providers used an EHR. Multivariable analysis showed that accounting for respondents' global ratings of care revealed a positive relationship between having a provider who uses an EHR and withholding information. After accounting for global ratings of care, findings suggest that patients may non-disclose to providers to protect against the perceived EHR privacy and security risks. Despite evidence that EHRs inhibit patient disclosure, their advantages for promoting quality of care may outweigh the drawbacks. Clinicians should leverage the EHR's value in quality of care and discuss patients' privacy concerns during clinic visits, while policy makers should consider how to address the real and perceived privacy and security risks of EHRs. © The Author 2014. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

76 FR 65768 - ADS Media Group, Inc., American Enterprise Development Corp., and Arcland Energy Corp.; Order of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-24

... Development Corp., and Arcland Energy Corp.; Order of Suspension of Trading October 20, 2011. It appears to... current and accurate information concerning the securities of American Enterprise Development Corp... securities of Arcland Energy Corp. because it has not filed any periodic reports since the period ended April...

75 FR 51122 - In the Matter of Four Crystal Funding, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Four Crystal Funding, Inc... that there is a lack of current and accurate information concerning the securities of Four Crystal Funding, Inc. (``Four Crystal'') because it has not filed any periodic reports since the period ended June...

77 FR 29747 - Orbit E-Commerce, Inc., Orion Ethanol, Inc., Pacificnet, Inc., PainCare Holdings, Inc., Pay88...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Orbit E-Commerce, Inc., Orion Ethanol, Inc., Pacificnet, Inc., PainCare Holdings, Inc., Pay88, Inc., Rahaxi, Inc., and Raven Biofuels International Corp... there is a lack of current and accurate information concerning the securities of Orbit E-Commerce, Inc...

77 FR 27108 - Order of Suspension of Trading; In the Matter of Anthracite Capital, Inc., Auto Data Network Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-08

... of Anthracite Capital, Inc., Auto Data Network Inc., Avenue Group, Inc., Ckrush, Inc., Clickable... securities of Auto Data Network Inc. because it has not filed any periodic reports since the period ended... accurate information concerning the securities of Avenue Group, Inc. because it has not filed any periodic...

78 FR 56263 - In the Matter of Exmocare, Inc. (n/k/a Second Solar, Inc.), First Transation Management, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Exmocare, Inc. (n/k/a Second Solar, Inc.), First Transation Management, Inc., jetPADS, Inc., PepperBall Technologies, Inc., Pure Play... current and accurate information concerning the securities of PepperBall Technologies, Inc. because it has...

78 FR 62867 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of a...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-22

... sales by customers in a narrow set of instances, such as when an issuer has made a tender offer for the... municipal securities transaction, to disclose to its customer, at or prior to the time of trade, all... Prepay Principal (March 19, 1991), Notice Concerning Disclosure of Call Information to Customers of...

76 FR 35934 - In the Matter of: SHC Corp. (f/k/a Victormaxx Technologies, Inc.), Shells Seafood Restaurants...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of: SHC Corp. (f/k/a Victormaxx Technologies, Inc.), Shells Seafood Restaurants, Inc., SI Restructuring, Inc. (f/k/a Schlotzsky's, Inc.), SLS... a lack of current and accurate information concerning the securities of Shells Seafood Restaurants...

77 FR 36031 - ROK Entertainment Group, Inc., RussOil Corp., Tricell, Inc., Tunex International, Inc. (n/k/a...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-15

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] ROK Entertainment Group, Inc., RussOil Corp., Tricell, Inc., Tunex International, Inc. (n/k/a Aone Dental International Group, Inc.), and Wireless Age... there is a lack of current and accurate information concerning the securities of Wireless Age...

76 FR 52377 - Colorado Wyoming Reserve Co., Grant Life Sciences, Inc., NOXSO Corp., Omni Medical Holdings, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-22

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Colorado Wyoming Reserve Co., Grant Life Sciences, Inc., NOXSO Corp., Omni Medical Holdings, Inc., and TSI, Inc., Order of Suspension of Trading... Commission that there is a lack of current and accurate information concerning the securities of Grant Life...

77 FR 5291 - Thermo Tech Technologies Inc., T.V.G. Technologies Ltd., and Visual Frontier, Inc.; Order of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-02

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Thermo Tech Technologies Inc., T.V.G. Technologies Ltd., and Visual Frontier, Inc.; Order of Suspension of Trading January 31, 2012. It appears to... is a lack of current and accurate information concerning the securities of T.V.G. Technologies Ltd...

77 FR 34455 - In the Matter of Aegis Assessments, Inc., APC Group, Inc., Aurelio Resource Corp., BioAuthorize...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-11

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Aegis Assessments, Inc., APC Group, Inc., Aurelio Resource Corp., BioAuthorize Holdings, Inc., and Fonix Corporation; Order of... there is a lack of current and accurate information concerning the securities of BioAuthorize Holdings...

77 FR 65438 - In the Matter of China Voice Holding Corp., China Yongxin Pharmaceuticals, Inc., Creative...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-26

... Commission that there is a lack of current and accurate information concerning the securities of CSI Computer... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of China Voice Holding Corp... Telecommunications.com , Inc. (n/k/a Fleet Management Solutions, Inc.), CSI Computer Specialists, Inc., and CST...

78 FR 27468 - Order of Suspension of Trading in the Matter of CoreCare Systems, Inc., Forticell Bioscience, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-10

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading in the Matter of CoreCare Systems, Inc., Forticell Bioscience, Inc., Michelex Corporation, and Rx for Africa, Inc... accurate information concerning the securities of CoreCare Systems, Inc. because it has not filed any...

Securing Information in the Healthcare Industry: Network Security, Incident Management, and Insider Threat

DTIC Science & Technology

2010-09-23

Chris, ―An Analysis of Breaches Affecting 500 or More Individuals in Healthcare‖, HITRUST, August 2010. 2. ―2009 Annual Study: Cost of a Data Breach ,‖ Ponemon...penalties for willful neglect • Loss of human life? — While many concerns focus on a data breach , some vulnerabilities can be more severe

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

32 CFR 2103.13 - Duration of original classification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... REGULATIONS TO IMPLEMENT E.O. 12065-INCLUDING PROCEDURES FOR PUBLIC ACCESS TO DOCUMENTS THAT MAY BE... pertains to communication security; (d) The information reveals vulnerability or capability data, the... the plan; (f) The information concerns specific foreign relations matters, the continued protection of...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. However, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. The method is built on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified here using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how such an inspection would be made which can maintain high robustness and security. In particular, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

17 CFR 21.02 - Special calls for information on open contracts in accounts carried or introduced by futures...

Code of Federal Regulations, 2010 CFR

2010-04-01

... furnish to the Commission the following information concerning accounts of traders owning or controlling... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Special calls for information on open contracts in accounts carried or introduced by futures commission merchants, clearing members...

Random Assignment and Informed Consent: A Case Study of Multiple Perspectives

ERIC Educational Resources Information Center

Walker, Robert; Hoggart, Lesley; Hamilton, Gayle

2008-01-01

Although random assignment is generally the preferred methodology in impact evaluations, it raises numerous ethical concerns, some of which are addressed by securing participants' informed consent. However, there has been little investigation of how consent is obtained in social experiments and the amount of information that can be conveyed--and…

A study on user authentication methodology using numeric password and fingerprint biometric information.

PubMed

Ju, Seung-hwan; Seo, Hee-suk; Han, Sung-hyu; Ryou, Jae-cheol; Kwak, Jin

2013-01-01

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility.

A Study on User Authentication Methodology Using Numeric Password and Fingerprint Biometric Information

PubMed Central

Ju, Seung-hwan; Seo, Hee-suk; Han, Sung-hyu; Ryou, Jae-cheol

2013-01-01

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility. PMID:24151601

76 FR 13438 - AccessTel, Inc., American Asset Management Corp., DME Interactive Holdings, Inc., DocuPort, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-11

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] AccessTel, Inc., American Asset Management Corp., DME Interactive Holdings, Inc., DocuPort, Inc., and iCarbon Corp., Order of Suspension of Trading March 8, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the...

78 FR 25132 - Enercorp, Inc., FTS Group, Inc., Games, Inc. (n/k/a InQBate Corporation), Hartmarx Corporation (n...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-29

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Enercorp, Inc., FTS Group, Inc., Games, Inc. (n/k/a InQBate Corporation), Hartmarx Corporation (n/k/a XMH Corp. 1), and Penn Treaty American... current and accurate information concerning the securities of Games, Inc. (n/k/a InQBate Corporation...

78 FR 4175 - Eco Global Corporation, Execute Sports, Inc., FacePrint Global Solutions, Inc., FinancialContent...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Eco Global Corporation, Execute Sports, Inc., FacePrint Global Solutions, Inc., FinancialContent, Inc., and Firstgold Corp.; Order of Suspension of Trading January 16, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning...

77 FR 58424 - Drucker, Inc., DynaMotive Energy Systems Corp., and Gate to Wire Solutions, Inc., Order of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Drucker, Inc., DynaMotive Energy Systems Corp., and Gate to Wire Solutions, Inc., Order of Suspension of Trading September 18, 2012. It appears to the... that there is a lack of current and accurate information concerning the securities of Gate to Wire...

77 FR 3319 - TapSlide, Inc., TTC Technology Corp. (f/k/a SmarTire Systems Inc.), TWL Corp., TXP Corp...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] TapSlide, Inc., TTC Technology Corp. (f/k/a SmarTire Systems Inc.), TWL Corp., TXP Corp., Valentec Systems, Inc. (f/k/a Acorn Holdings Corp... current and accurate information concerning the securities of TTC Technology Corp. (f/k/a SmarTire Systems...

75 FR 50010 - Atchison Casting Corp. (n/k/a Bradken-Atchison/St. Joseph, Inc.), CityFed Financial Corp., Divine...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Atchison Casting Corp. (n/k/a Bradken-Atchison/St. Joseph, Inc.), CityFed Financial Corp., Divine, Inc. (n/k/a Enivid, Inc.), Genesis Worldwide, Inc... information concerning the securities of Atchison Casting Corp. (n/k/a Bradken-Atchison/St. Joseph, Inc...

76 FR 52042 - Auriga Laboratories, Inc., Curon Medical, Inc., Goldstate Corp., OneWorld Systems, Inc., and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Auriga Laboratories, Inc., Curon Medical, Inc., Goldstate Corp., OneWorld Systems, Inc., and PracticeXpert, Inc.; Order of Suspension of Trading August 17, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the...

78 FR 29200 - In the Matter of Griffin Mining, Inc., Power Sports Factory, Inc., Star Energy Corp., TransNet...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-17

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Griffin Mining, Inc., Power Sports Factory, Inc., Star Energy Corp., TransNet Corp., Valcom, Inc., and Vibe Records, Inc.; Order of... information concerning the securities of Power Sports Factory, Inc. because it has not filed any periodic...

78 FR 73915 - In the Matter of Catch By Gene, Inc., Four Star Holdings, Inc., Great Spirits, Inc., and Texas...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Catch By Gene, Inc., Four Star Holdings, Inc., Great Spirits, Inc., and Texas Sweet Crude Oil Corp.; Order of Suspension of... current and accurate information concerning the securities of Catch By Gene, Inc. because it has not filed...

75 FR 21050 - V-GPO, Inc., Valesc Holdings, Inc., Venture Stores, Inc., Vertigo Theme Parks, Inc. (f/k/a Snap2...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-22

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] V-GPO, Inc., Valesc Holdings, Inc., Venture Stores, Inc., Vertigo Theme Parks, Inc. (f/k/a Snap2 Corp.), Videolan Technologies, Inc., VisionGateway... Commission that there is a lack of current and accurate information concerning the securities of Vertigo...

SecureMA: protecting participant privacy in genetic association meta-analysis.

PubMed

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

78 FR 12127 - Vitaminspice Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... current and accurate information concerning the securities of VitaminSpice Inc. (``VitaminSpice'') because of questions regarding the adequacy of current financial information available about VitaminSpice; and the accuracy of assertions by VitaminSpice, and by others, in press releases to investors, in...

The Enlargement of the Classified Information System.

ERIC Educational Resources Information Center

Academe, 1983

1983-01-01

The second of two reports examines a recent executive order prescribing a system for classifying information on the basis of national security concerns, criticizing it for imperiling the freedoms it means to protect, and potentially inhibiting research efforts. A National Academy of Sciences report is appended. (MSE)

The Making of a National Information Policy: Examining the Legislative Components and the Social Factors that Influence the Development of Information Policy in Israel.

ERIC Educational Resources Information Center

Rabina, Debbie L.

2000-01-01

Discusses the development of a national information policy in Israel. Topics include political climate; security concerns; censorship; lack of openness; progress in the peace process; technical innovativeness; a desire to join the international community; and legislation, including privacy protection, freedom of information, and copyright.…

77 FR 35992 - Agency Information Collection Activities: User Fees

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-15

... Activities: User Fees AGENCY: U.S. Customs and Border Protection (CBP), Department of Homeland Security... User Fees. This request for comment is being made pursuant to the Paperwork Reduction Act of 1995 (Pub... soliciting comments concerning the following information collection: Title: User Fees. OMB Number: 1651-0052...

17 CFR 201.900 - Informal Procedures and Supplementary Information Concerning Adjudicatory Proceedings.

Code of Federal Regulations, 2010 CFR

2010-04-01

... from the initial decision of a hearing officer, a review of a determination by a self-regulatory... review of a determination by a self-regulatory organization, or a remand of a prior Commission decision..., securities industry participants, self-regulatory organizations and other members of the public. The...

Beyond Electronic Forms: E-Mail as an Institution-Wide Information Server.

ERIC Educational Resources Information Center

Jacobson, Carl

1992-01-01

The University of Delaware developed an intelligent mail server to provide easy, inexpensive access to institutional information for faculty, staff, and students on any node, machine, or operating system on the campuswide computing network. Security concerns have been addressed. The small investment has returned immediate benefits. (MSE)

77 FR 57576 - Notice of Proposed Information Collection to OMB and Comment Request: Legal Instructions...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-18

... connection with the assignment, legal documents (e.g., mortgage, mortgage note, security agreement, title... Information Collection to OMB and Comment Request: Legal Instructions Concerning Applications for Full... mortgages to HUD. In connection with the assignment, legal documents (e.g., mortgage, mortgage note...

28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Privacy Act pursuant to 5 U.S.C. 552a(j)(2), (k)(1), (2) and (5): Foreign Intelligence and... concerning him or her would hinder authorized United States intelligence activities by informing that...) Subsection (d)(1). Disclosure of foreign intelligence and counterintelligence information would interfere...

28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Privacy Act pursuant to 5 U.S.C. 552a(j)(2), (k)(1), (2) and (5): Foreign Intelligence and... concerning him or her would hinder authorized United States intelligence activities by informing that...) Subsection (d)(1). Disclosure of foreign intelligence and counterintelligence information would interfere...

28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Privacy Act pursuant to 5 U.S.C. 552a(j)(2), (k)(1), (2) and (5): Foreign Intelligence and... concerning him or her would hinder authorized United States intelligence activities by informing that...) Subsection (d)(1). Disclosure of foreign intelligence and counterintelligence information would interfere...

28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Privacy Act pursuant to 5 U.S.C. 552a(j)(2), (k)(1), (2) and (5): Foreign Intelligence and... concerning him or her would hinder authorized United States intelligence activities by informing that...) Subsection (d)(1). Disclosure of foreign intelligence and counterintelligence information would interfere...

26 CFR 1.6050J-1T - Questions and answers concerning information returns relating to foreclosures and abandonments of...

Code of Federal Regulations, 2010 CFR

2010-04-01

... “Car—1983 Pontiac Firebird.” However, in the case of a single loan secured by more than one piece of personal property, a general description consists of the type or category of the pieces acquired or abandoned. For example, if the security for a single loan is six desks and seven typewriters, a general...

77 FR 39559 - In the Matter of AngelCiti Entertainment, Inc., BodyTel Scientific, Inc., Clearant, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-03

...., BodyTel Scientific, Inc., Clearant, Inc., DataMetrics Corp., and Green Energy Group, Inc. (a/k/a eCom eCom.Com, Inc.); Order of Suspension of Trading June 29, 2012. It appears to the Securities and... of current and accurate information concerning the securities of Green Energy Group, Inc. (a/k/a eCom...

49 CFR 1580.105 - Reporting significant security concerns.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Reporting significant security concerns. 1580.105... Hazardous Materials Receivers, and Private Cars § 1580.105 Reporting significant security concerns. (a... threats and significant security concerns to DHS by telephoning the Freedom Center at 1-866-615-5150. (c...

Collaborating to optimize nursing students' agency information technology use.

PubMed

Fetter, Marilyn S

2009-01-01

As the learning laboratory for gaining actual patient care experience, clinical agencies play an essential role in nursing education. With an information technology revolution transforming healthcare, nursing programs are eager for their students to learn the latest informatics systems and technologies. However, many healthcare institutions are struggling to meet their own information technology needs and report limited resources and other as barriers to nursing student training. In addition, nursing students' information technology access and use raise security and privacy concerns. With the goal of a fully electronic health record by 2014, it is imperative that agencies and educational programs collaborate. They need to establish educationally sound, cost-effective, and secure policies and procedures for managing students' use of information technology systems. Strategies for evaluating options, selecting training methods, and ensuring data security are shared, along with strategies that may reap clinical, economic, and educational benefits. Students' information technology use raises numerous issues that the nursing profession must address to participate in healthcare's transformation into the digital age.

Maritime security : progress made in implementing Maritime Transportation Security Act, but concerns remain : statement of Margaret Wrightson, Director, Homeland Security and Justice Issues

DOT National Transportation Integrated Search

2003-09-09

After the events of September 11, 2001, concerns were raised over the security of U.S. ports and waterways. In response to the concerns over port security, Congress passed the Maritime Transportation Security Act in November 2002. The act created a b...

Perspectives of Australian adults about protecting the privacy of their health information in statistical databases.

PubMed

King, Tatiana; Brankovic, Ljiljana; Gillard, Patricia

2012-04-01

The aim of this study was to discover the public's attitude and views towards privacy in health care. This is a part of a larger project which aims to gain an insight into what kind of privacy is needed and develop technical measures to provide such privacy. The study was a two-stage process which combined qualitative and quantitative research. Stage One of the study comprised arranging and facilitating focus groups while in Stage Two we conducted a social survey. We measured attitudes towards privacy, medical research and consent; privacy concern about sharing one's health information for research; privacy concern about the possibility that some specific information from medical records could be linked to the patient's name in a situation that was not related to medical treatment. The results of the study revealed both great support for medical research (98%), and concern about privacy of health information (66%). Participants prefer to be asked for their permission before their health information is used for any purpose other than medical treatment (92%), and they would like to know the organisation and details of the research before allowing the use of their health records (83%). Age, level of education, place of birth and employment status are most strongly associated with privacy concerns. The study showed that there are some particularly sensitive issues and there is a concern (42-60%) about any possibility of linking these kinds of data to the patient's name in a situation that is not related to medical treatment. Such issues include sexually transmitted diseases, abortions and infertility, family medical history/genetic disorders, mental illness, drug/alcohol related incidents, lists of previous operations/procedures/dates and current medications. Participants believe they should be asked for permission before their health information is used for any purpose other than medical treatment. However, consent and privacy concerns are not necessary related. Assuring individuals that their personal health information is de-identified reduces their concern about the necessity of consent for releasing health information for research purposes, but many people are not aware that removing their names and other direct identifiers from medical records does not guarantee full privacy protection for their health information. Privacy concerns decrease as extra security measures are introduced to protect privacy. Therefore, instead of "tailoring concern" as proposed by Willison we suggest improving privacy protection of personal information by introducing additional security measures in data publishing. Copyright © 2012 Elsevier Ireland Ltd. All rights reserved.

Installation of secure, always available wireless LAN systems as a component of the hospital communication infrastructure.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-06-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. In addition, insuring that the network is always available is important. Herein, we discuss security countermeasures and points to insure availability that must be taken to insure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at Shimane University Hospital. Security countermeasures differ according to their purpose, such as for preventing illegal use or insuring availability, both of which are discussed. It is our hope that this information will assist others in their efforts to insure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

MACCIS 2.0 - An Architecture Description Framework for Technical Infostructures and Their Enterprise Environment

DTIC Science & Technology

2004-06-01

Viewpoint Component Viewpoint View Architecture Description of Enterprise or Infostructure View Security Concern Business Security Model Business...security concern, when applied to the different viewpoints, addresses both stakeholders, and is described as a business security model or component...Viewpoint View Architecture Description of Enterprise or Infostructure View Security Concern Business Security Model Business Stakeholder IT Architect

Turning Access into a web-enabled secure information system for clinical trials.

PubMed

Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

2009-08-01

Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Privacy, confidentiality, and electronic medical records.

PubMed Central

Barrows, R C; Clayton, P D

1996-01-01

The enhanced availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care, yet it brings a concomitant concern of greater risk for loss of privacy among health care participants. The authors review the conflicting goals of accessibility and security for electronic medical records and discuss nontechnical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. PMID:8653450

The Rise of iWar: Identity, Information, and the Individualization of Modern Warfare

DTIC Science & Technology

2015-10-01

INDMDUALIZATION OF MODERN WARFARE Glenn J. Voelz U.S. ARMY WAR COLLEGE ~~ ..... ~O.L STRATEGIC STUDIES INSTITUTE Report Documentation Page Form...ORGANIZATION NAME(S) AND ADDRESS(ES) U.S. Army War College,Strategic Studies Institute,47 Ashburn Drive,Carlisle,PA,17013-5010 8. PERFORMING...concerning the role of ground forces in achieving national security objectives. The Strategic Studies Institute publishes national security and

75 FR 41559 - In the Matter of E-Sync Networks, Inc. (n/k/a ESNI, Inc.), EchoCath, Inc., Edison Brothers Stores...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of E[dash]Sync Networks, Inc. (n/k/a ESNI, Inc.), EchoCath, Inc., Edison Brothers Stores, Inc., Electronic Technology Group, Inc. (n... information concerning the securities of E-Sync Networks, Inc. (n/k/a ESNI, Inc.) because it has not filed any...

Airport detectors and orthopaedic implants.

PubMed

van der Wal, Bart C H; Grimm, Bernd; Heyligers, Ide C

2005-08-01

As a result of the rising threats of terrorism, airport security has become a major issue. Patients with orthopaedic implants are concerned that they may activate alarms at airport security gates. A literature overview showed that the activation rate of the alarm by hand-held detectors is higher than for arch detectors (100% versus 56%). Arch detection rate has significantly increased from 0% before 1995 up to 83.3% after 1994. Reported factors which influence detection rates are implant mass, implant combinations, implant volume, transfer speed, side of implant, detector model, sensitivity settings, material and tissue masking. Detection rate has been improved by more sensitive devices and improved filter software. Doctors should be able to objectively inform patients. A form is presented which will easily inform the airport security staff.

The Role of Corporate and Government Surveillance in Shifting Journalistic Information Security Practices

ERIC Educational Resources Information Center

Shelton, Martin L.

2015-01-01

Digital technologies have fundamentally altered how journalists communicate with their sources, enabling them to exchange information through social media as well as video, audio, and text chat. Simultaneously, journalists are increasingly concerned with corporate and government surveillance as a threat to their ability to speak with sources in…

Standards Setting and Federal Information Policy: The Escrowed Encryption Standard (EES).

ERIC Educational Resources Information Center

Gegner, Karen E.; Veeder, Stacy B.

1994-01-01

Examines the standards process used for developing the Escrowed Encryption Standard (EES) and its possible impact on national communication and information policies. Discusses the balance between national security and law enforcement concerns versus privacy rights and economic competitiveness in the area of foreign trade and export controls. (67…

76 FR 3151 - Agency Information Collection Activities: Record of Vessel Foreign Repair or Equipment Purchase

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-19

... Activities: Record of Vessel Foreign Repair or Equipment Purchase AGENCY: U.S. Customs and Border Protection (CBP), Department of Homeland Security. ACTION: 60-Day Notice and request for comments; Extension of an... information collection requirement concerning the Record of Vessel Foreign Repair or Equipment Purchase (CBP...

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Security Techniques for the Electronic Health Records.

PubMed

Kruse, Clemens Scott; Smith, Brenna; Vanderlinden, Hannah; Nealand, Alexandra

2017-08-01

The privacy of patients and the security of their information is the most imperative barrier to entry when considering the adoption of electronic health records in the healthcare industry. Considering current legal regulations, this review seeks to analyze and discuss prominent security techniques for healthcare organizations seeking to adopt a secure electronic health records system. Additionally, the researchers sought to establish a foundation for further research for security in the healthcare industry. The researchers utilized the Texas State University Library to gain access to three online databases: PubMed (MEDLINE), CINAHL, and ProQuest Nursing and Allied Health Source. These sources were used to conduct searches on literature concerning security of electronic health records containing several inclusion and exclusion criteria. Researchers collected and analyzed 25 journals and reviews discussing security of electronic health records, 20 of which mentioned specific security methods and techniques. The most frequently mentioned security measures and techniques are categorized into three themes: administrative, physical, and technical safeguards. The sensitive nature of the information contained within electronic health records has prompted the need for advanced security techniques that are able to put these worries at ease. It is imperative for security techniques to cover the vast threats that are present across the three pillars of healthcare.

Chile Informed Question Paper - Military

DTIC Science & Technology

2003-01-01

superior military strength and regional economic integration. Internally, Chile also faces little threat; however, militants from the Mapuche ...considered a significant threat.11 The most significant internal security concern is the ongoing campaign by Mapuche indigenous community militants to

Sharing the Knowledge: Government-Private Sector Partnerships to Enhance Information Security

DTIC Science & Technology

2000-05-01

private sector . However, substantial barriers threaten to block information exchanges between the government and private sector . These barriers include concerns over release of sensitive material under Freedom of Information Act requests, antitrust actions, protection of business confidential and other private material, possible liability due to shared information, disclosure of classified information, and burdens entailed with cooperating with law enforcement agencies. There is good cause to believe that the government and private

Academic Information Security Researchers: Hackers or Specialists?

PubMed

Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

2018-04-01

In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

The use of biometrics in the Personal Health Record (PHR).

PubMed

Bonney, Wilfred

2011-01-01

The emergence of the Personal Health Record (PHR) has made individual health information more readily accessible to a wide range of users including patients, consumers, practitioners, and healthcare providers. However, increased accessibility of PHR threatens the confidentiality, privacy, and security of personalized health information. Therefore, a need for robust and reliable forms of authentication is of prime concern. The concept of biometric authentication is now highly visible to healthcare providers as a technology to prevent unauthorized access to individual health information. Implementing biometric authentication mechanisms to protect PHR facilitates access control and secure exchange of health information. In this paper, a literature review is used to explore the key benefits, technical barriers, challenges, and ethical implications for using biometric authentication in PHR.

Security of medical multimedia.

PubMed

Tzelepi, S; Pangalos, G; Nikolacopoulou, G

2002-09-01

The application of information technology to health care has generated growing concern about the privacy and security of medical information. Furthermore, data and communication security requirements in the field of multimedia are higher. In this paper we describe firstly the most important security requirements that must be fulfilled by multimedia medical data, and the security measures used to satisfy these requirements. These security measures are based mainly on modern cryptographic and watermarking mechanisms as well as on security infrastructures. The objective of our work is to complete this picture, exploiting the capabilities of multimedia medical data to define and implement an authorization model for regulating access to the data. In this paper we describe an extended role-based access control model by considering, within the specification of the role-permission relationship phase, the constraints that must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specifiy very fine-grained and flexible content-, context- and time-based access control policies. Other restrictions, such as role entry restriction also can be captured. Finally, the description of system architecture for a secure DBMS is presented.

[The concept and measurement of food security].

PubMed

Kim, Kirang; Kim, Mi Kyung; Shin, Young Jeon

2008-11-01

During the past two decades, food deprivation and hunger have been recognized to be not just the concerns of only underdeveloped or developing countries, but as problems for many affluent Western nations as well. Many countries have made numerous efforts to define and measure the extent of these problems. Based on these efforts, the theory and practice of food security studies has significantly evolved during the last decades. Thus, this study aims to provide a comprehensive review of the concept and measurement of food security. In this review, we introduce the definition and background of food security, we describe the impact of food insecurity on nutrition and health, we provide its measurements and operational instruments and we discuss its applications and implications. Some practical information for the use of the food security index in South Korea is also presented. Food security is an essential element in achieving a good nutritional and health status and it has an influence to reduce poverty. The information about the current understanding of food security can help scientists, policy makers and program practitioners conduct research and maintain outreach programs that address the issues of poverty and the promotion of food security.

A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth.

PubMed

Jiang, Qi; Lian, Xinxin; Yang, Chao; Ma, Jianfeng; Tian, Youliang; Yang, Yuanyuan

2016-11-01

Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Gridmore » Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.« less

Risk assessment of integrated electronic health records.

PubMed

Bjornsson, Bjarni Thor; Sigurdardottir, Gudlaug; Stefansson, Stefan Orri

2010-01-01

The paper describes the security concerns related to Electronic Health Records (EHR) both in registration of data and integration of systems. A description of the current state of EHR systems in Iceland is provided, along with the Ministry of Health's future vision and plans. New legislation provides the opportunity for increased integration of EHRs and further collaboration between institutions. Integration of systems, along with greater availability and access to EHR data, requires increased security awareness since additional risks are introduced. The paper describes the core principles of information security as it applies to EHR systems and data. The concepts of confidentiality, integrity, availability, accountability and traceability are introduced and described. The paper discusses the legal requirements and importance of performing risk assessment for EHR data. Risk assessment methodology according to the ISO/IEC 27001 information security standard is described with examples on how it is applied to EHR systems.

Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned

PubMed Central

Wang, Tiffany; Pizziferri, Lisa; Volk, Lynn A; Mikels, Debra A; Grant, Karen G; Wald, Jonathan S; Bates, David W

2004-01-01

In 2001, the Institute of Medicine (IOM) and the Health Insurance Portability and Accountability Act (HIPAA) emphasized the need for patients to have greater control over their health information. We describe a Boston healthcare system's approach to providing patients access to their electronic health records (EHRs) via Patient Gateway, a secure, Web-based portal. Implemented in 19 clinic sites to date, Patient Gateway allows patients to access information from their medical charts via the Internet in a secure manner. Since 2002, over 19,000 patients have enrolled in Patient Gateway, more than 125,000 patients have logged into the system, and over 37,000 messages have been sent by patients to their practices. There have been no major security concerns. By providing access to EHR data, secure systems like Patient Gateway allow patients a greater role in their healthcare process, as envisioned by the IOM and HIPAA. PMID:18066391

Critical theory as an approach to the ethics of information security.

PubMed

Stahl, Bernd Carsten; Doherty, Neil F; Shaw, Mark; Janicke, Helge

2014-09-01

Information security can be of high moral value. It can equally be used for immoral purposes and have undesirable consequences. In this paper we suggest that critical theory can facilitate a better understanding of possible ethical issues and can provide support when finding ways of addressing them. The paper argues that critical theory has intrinsic links to ethics and that it is possible to identify concepts frequently used in critical theory to pinpoint ethical concerns. Using the example of UK electronic medical records the paper demonstrates that a critical lens can highlight issues that traditional ethical theories tend to overlook. These are often linked to collective issues such as social and organisational structures, which philosophical ethics with its typical focus on the individual does not tend to emphasise. The paper suggests that this insight can help in developing ways of researching and innovating responsibly in the area of information security.

Social Media and the U.S. Army: Maintaining a Balance

DTIC Science & Technology

2011-05-19

Facebook is the largest and most popular social media site in the Western world. The site was originally created in February 2004 by Mark Zuckerberg and...twenty-something person’s concern pertains only to keeping his activities from his parents’ view. Facebook founder Mark Zuckerberg stated this...Security is more than the marking , handling, and classifying of information. It is different from traditional security in that the Army wants to

75 FR 59278 - Homeland Security Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-27

... information among TSA and federal and local law enforcement agencies concerning transportation infrastructure... about the potential capabilities and vulnerabilities identified in a cyber exercise and discuss... Operational Improvements. Lessons Learned from the cyber exercise. Basis for Closure: In accordance with...

75 FR 35104 - In the Matter of Aphton Corp., Apollo International of Delaware, Inc., Applewoods, Inc., Applied...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-21

...., Asian Star Development, Inc., Associated Golf Management, Inc. (n/k/a Delta Mining & Exploration Corp... of current and accurate information concerning the securities of Asian Star Development, Inc. because...

77 FR 72904 - In the Matter of HealthSport, Inc., Home Director, Inc., Home Theater Products International, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-06

... Jewelry Concepts, Inc.), and Huifeng Bio-Pharmaceutical Technology, Inc.; Order of Suspension of Trading... information concerning the securities of Huifeng Bio-Pharmaceutical Technology, Inc. because it has not filed...

49 CFR 1580.203 - Reporting significant security concerns.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Reporting significant security concerns. 1580.203... concerns. (a) Applicability. This section applies to: (1) Each passenger railroad carrier, including each... potential threats and significant security concerns to DHS by telephoning the Freedom Center at 1-866-615...

Multiple-Feature Extracting Modules Based Leak Mining System Design

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing. PMID:24453892

Multiple-feature extracting modules based leak mining system design.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing.

A Weakest Precondition Approach to Robustness

NASA Astrophysics Data System (ADS)

Balliu, Musard; Mastroeni, Isabella

With the increasing complexity of information management computer systems, security becomes a real concern. E-government, web-based financial transactions or military and health care information systems are only a few examples where large amount of information can reside on different hosts distributed worldwide. It is clear that any disclosure or corruption of confidential information in these contexts can result fatal. Information flow controls constitute an appealing and promising technology to protect both data confidentiality and data integrity. The certification of the security degree of a program that runs in untrusted environments still remains an open problem in the area of language-based security. Robustness asserts that an active attacker, who can modify program code in some fixed points (holes), is unable to disclose more private information than a passive attacker, who merely observes unclassified data. In this paper, we extend a method recently proposed for checking declassified non-interference in presence of passive attackers only, in order to check robustness by means of weakest precondition semantics. In particular, this semantics simulates the kind of analysis that can be performed by an attacker, i.e., from public output towards private input. The choice of semantics allows us to distinguish between different attacks models and to characterize the security of applications in different scenarios.

Achieving online consent to participation in large-scale gene-environment studies: a tangible destination.

PubMed

Wood, Fiona; Kowalczuk, Jenny; Elwyn, Glyn; Mitchell, Clive; Gallacher, John

2011-08-01

Population based genetics studies are dependent on large numbers of individuals in the pursuit of small effect sizes. Recruiting and consenting a large number of participants is both costly and time consuming. We explored whether an online consent process for large-scale genetics studies is acceptable for prospective participants using an example online genetics study. We conducted semi-structured interviews with 42 members of the public stratified by age group, gender and newspaper readership (a measure of social status). Respondents were asked to use a website designed to recruit for a large-scale genetic study. After using the website a semi-structured interview was conducted to explore opinions and any issues they would have. Responses were analysed using thematic content analysis. The majority of respondents said they would take part in the research (32/42). Those who said they would decline to participate saw fewer benefits from the research, wanted more information and expressed a greater number of concerns about the study. Younger respondents had concerns over time commitment. Middle aged respondents were concerned about privacy and security. Older respondents were more altruistic in their motivation to participate. Common themes included trust in the authenticity of the website, security of personal data, curiosity about their own genetic profile, operational concerns and a desire for more information about the research. Online consent to large-scale genetic studies is likely to be acceptable to the public. The online consent process must establish trust quickly and effectively by asserting authenticity and credentials, and provide access to a range of information to suit different information preferences.

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Water Security

NASA Technical Reports Server (NTRS)

Hakimdavar, Raha; Wood, Danielle; Eylander, John; Peters-Lidard, Christa; Smith, Jane; Doorn, Brad; Green, David; Hummel, Corey; Moore, Thomas C.

2018-01-01

River basins for which transboundary coordination and governance is a factor are of concern to US national security, yet there is often a lack of sufficient data-driven information available at the needed time horizons to inform transboundary water decision-making for the intelligence, defense, and foreign policy communities. To address this need, a two-day workshop entitled Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Global Water Security was held in August 2017 in Maryland. The committee that organized and convened the workshop (the Organizing Committee) included representatives from the National Aeronautics and Space Administration (NASA), the US Army Corps of Engineers Engineer Research and Development Center (ERDC), and the US Air Force. The primary goal of the workshop was to advance knowledge on the current US Government and partners' technical information needs and gaps to support national security interests in relation to transboundary water. The workshop also aimed to identify avenues for greater communication and collaboration among the scientific, intelligence, defense, and foreign policy communities. The discussion around transboundary water was considered in the context of the greater global water challenges facing US national security.

76 FR 19514 - In the Matter of: Sabratek Corp., SAN Holdings, Inc., SBD International, Inc. (n/k/a Solargy...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-07

... Sensors, Inc., Sentex Sensing Technology, Inc., Serefex Corp., SinoFresh HealthCare, Inc., Sonoma College... lack of current and accurate information concerning the securities of Senco Sensors, Inc. because it...

77 FR 14852 - Advanced Growing Systems, Inc., Advantage Capital Development Corp., Amazon Biotech, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-13

...., Bravo! Brands, Inc., and BSML, Inc., Order of Suspension of Trading March 9, 2012. It appears to the... information concerning the securities of Bravo! Brands, Inc. because it has not filed any periodic reports...

78 FR 27462 - Self-Regulatory Organizations; Miami International Securities Exchange LLC; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-10

... making routing, quotation, price and size decisions regarding where they should send orders and quotes... more transparent and accessible to market participants making routing decisions concerning their... participants additional information in [[Page 27464

Privacy Perspectives for Online Searchers: Confidentiality with Confidence?

ERIC Educational Resources Information Center

Duberman, Josh; Beaudet, Michael

2000-01-01

Presents issues and questions involved in online privacy from the information professional's perspective. Topics include consumer concerns; query confidentiality; securing computers from intrusion; electronic mail; search engines; patents and intellectual property searches; government's role; Internet service providers; database mining; user…

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

PubMed Central

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods. PMID:25405226

Security threat assessment of an Internet security system using attack tree and vague sets.

PubMed

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

A secure distributed logistic regression protocol for the detection of rare adverse drug events

PubMed Central

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-01-01

Background There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. Objective To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. Methods We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. Results The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. Conclusion The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models. PMID:22871397

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

PubMed

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

Organizational and physician perspectives about facilitating handheld computer use in clinical practice: results of a cross-site qualitative study.

PubMed

McAlearney, Ann Scheck; Schweikhart, Sharon B; Medow, Mitchell A

2005-01-01

To describe strategies that organizations select to support physicians' use of handheld computers (HHCs) in clinical practice and to explore issues about facilitating HHC use. A multidisciplinary team used focus groups and interviews with clinical, administrative, and information technology (IT) staff to gather data from 161 informants at seven sites. Transcripts were coded using a combination of deductive and inductive approaches to both answer research questions and identify patterns and themes that emerged in the data. Answers to questions about strategies for HHC support and themes about (1) how to facilitate physician adoption and use and (2) organizational concerns. Three main organizational strategies for HHC support were characterized among sites: (1) active support for broad-based use, (2) active support for niche use, and (3) basic support for individual physician users. Three high-level themes emerged around how to best facilitate physician adoption and use of HHCs: (1) improving usability and usefulness, (2) promoting HHCs and device use, and (3) providing training and support. However, four major themes also emerged related to organizations' concerns about HHC use: (1) security-related concerns, (2) economic concerns, (3) technical concerns, and (4) strategic concerns. An organizational approach to HHC support that involves individualized attention to existing and potential physician users rather than one-size-fits-all, organization-wide implementation efforts was an important facilitator promoting physician use of HHCs. Health care organizations interested in supporting HHC use must consider issues related to security, economics, and IT strategy that may not be prominent concerns for physician users.

Patient informed governance of distributed research networks: results and discussion from six patient focus groups.

PubMed

Mamo, Laura A; Browe, Dennis K; Logan, Holly C; Kim, Katherine K

2013-01-01

Understanding how to govern emerging distributed research networks is essential to their success. Distributed research networks aggregate patient medical data from many institutions leaving data within the local provider security system. While much is known about patients' views on secondary medical research, little is known about their views on governance of research networks. We conducted six focus groups with patients from three medical centers across the U.S. to understand their perspectives on privacy, consent, and ethical concerns of sharing their data as part of research networks. Participants positively endorsed sharing their health data with these networks believing that doing so could advance healthcare knowledge. However, patients expressed several concerns regarding security and broader ethical issues such as commercialism, public benefit, and social responsibility. We suggest that network governance guidelines move beyond strict technical requirements and address wider socio-ethical concerns by fully including patients in governance processes.

Patient Informed Governance of Distributed Research Networks: Results and Discussion from Six Patient Focus Groups

PubMed Central

Mamo, Laura A.; Browe, Dennis K.; Logan, Holly C.; Kim, Katherine K.

2013-01-01

Understanding how to govern emerging distributed research networks is essential to their success. Distributed research networks aggregate patient medical data from many institutions leaving data within the local provider security system. While much is known about patients’ views on secondary medical research, little is known about their views on governance of research networks. We conducted six focus groups with patients from three medical centers across the U.S. to understand their perspectives on privacy, consent, and ethical concerns of sharing their data as part of research networks. Participants positively endorsed sharing their health data with these networks believing that doing so could advance healthcare knowledge. However, patients expressed several concerns regarding security and broader ethical issues such as commercialism, public benefit, and social responsibility. We suggest that network governance guidelines move beyond strict technical requirements and address wider socio-ethical concerns by fully including patients in governance processes. PMID:24551383

48 CFR 2915.606 - Agency procedures.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 7 2013-10-01 2012-10-01 true Agency procedures. 2915.606 Section 2915.606 Federal Acquisition Regulations System DEPARTMENT OF LABOR CONTRACTING METHODS AND... along with instructions concerning the security, review and disposition of the document. (1) Inform the...

U.S National cropland soil moisture monitoring using SMAP

USDA-ARS?s Scientific Manuscript database

Crop condition information is critical for public and private sector decision making that concerns agricultural policy, food production, food security, and food commodity prices. Crop conditions change quickly due to various growing condition events, such as temperature extremes, soil moisture defic...

User Requirements for Technology to Assist Aging in Place: Qualitative Study of Older People and Their Informal Support Networks.

PubMed

Elers, Phoebe; Hunter, Inga; Whiddett, Dick; Lockhart, Caroline; Guesgen, Hans; Singh, Amardeep

2018-06-06

Informal support is essential for enabling many older people to age in place. However, there is limited research examining the information needs of older adults' informal support networks and how these could be met through home monitoring and information and communication technologies. The purpose of this study was to investigate how technologies that connect older adults to their informal and formal support networks could assist aging in place and enhance older adults' health and well-being. Semistructured interviews were conducted with 10 older adults and a total of 31 members of their self-identified informal support networks. They were asked questions about their information needs and how technology could support the older adults to age in place. The interviews were transcribed and thematically analyzed. The analysis identified three overarching themes: (1) the social enablers theme, which outlined how timing, informal support networks, and safety concerns assist the older adults' uptake of technology, (2) the technology concerns theme, which outlined concerns about cost, usability, information security and privacy, and technology superseding face-to-face contact, and (3) the information desired theme, which outlined what information should be collected and transferred and who should make decisions about this. Older adults and their informal support networks may be receptive to technology that monitors older adults within the home if it enables aging in place for longer. However, cost, privacy, security, and usability barriers would need to be considered and the system should be individualizable to older adults' changing needs. The user requirements identified from this study and described in this paper have informed the development of a technology that is currently being prototyped. ©Phoebe Elers, Inga Hunter, Dick Whiddett, Caroline Lockhart, Hans Guesgen, Amardeep Singh. Originally published in JMIR Mhealth and Uhealth (http://mhealth.jmir.org), 06.06.2018.

Legal issues concerning electronic health information: privacy, quality, and liability.

PubMed

Hodge, J G; Gostin, L O; Jacobson, P D

1999-10-20

Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections.

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

NASA Astrophysics Data System (ADS)

Romanov, Anton; Okamoto, Eiji

With the increasing demand for services provided by communication networks, quality and reliability of such services as well as confidentiality of data transfer are becoming ones of the highest concerns. At the same time, because of growing hacker's activities, quality of provided content and reliability of its continuous delivery strongly depend on integrity of data transmission and availability of communication infrastructure, thus on information security of a given IT landscape. But, the amount of resources allocated to provide information security (like security staff, technical countermeasures and etc.) must be reasonable from the economic point of view. This fact, in turn, leads to the need to employ a forecasting technique in order to make planning of IT budget and short-term planning of potential bottlenecks. In this paper we present an approach to make such a forecasting for a wide class of information security related incidents (ISRI) — unambiguously detectable ISRI. This approach is based on different auto regression models which are widely used in financial time series analysis but can not be directly applied to ISRI time series due to specifics related to information security. We investigate and address this specifics by proposing rules (special conditions) of collection and storage of ISRI time series, adherence to which improves forecasting in this subject field. We present an application of our approach to one type of unambiguously detectable ISRI — amount of spam messages which, if not mitigated properly, could create additional load on communication infrastructure and consume significant amounts of network capacity. Finally we evaluate our approach by simulation and actual measurement.

78 FR 35296 - Agency Information Collection Activities; Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-12

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2013-0017; OMB...: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency... concerning the National Flood Insurance Program, Mortgage Portfolio Protection Program (MPPP), which is an...

48 CFR 217.7801 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... elements of the Department of Homeland Security concerned with the analysis of intelligence information... order for the acquisition of supplies or services on behalf of DoD. Direct acquisition means the type of interagency contracting through which DoD orders a supply or service from a Governmentwide acquisition...

Security Concerns in Telecommuting within the Information Technology Industry

ERIC Educational Resources Information Center

Chithambo, Loyce Maosa

2011-01-01

Since the availability of remote access technology, most companies have adopted telecommuting as part of business operations. Although some research has identified policies and procedures when individuals telecommute, limited research exists about existing policies and procedures for telecommuters. The purpose of this qualitative descriptive…

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation

PubMed Central

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains. PMID:22164064

Common criteria related security design patterns for intelligent sensors--knowledge engineering-based implementation.

PubMed

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains.

Rapid Equipping Force (REF) Analytical Support

DTIC Science & Technology

2007-06-01

document contains color images. 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT UU 18. NUMBER OF PAGES 44...interface and performs actions via Excel formulae, ActiveX controls, and VBA code. – Plan to provide both simple and complex weighting and scoring methods...Requirements Quad Chart. –Solution Set Information Worksheet: A spreadsheet containing detailed information concerning every potential solution considered

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

On the security of a dynamic ID-based authentication scheme for telecare medical information systems.

PubMed

Lin, Han-Yu

2013-04-01

Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients' electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.

Meeting the privacy requirements for the development of a multi-centre patient registry in Canada: the Rick Hansen Spinal Cord Injury Registry.

PubMed

Noonan, Vanessa K; Thorogood, Nancy P; Joshi, Phalgun B; Fehlings, Michael G; Craven, B Catharine; Linassi, Gary; Fourney, Daryl R; Kwon, Brian K; Bailey, Christopher S; Tsai, Eve C; Drew, Brian M; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F

2013-05-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. Copyright © 2013 Longwoods Publishing.

Meeting the Privacy Requirements for the Development of a Multi-Centre Patient Registry in Canada: The Rick Hansen Spinal Cord Injury Registry

PubMed Central

Noonan, Vanessa K.; Thorogood, Nancy P.; Joshi, Phalgun B.; Fehlings, Michael G.; Craven, B. Catharine; Linassi, Gary; Fourney, Daryl R.; Kwon, Brian K.; Bailey, Christopher S.; Tsai, Eve C.; Drew, Brian M.; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F.

2013-01-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. PMID:23968640

A survey of visualization systems for network security.

PubMed

Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A

2012-08-01

Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.

Operational Reconnaissance: Identifying the Right Problems in a Complex World

DTIC Science & Technology

2015-05-23

about the activities and resources of an enemy or rival, or to secure data concerning the meteorological , hydrographic, or geographic characteristics of...Information. Kansas City, KS: Hudson -Kimberly Publishing Co., 1896. War Department. Field Manual (FM) 1-20, Army Air Force Field Manual, Tactics and

76 FR 34658 - The Internet Assigned Numbers Authority (IANA) Functions

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... raised concerns that short-term contracts create instability in the IANA functions process and would... political sustainability of an Internet that supports the free flow of information, goods, and services... account security and stability issues. Commenters were divided on whether the IANA functions should be...

32 CFR 1285.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... information concerning the activities of its Government. DLA policy is to conduct its activities in an open... activities in an open manner consistent with the need for security and adherence to other requirements of law..., where a public reading room also serves as an activity's library, restricted publications may be...

32 CFR 1285.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... information concerning the activities of its Government. DLA policy is to conduct its activities in an open... activities in an open manner consistent with the need for security and adherence to other requirements of law..., where a public reading room also serves as an activity's library, restricted publications may be...

28 CFR 17.18 - Prepublication review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... paragraph (j) of this section for FBI personnel, all questions concerning these obligations should be... Security or a designee (or, in the case of FBI employees, the Section Chief, Records/Information... apply with equal force to employees of the FBI with following exceptions and provisos: (1) Nothing in...

28 CFR 17.18 - Prepublication review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... paragraph (j) of this section for FBI personnel, all questions concerning these obligations should be... Security or a designee (or, in the case of FBI employees, the Section Chief, Records/Information... apply with equal force to employees of the FBI with following exceptions and provisos: (1) Nothing in...

28 CFR 17.18 - Prepublication review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... paragraph (j) of this section for FBI personnel, all questions concerning these obligations should be... Security or a designee (or, in the case of FBI employees, the Section Chief, Records/Information... apply with equal force to employees of the FBI with following exceptions and provisos: (1) Nothing in...

76 FR 12749 - Agency Information Collection Activities: Proposed Collection; Comment Request, 1660-0044...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-08

... concerning knowledge and skills gained through emergency management related courses. DATES: Comments must be... the Emergency Management Institute to self-assess the knowledge and skills gained through emergency... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2011-0008...

48 CFR 952.204-2 - Security.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., including with respect to pre- and post-offer of employment disability related questioning. (iv) In addition... Information. (d) Definition of restricted data. The term Restricted Data means all data concerning design... employee, and must test the individual for illegal drugs, prior to selecting the individual for a position...

48 CFR 952.204-2 - Security.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including with respect to pre- and post-offer of employment disability related questioning. (iv) In addition... Information. (d) Definition of restricted data. The term Restricted Data means all data concerning design... employee, and must test the individual for illegal drugs, prior to selecting the individual for a position...

48 CFR 952.204-2 - Security.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including with respect to pre- and post-offer of employment disability related questioning. (iv) In addition... Information. (d) Definition of restricted data. The term Restricted Data means all data concerning design... employee, and must test the individual for illegal drugs, prior to selecting the individual for a position...

48 CFR 952.204-2 - Security.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including with respect to pre- and post-offer of employment disability related questioning. (iv) In addition... Information. (d) Definition of restricted data. The term Restricted Data means all data concerning design... employee, and must test the individual for illegal drugs, prior to selecting the individual for a position...

48 CFR 952.204-2 - Security.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including with respect to pre- and post-offer of employment disability related questioning. (iv) In addition... Information. (d) Definition of restricted data. The term Restricted Data means all data concerning design... employee, and must test the individual for illegal drugs, prior to selecting the individual for a position...

Feasibility of a patient decision aid regarding disclosure of personal health information: qualitative evaluation of the Health Care Information Directive

PubMed Central

Tracy, C Shawn; Dantas, Guilherme Coelho; Upshur, Ross EG

2004-01-01

Background Concerns regarding the privacy of health information are escalating owing both to the growing use of information technology to store and exchange data and to the increasing demand on the part of patients to control the use of their medical records. The objective of this study was to evaluate the Health Care Information Directive (HCID), a recently-developed patient decision aid that aims to delineate the level of health information an individual is willing to share. Methods We convened a series of four focus group meetings with several communities in a large Canadian city. A total of 28 men and women participated, representing health care consumer advocates, urban professionals, senior citizens, and immigrants who speak English as a second language. Data were analysed using qualitative methods. Results Participants lacked substantial knowledge regarding the fate and uses of personal health information. They expressed mistrust concerning how their information will be used and protected. Several suggestions were made towards customizing the use of data according to specific needs rather than broad and full access to their charts. Furthermore, despite concern regarding the implementation of a tool like the HCID, participants were hopeful that a refined instrument could contribute to the improved regulation of health information. Conclusion This study indicated poor knowledge concerning the uses of personal health information, distrust concerning security provisions, and cautious support for a patient decision aid such as the HCID to improve control over health data. PMID:15361257

Feasibility of a patient decision aid regarding disclosure of personal health information: qualitative evaluation of the Health Care Information Directive.

PubMed

Tracy, C Shawn; Dantas, Guilherme Coelho; Upshur, Ross E G

2004-09-10

Concerns regarding the privacy of health information are escalating owing both to the growing use of information technology to store and exchange data and to the increasing demand on the part of patients to control the use of their medical records. The objective of this study was to evaluate the Health Care Information Directive (HCID), a recently-developed patient decision aid that aims to delineate the level of health information an individual is willing to share. We convened a series of four focus group meetings with several communities in a large Canadian city. A total of 28 men and women participated, representing health care consumer advocates, urban professionals, senior citizens, and immigrants who speak English as a second language. Data were analysed using qualitative methods. Participants lacked substantial knowledge regarding the fate and uses of personal health information. They expressed mistrust concerning how their information will be used and protected. Several suggestions were made towards customizing the use of data according to specific needs rather than broad and full access to their charts. Furthermore, despite concern regarding the implementation of a tool like the HCID, participants were hopeful that a refined instrument could contribute to the improved regulation of health information. This study indicated poor knowledge concerning the uses of personal health information, distrust concerning security provisions, and cautious support for a patient decision aid such as the HCID to improve control over health data.

An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System).

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Kuwata, Shigeki; Nakano, Hirohiko; Shanmai, Ji; Qiyan, Zhang; Yufen, Chen; Kusuoka, Hideo; Matsuoka, Masaki

2004-03-31

To enhance medical cooperation between the hospitals and clinics around Osaka local area, the healthcare network system, named Osaka Community Healthcare Information System (OCHIS), was established with support of a supplementary budget from the Japanese government in fiscal year 2002. Although the system has been based on healthcare public key infrastructure (PKI), there remain security issues to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority in contract with the Japanese Medical Information Systems Organization (MEDIS) in 2003. This paper describes the experimental design and the results of the study concerning message security.

Employees' views on outsourcing and its impact on employee turnover: A phenomenological study

NASA Astrophysics Data System (ADS)

Przybelinski, Steven A.

Increasing use of outsourcing gives employees concern about personal job security. Using a modified van Kaam approach, this qualitative phenomenological study examined perceptions and experiences of 12 employees' on the influence outsourcing had on employee turnover. Five themes describing employee perceptions emerged: (a) preparation---education gives job security, (b) plausibility---all believed job loss plausible, (c) emotional influence---feelings of stress, threat, betrayal, and not being valued, (d) environment---value of communication and interaction with leaders, and (e) confidence---gained from increased education, skills, and knowledge protected from outsourcing. Significance of this study to leadership is the identification of employee perceptions of outsourcing and motivating factors influencing employee turnover during times of outsourcing. Findings might present new information and assist leaders with employee retention concerns for future outsourcing activities.

ONCHIT security in distributed environments: a proposed model for implantable devices.

PubMed

Lorence, Daniel; Lee, James; Richards, Michael

2010-08-01

Recent ONCHIT mandates call for increased individual health data collection efforts as well as heightened security measures. To date most healthcare organizations have been reluctant to exchange information, citing confidentiality concerns and unshared costs incurred by specific organizations. Implantable monitoring and treatment devices are rapidly emerging as data collection interface tools in response to such mandates. Proposed here is a translational, device-independent consumer-based solution, which focuses on information controlled by specific patients, and functions within a distributed (organization neutral) environment. While the conceptual applications employed in this technology set are provided by way of illustration, they may also serve as a transformative model for emerging EMR/EHR requirements.

What is a 'secure base' when death is approaching? A study applying attachment theory to adult patients' and family members' experiences of palliative home care.

PubMed

Milberg, A; Wåhlberg, R; Jakobsson, M; Olsson, E-C; Olsson, M; Friedrichsen, M

2012-08-01

Attachment theory has received much interest lately in relation to how adults cope with stress and severe illness. The aim of this study was using the experiences of patients and family members to explore palliative home care as a 'secure base' (a central concept within the theory). Twelve patients and 14 family members were interviewed during ongoing palliative home care. The interviews were analysed with deductive qualitative content analysis. Informants expressed the relevance of sensing security during palliative home care because death and dying were threats that contributed to vulnerability. Palliative home care could foster a feeling of security and provide a secure base. This was facilitated when informants had trust in staff (e.g. due to availability and competence in providing symptom relief), felt recognised as individuals and welcomed to contact the team in times of needs. Being comfortable, informed and having an everyday life also contributed to a perception of palliative home care as a secure base. Family members stressed the importance of being relieved from responsibilities that were too heavy. The underlying meanings of experiencing palliative home care as a secure base involved gaining a sense of control and of inner peace, perceiving that despite a demanding and changed life situation, one could continue partially being oneself and having something to hope for, even if this no longer concerned cure for the ill person. Important aspects of palliative home care as providing a secure base were identified and these have implications for clinical practice. Copyright © 2011 John Wiley & Sons, Ltd.

A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.

Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that canmore » enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728« less

Comparison of consumers’ views on electronic data sharing for healthcare and research

PubMed Central

Joseph, Jill G; Ohno-Machado, Lucila

2015-01-01

New models of healthcare delivery such as accountable care organizations and patient-centered medical homes seek to improve quality, access, and cost. They rely on a robust, secure technology infrastructure provided by health information exchanges (HIEs) and distributed research networks and the willingness of patients to share their data. There are few large, in-depth studies of US consumers’ views on privacy, security, and consent in electronic data sharing for healthcare and research together. Objective This paper addresses this gap, reporting on a survey which asks about California consumers’ views of data sharing for healthcare and research together. Materials and Methods The survey conducted was a representative, random-digit dial telephone survey of 800 Californians, performed in Spanish and English. Results There is a great deal of concern that HIEs will worsen privacy (40.3%) and security (42.5%). Consumers are in favor of electronic data sharing but elements of transparency are important: individual control, who has access, and the purpose for use of data. Respondents were more likely to agree to share deidentified information for research than to share identified information for healthcare (76.2% vs 57.3%, p < .001). Discussion While consumers show willingness to share health information electronically, they value individual control and privacy. Responsiveness to these needs, rather than mere reliance on Health Insurance Portability and Accountability Act (HIPAA), may improve support of data networks. Conclusion Responsiveness to the public’s concerns regarding their health information is a pre-requisite for patient-centeredness. This is one of the first in-depth studies of attitudes about electronic data sharing that compares attitudes of the same individual towards healthcare and research. PMID:25829461

Electronic medical archives: a different approach to applying re-signing mechanisms to digital signatures.

PubMed

Chen, Tzer-Long; Lin, Frank Y S

2011-08-01

Electronic medical records can be defined as a digital format of the traditionally paper-based anamneses, which contains the history of a patient such as his somewhat illness, current health problems, and his chronic treatments. An electronic anamnesis is meant to make the patient's health information more conveniently accessible and transferable between different medical institutions and also easier to be kept quite a long time. Because of such transferability and accessibility of electronic anamneses, we can use less resource than before on storing the patients' medical information. This also means that medical care providers could save more funds on record-keeping and access a patient's medical background directly since shown on the computer screen more quickly and easily. Overall, the service quality has seemingly improved greatly. However, the usage of electronic anamneses involves in some concerned issues such as its related law declaration, and the security of the patient's confidential information. Because of these concerns, a secure medical networking scheme is taking into consideration. Nowadays, the administrators at the medical institutions are facing more challenges on monitoring computers and network systems, because of dramatic advances in this field. For instance, a trusted third party is authorized to access some medical records for a certain period of time. In regard to the security purpose, all the electronic medical records are embedded with both of the public-key infrastructure (PKI) cryptography and the digital signature technique so as to ensure the records well-protected. Since the signatures will be invalid due to the revocation or time expiration, the security of records under this premise would turn into vulnerable. Hence, we propose a re-signing scheme, whose purpose is to make a going-expired digital signature been resigned in time, in keeping with the premise of not conflicting with the laws, morals, and privacy while maintaining the security of the electronic medical records.

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

A Secure Architecture to Provide a Medical Emergency Dataset for Patients in Germany and Abroad.

PubMed

Storck, Michael; Wohlmann, Jan; Krudwig, Sarah; Vogel, Alexander; Born, Judith; Weber, Thomas; Dugas, Martin; Juhra, Christian

2017-01-01

The ongoing fragmentation of medical care and mobility of patients severely restrains exchange of lifesaving information about patient's medical history in case of emergencies. Therefore, the objective of this work is to offer a secure technical solution to supply medical professionals with emergency-relevant information concerning the current patient via mobile accessibility. To achieve this goal, the official national emergency data set was extended by additional features to form a patient summary for emergencies, a software architecture was developed and data security and data protection issues were taken into account. The patient has sovereignty over his/her data and can therefore decide who has access to or can change his/her stored data, but the treating physician composes the validated dataset. Building upon the introduced concept, future activities are the development of user-interfaces for the software components of the different user groups as well as functioning prototypes for upcoming field tests.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

PubMed

Busdicker, Mike; Upendra, Priyanka

2017-09-02

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.

A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

PubMed

Mishra, Raghavendra; Barnwal, Amit Kumar

2015-05-01

The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

Brainjacking: Implant Security Issues in Invasive Neuromodulation.

PubMed

Pycroft, Laurie; Boccard, Sandra G; Owen, Sarah L F; Stein, John F; Fitzgerald, James J; Green, Alexander L; Aziz, Tipu Z

2016-08-01

The security of medical devices is critical to good patient care, especially when the devices are implanted. In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack. The ability of attackers to exert malicious control over brain implants ("brainjacking") has unique challenges that we address in this review, with particular focus on deep brain stimulation implants. To illustrate the potential severity of this risk, we identify several mechanisms through which attackers could manipulate patients if unauthorized access to an implant can be achieved. These include blind attacks in which the attacker requires no patient-specific knowledge and targeted attacks that require patient-specific information. Blind attacks include cessation of stimulation, draining implant batteries, inducing tissue damage, and information theft. Targeted attacks include impairment of motor function, alteration of impulse control, modification of emotions or affect, induction of pain, and modulation of the reward system. We also discuss the limitations inherent in designing implants and the trade-offs that must be made to balance device security with battery life and practicality. We conclude that researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking. Copyright © 2016 Elsevier Inc. All rights reserved.

SoS Lablet; Perpetually Available and Secure Information Systems

DTIC Science & Technology

2015-11-16

settings, people simply err on the safe side and do a lot less sharing, which explains why all pull -based location sharing applications have failed so...number of data centers is raising concerns about their power consumption. Through an NSF GOALI Bruce Krogh and I have investigated the problem by

75 FR 62389 - Statement of Policy Regarding Communications in Connection With Collection of a Decedent's Debt

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-08

.... SUPPLEMENTARY INFORMATION: I. Background Media reports and a Congressional inquiry have raised concerns that... benefits, Social Security benefits, veterans benefits, and various types of retirement accounts. Assets... and counties. According to the UPC commenters, most people are able to use the ``small estate...

75 FR 32639 - Defense Federal Acquisition Regulation Supplement; Limitations on Procurements With Non-Defense...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-08

... elements of the Department of Homeland Security concerned with the analysis of intelligence information... DEPARTMENT OF DEFENSE Defense Acquisition Regulations System 48 CFR Part 217 RIN 0750-AG67 Defense Federal Acquisition Regulation Supplement; Limitations on Procurements With Non-Defense Agencies (DFARS...

DefenseLink.mil - Special Report - Travels With Mullen

Science.gov Websites

Pakistan’s military and civilian leaders here today to discuss issues concerning Pakistan’s lack of today to discuss the situation and threats coalition and Afghan forces are facing. Story "People Information Privacy & Security External Link Disclaimer Web Policy Contact Us

Atlas of NATO.

ERIC Educational Resources Information Center

Young, Harry F.

This atlas provides basic information about the North Atlantic Treaty Organization (NATO). Formed in response to growing concern for the security of Western Europe after World War II, NATO is a vehicle for Western efforts to reduce East-West tensions and the level of armaments. NATO promotes political and economic collaboration as well as military…

33 CFR 66.05-30 - Notice to Mariners.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 66.05-30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION PRIVATE AIDS TO NAVIGATION State Aids to Navigation § 66.05-30 Notice to Mariners. (a) To improve public safety, the District Commander may publish information concerning State aids to navigation...

33 CFR 66.05-30 - Notice to Mariners.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 66.05-30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION PRIVATE AIDS TO NAVIGATION State Aids to Navigation § 66.05-30 Notice to Mariners. (a) To improve public safety, the District Commander may publish information concerning State aids to navigation...

33 CFR 66.05-30 - Notice to Mariners.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 66.05-30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION PRIVATE AIDS TO NAVIGATION State Aids to Navigation § 66.05-30 Notice to Mariners. (a) To improve public safety, the District Commander may publish information concerning State aids to navigation...

33 CFR 66.05-30 - Notice to Mariners.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 66.05-30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION PRIVATE AIDS TO NAVIGATION State Aids to Navigation § 66.05-30 Notice to Mariners. (a) To improve public safety, the District Commander may publish information concerning State aids to navigation...

Academic Computing Vulnerabilities: Another View of the Roof

ERIC Educational Resources Information Center

Cohn, Ellen R.; Klinzing, George; Frieze, Irene Hanson; Sereika, Susan M.; Stone, Clement A.; Vana, Clara M.

2004-01-01

In anticipation of Y2K, and later as a result of heightened security concerns following the events of September 11, 2001, numerous colleges and universities developed formal planning documents to guide their responses to unexpected network outages. Typically, vigilant institutional financial auditors or information technology directors initiate…

Establishing and Maintaining a Writing Center in the Junior or Community College.

ERIC Educational Resources Information Center

Olson, Gary A.

Practical information and advice are presented on l6 considerations in the establishment of a campus writing center. First, six concerns related to planning are discussed: obtaining administrative and departmental support; securing funds from various internal and external sources; obtaining furniture, supplies, and instructional materials;…

33 CFR 66.05-30 - Notice to Mariners.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 66.05-30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY AIDS TO NAVIGATION PRIVATE AIDS TO NAVIGATION State Aids to Navigation § 66.05-30 Notice to Mariners. (a) To improve public safety, the District Commander may publish information concerning State aids to navigation...

32 CFR 147.4 - Guideline B-Foreign influence.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Guideline B-Foreign influence. 147.4 Section 147... CIVILIAN ADJUDICATIVE GUIDELINES FOR DETERMINING ELIGIBILITY FOR ACCESS TO CLASSIFIED INFORMATION Adjudication § 147.4 Guideline B—Foreign influence. (a) The concern. A security risk may exist when an...

In Context: Multicultural Education in Korea--Lessons for American Educators

ERIC Educational Resources Information Center

Park, Gilbert C.; Watson, Sunnie Lee

2011-01-01

Today's global community encompasses interconnectivity between societies, where a development in one country affects and informs something similar in other countries. Multicultural education is not exempt from this pattern. Multicultural education was first started by concerned activists and educators in the United States as a way to secure social…

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

Design and Implementation of Website Information Disclosure Assessment System

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people’s lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website’s information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites. PMID:25768434

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

The Role of Security Concerns in Determining Information Systems/Technology Activities Outsourced to Offshore Service Providers in India

ERIC Educational Resources Information Center

Ocholi, Smart

2012-01-01

Based on research studies, the Information System/Technology (IS/T) outsourcing industry in India is reasoned to maintain the status quo of providing IS/T services at the lower level of the IS/T value chain. The 2006 study conducted by Walsh supported the 2001 findings by Arora, Arunachalam, Asundi, and Fernandes that India-based IS /T service…

Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure

DTIC Science & Technology

2009-05-01

information technology revolution. The architecture of the Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient...thriving digital infrastructure. In addi­ tion, differing national and regional laws and practices —such as laws concerning the investigation and... technology has transformed the global economy and connected people and markets in ways never imagined. To realize the full benefits of the digital

Essays on Information Assurance: Examination of Detrimental Consequences of Information Security, Privacy, and Extreme Event Concerns on Individual and Organizational Use of Systems

ERIC Educational Resources Information Center

Park, Insu

2010-01-01

The purpose of this study is to explore systems users' behavior on IS under the various circumstances (e.g., email usage and malware threats, online communication at the individual level, and IS usage in organizations). Specifically, the first essay develops a method for analyzing and predicting the impact category of malicious code, particularly…

Consumer Opinions of Health Information Exchange, e-Prescribing, and Personal Health Records.

PubMed

Cochran, Gary L; Lander, Lina; Morien, Marsha; Lomelin, Daniel E; Brittin, Jeri; Reker, Celeste; Klepser, Donald G

2015-01-01

Consumer satisfaction is a crucial component of health information technology (HIT) utilization, as high satisfaction is expected to increase HIT utilization among providers and to allow consumers to become full participants in their own healthcare management. The primary objective of this pilot study was to identify consumer perspectives on health information technologies including health information exchange (HIE), e-prescribing (e-Rx), and personal health records (PHRs). Eight focus groups were conducted in seven towns and cities across Nebraska in 2013. Each group consisted of 10-12 participants. Discussions were organized topically in the following categories: HIE, e-Rx, and PHR. The qualitative analysis consisted of immersion and crystallization to develop a coding scheme that included both preconceived and emergent themes. Common themes across focus groups were identified and compiled for each discussion category. The study had 67 participants, of which 18 (27 percent) were male. Focus group findings revealed both perceived barriers and benefits to the adoption of HIT. Common HIT concerns expressed across focus groups included privacy and security of medical information, decreases in quality of care, inconsistent provider participation, and the potential cost of implementation. Positive expectations regarding HIT included better accuracy and completeness of information, and improved communication and coordination between healthcare providers. Improvements in patient care were expected as a result of easy physician access to consolidated information across providers as well as the speed of sharing and availability of information in an emergency. In addition, participants were optimistic about patient empowerment and convenient access to and control of personal health data. Consumer concerns focused on privacy and security of the health information, as well as the cost of implementing the technologies and the possibility of an unintended negative impact on the quality of care. While negative perceptions present barriers for potential patient acceptance, benefits such as speed and convenience, patient oversight of health data, and safety improvements may counterbalance these concerns.

Consumer Opinions of Health Information Exchange, e-Prescribing, and Personal Health Records

PubMed Central

Cochran, Gary L.; Lander, Lina; Morien, Marsha; Lomelin, Daniel E.; Brittin, Jeri; Reker, Celeste; Klepser, Donald G.

2015-01-01

Background Consumer satisfaction is a crucial component of health information technology (HIT) utilization, as high satisfaction is expected to increase HIT utilization among providers and to allow consumers to become full participants in their own healthcare management. Objective The primary objective of this pilot study was to identify consumer perspectives on health information technologies including health information exchange (HIE), e-prescribing (e-Rx), and personal health records (PHRs). Methods Eight focus groups were conducted in seven towns and cities across Nebraska in 2013. Each group consisted of 10–12 participants. Discussions were organized topically in the following categories: HIE, e-Rx, and PHR. The qualitative analysis consisted of immersion and crystallization to develop a coding scheme that included both preconceived and emergent themes. Common themes across focus groups were identified and compiled for each discussion category. Results The study had 67 participants, of which 18 (27 percent) were male. Focus group findings revealed both perceived barriers and benefits to the adoption of HIT. Common HIT concerns expressed across focus groups included privacy and security of medical information, decreases in quality of care, inconsistent provider participation, and the potential cost of implementation. Positive expectations regarding HIT included better accuracy and completeness of information, and improved communication and coordination between healthcare providers. Improvements in patient care were expected as a result of easy physician access to consolidated information across providers as well as the speed of sharing and availability of information in an emergency. In addition, participants were optimistic about patient empowerment and convenient access to and control of personal health data. Conclusion Consumer concerns focused on privacy and security of the health information, as well as the cost of implementing the technologies and the possibility of an unintended negative impact on the quality of care. While negative perceptions present barriers for potential patient acceptance, benefits such as speed and convenience, patient oversight of health data, and safety improvements may counterbalance these concerns. PMID:26604874

Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring.

PubMed

Griggs, Kristen N; Ossipova, Olya; Kohlios, Christopher P; Baccarini, Alessandro N; Howson, Emily A; Hayajneh, Thaier

2018-06-06

As Internet of Things (IoT) devices and other remote patient monitoring systems increase in popularity, security concerns about the transfer and logging of data transactions arise. In order to handle the protected health information (PHI) generated by these devices, we propose utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, we created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner.

Terrorism: The Challenge to the Private Sector,

DTIC Science & Technology

private sector , security is a line management responsibility, particularly where goals and objectives, information protection, and protection of key assets are concerned. Each company in the corporate world has a different personality. The goals are pretty much the same, but once you get below that initial goal, then you go to beliefs. Some companies are very macho. Some companies won’t let a security man interview a suspect, some companies will. Companies are very hesitant to go th extremes. Companies are both image conscious and fundamentally ethical. They truly do

Adoption of information technology by resident physicians.

PubMed

Parekh, Selene G; Nazarian, David G; Lim, Charles K

2004-04-01

The Internet represents a technological revolution that is transforming our society. In the healthcare industry, physicians have been typified as slow adopters of information technology. However, young physicians, having been raised in a computer-prevalent society, may be more likely to embrace technology. We attempt to characterize the use and acceptance of the Internet and information technology among resident physicians in a large academic medical center and to assess concerns regarding privacy, security, and credibility of information on the Internet. A 41-question survey was distributed to 150 pediatric, medical, and surgical residents at an urban, academic medical center. One hundred thirty-five residents completed the survey (response rate of 90%). Responses were evaluated and statistical analysis was done. The majority of resident physicians in our survey have adopted the tools of information technology. Ninety-eight percent used the Internet and 96% use e-mail. Two-thirds of the respondents used the Internet for healthcare-related purposes and a similar percentage thought that the Internet has affected their practice of medicine positively. The majority of residents thought that Internet healthcare services such as electronic medical records, peer-support websites, and remote patient monitoring would be beneficial for the healthcare industry. However, they are concerned about the credibility, privacy, and security of health and medical information online. The majority of resident physicians in our institution use Internet and information technology in their practice of medicine. Most think that the Internet will continue to have a beneficial role in the healthcare industry.

Health Information Exchange: What do patients want?

PubMed

Medford-Davis, Laura N; Chang, Lawrence; Rhodes, Karin V

2017-12-01

To determine whether emergency department patients want to share their medical records across health systems through Health Information Exchange and if so, whether they prefer to sign consent or share their records automatically, 982 adult patients presenting to an emergency department participated in a questionnaire-based interview. The majority (N = 906; 92.3%) were willing to share their data in a Health Information Exchange. Half (N = 490; 49.9%) reported routinely getting healthcare outside the system and 78.6 percent reported having records in other systems. Of those who were willing to share their data in a Health Information Exchange, 54.3 percent wanted to sign consent but 90 percent of those would waive consent in the case of an emergency. Privacy and security were primary concerns of patients not willing to participate in Health Information Exchange and preferring to sign consent. Improved privacy and security protections could increase participation, and findings support consideration of "break-the-glass" provider access to Health Information Exchange records in an emergent situation.

A privacy authentication scheme based on cloud for medical environment.

PubMed

Chen, Chin-Ling; Yang, Tsai-Tung; Chiang, Mao-Lun; Shih, Tzay-Farn

2014-11-01

With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients' privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device's characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

Organizati" and Programs of the U.S. Department of Labor: Manpower Administration.

ERIC Educational Resources Information Center

Manpower Administration (DOL), Washington, DC.

This publication was prepared to assist agencies in the development of manpower programs under the Demonstration Cities and Metropolitan Development Act of 1966. It contains information concerning the: (1)Manpowe r Administration (MA), (2)Bureau of Employment Security (BES), (3)Bureau of Apprenticeship and Training (BAT), (4)Bureau of Work…

76 FR 19174 - In the Matter of Centrack International, Inc., Alternafuels, Inc., Intelligent Medical Imaging...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

...., Alternafuels, Inc., Intelligent Medical Imaging, Inc., and Optimark Data Systems, Inc.; Order of Suspension of... accurate information concerning the securities of Intelligent Medical Imaging, Inc. because it has not..., 1999. The Commission is of the opinion that the public interest and the protection of investors require...

The Dichotomous Relationship between Personality Traits and Repatriation Decisions by Information Technology Workers

ERIC Educational Resources Information Center

Pearson, Marcia L. Y.

2013-01-01

Researchers have consistently documented high turnover rates among repatriated workers after overseas assignments, mainly due to post-repatriation concerns about career advancement, compensation reduction, subsequent use of overseas experience, and job security. What is unknown is a method to alleviate this problem by selecting the types of…

Comparing Intentions to Use University-Provided vs Vendor-Provided Multibiometric Authentication in Online Exams

ERIC Educational Resources Information Center

Levy, Yair; Ramim, Michelle M.; Furnell, Steven M.; Clarke, Nathan L.

2011-01-01

Purpose: Concerns for information security in e-learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students' authentication during online exams beyond passwords. This paper aims to assess e-learners' intention to provide multibiometric data and use of multibiometrics…

17 CFR 232.313 - Identification of investment company type and series and/or class (or contract).

Code of Federal Regulations, 2013 CFR

2013-04-01

... company type and series and/or class (or contract). 232.313 Section 232.313 Commodity and Securities... series and/or class (or contract). (a) Registered investment companies and business development companies... keep current, information concerning their existing and new series and/or classes (or contracts, in the...

17 CFR 232.313 - Identification of investment company type and series and/or class (or contract).

Code of Federal Regulations, 2010 CFR

2010-04-01

... company type and series and/or class (or contract). 232.313 Section 232.313 Commodity and Securities... series and/or class (or contract). (a) Registered investment companies and business development companies... keep current, information concerning their existing and new series and/or classes (or contracts, in the...

78 FR 42573 - Self-Regulatory Organizations; New York Stock Exchange LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-16

...-Regulatory Organizations; New York Stock Exchange LLC; Notice of Filing and Immediate Effectiveness of..., 2013, New York Stock Exchange LLC (``NYSE'' or the ``Exchange'') filed with the Securities and Exchange... 8210, which concerns the provision of information and testimony and inspection and copying of books and...

78 FR 57837 - Ravalli County Resource Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-20

... authorized under the Secure Rural Schools and Community Self-Determination Act (Pub. L. 110-343) (the Act... concerning projects and funding consistent with the title II of the Act. The meeting is open to the public. The purpose of the meeting is to provide information regarding the monitoring of RAC projects. DATES...

76 FR 74068 - Guidance on Domestic Implementation of International Standards for Oceangoing Barges Carrying...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-30

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2011-1084] Guidance on Domestic... written comments identified by docket number USCG- 2011-1084 before or after the meeting using any one of... under docket number USCG-2011-1084. FOR FURTHER INFORMATION CONTACT: If you have questions concerning...

Report on Experiment Girls on Boys' Interschool Athletic Teams. March 1969-1970.

ERIC Educational Resources Information Center

New York State Education Dept., Albany. Div. of Health, Physical Education, and Recreation.

The primary purposes of this project were to secure information concerning (a) administrative, supervisory, and other conditions which would be detrimental to girls' participation on boys' interschool athletic teams in noncontract schools, and (b) experiences and opinions of persons directly involved in the program. The participation of 100…

Security of electronic mental health communication and record-keeping in the digital age.

PubMed

Elhai, Jon D; Frueh, B Christopher

2016-02-01

The mental health field has seen a trend in recent years of the increased use of information technology, including mobile phones, tablets, and laptop computers, to facilitate clinical treatment delivery to individual patients and for record keeping. However, little attention has been paid to ensuring that electronic communication with patients is private and secure. This is despite potentially deleterious consequences of a data breach, which are reported in the news media very frequently in modern times. In this article, we present typical security concerns associated with using technology in clinical services or research. We also discuss enhancing the privacy and security of electronic communication with clinical patients and research participants. We offer practical, easy-to-use software application solutions for clinicians and researchers to secure patient communication and records. We discuss such issues as using encrypted wireless networks, secure e-mail, encrypted messaging and videoconferencing, privacy on social networks, and others. © Copyright 2015 Physicians Postgraduate Press, Inc.

Privacy preserving integration of health care data.

PubMed

Adam, Nabil; White, Tom; Shafiq, Basit; Vaidya, Jaideep; He, Xiaoyun

2007-10-11

For health care related research studies the medical records of patients may need to be retrieved from multiple sites with different regulations on the disclosure of health information. Given the sensitive nature of health care information, privacy is a major concern when patients' health care data is used for research purposes. In this paper, we propose an approach for integration and querying of health care data from multiple sources in a secure and privacy preserving manner.

Policy Framework for Addressing Personal Security Issues Concerning Women and Girls. National Strategy on Community Safety and Crime Prevention.

ERIC Educational Resources Information Center

National Crime Prevention Centre, Ottawa (Ontario).

This document presents a policy framework for improving the personal security of women and girls. The document includes: (1) "Introduction"; (2) "Policy Background" (the concept of personal security, the societal context of women's personal security, consequences of violence for women and girls, long-term policy concern, and…

Development of a consortium for water security and safety: Planning for an early warning system

USGS Publications Warehouse

Clark, R.M.; Adam, N.R.; Atluri, V.; Halem, M.; Vowinkel, E.F.; ,

2004-01-01

The events of September 11, 2001 have raised concerns over the safety and security of the Nation's critical infrastructure including water and waste water systems. In June 2002, the U.S. EPA's Region II Office (New York City), in response to concerns over water security, in collaboration with Rutgers University agreed to establish a Regional Drinking Water Security and Safety Consortium (RDWSSC). Members of the consortium include: Rutgers University's Center for Information Management, Integration and Connectivity (CIMIC), American Water (AW), the Passaic Valley Water Commission (PVWC), the North Jersey District Water Supply Commission (NJDWSC), the N.J. Department of Environmental Protection, the U.S. Geological Survey (USGS), and the U.S. Environmental Protection Agencies, Region II Office. In December of 2002 the consortium members signed a memorandum of understanding (MOU) to pursue activities to enhance regional water security. Development of an early warning system for source and distributed water was identified as being of primary importance by the consortium. In this context, an early warning system (EWS) is an integrated system of monitoring stations located at strategic points in a water utilities source waters or in its distribution system, designed to warn against contaminants that might threaten the health and welfare of drinking water consumers. This paper will discuss the consortium's progress in achieving these important objectives.

Attitude Towards Health Information Privacy and Electronic Health Records Among Urban Sri Lankan Adults.

PubMed

Tissera, Shaluni R; Silva, S N

2016-01-01

Sri Lanka is planning to move towards an Electronic Health Record (EHR) system. This research argues that the public preparedness should be considered in order to implement a functioning and an effective EHR system in a country. When asked about how concerned the participants were about the security of their health records, 40.5% stated they were concerned and 38.8% were very concerned. They were asked to rate the 'level of trust' they have on health institutes in Sri Lanka on a scale from 1 to 10 (1 lowest level of trust and 10 highest), 66.1% rated at level 5 or less.

TRENCADIS - secure architecture to share and manage DICOM objects in a ontological framework based on OGSA.

PubMed

Blanquer, Ignacio; Hernandez, Vicente; Segrelles, Damià; Torres, Erik

2007-01-01

Today most European healthcare centers use the digital format for their databases of images. TRENCADIS is a software architecture comprising a set of services as a solution for interconnecting, managing and sharing selected parts of medical DICOM data for the development of training and decision support tools. The organization of the distributed information in virtual repositories is based on semantic criteria. Different groups of researchers could organize themselves to propose a Virtual Organization (VO). These VOs will be interested in specific target areas, and will share information concerning each area. Although the private part of the information to be shared will be removed, special considerations will be taken into account to avoid the access by non-authorized users. This paper describes the security model implemented as part of TRENCADIS. The paper is organized as follows. First introduces the problem and presents our motivations. Section 1 defines the objectives. Section 2 presents an overview of the existing proposals per objective. Section 3 outlines the overall architecture. Section 4 describes how TRENCADIS is architected to realize the security goals discussed in the previous sections. The different security services and components of the infrastructure are briefly explained, as well as the exposed interfaces. Finally, Section 5 concludes and gives some remarks on our future work.

Archiving data from new survey technologies: Enabling research with high-precision data while preserving participant privacy

DOE PAGES

Gonder, Jeffrey; Burton, Evan; Murakami, Elaine

2015-12-29

Despite the significant effort and expense to collect high-resolution Global Positioning System (GPS) data in travel surveys, privacy concerns often lead to its underutilization. This paper describes development of the Transportation Secure Data Center (TSDC) to address this dilemma of providing data access while preserving privacy. Furthermore, the TSDC operating structure was developed in consultation with an advisory committee and includes: a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using amore » variety of tools and reference information.« less

Medical image security using modified chaos-based cryptography approach

NASA Astrophysics Data System (ADS)

Talib Gatta, Methaq; Al-latief, Shahad Thamear Abd

2018-05-01

The progressive development in telecommunication and networking technologies have led to the increased popularity of telemedicine usage which involve storage and transfer of medical images and related information so security concern is emerged. This paper presents a method to provide the security to the medical images since its play a major role in people healthcare organizations. The main idea in this work based on the chaotic sequence in order to provide efficient encryption method that allows reconstructing the original image from the encrypted image with high quality and minimum distortion in its content and doesn’t effect in human treatment and diagnosing. Experimental results prove the efficiency of the proposed method using some of statistical measures and robust correlation between original image and decrypted image.

Security evaluation and assurance of electronic health records.

PubMed

Weber-Jahnke, Jens H

2009-01-01

Electronic Health Records (EHRs) maintain information of sensitive nature. Security requirements in this context are typically multilateral, encompassing the viewpoints of multiple stakeholders. Two main research questions arise from a security assurance point of view, namely how to demonstrate the internal correctness of EHRs and how to demonstrate their conformance in relation to multilateral security regulations. The above notions of correctness and conformance directly relate to the general concept of system verification, which asks the question "are we building the system right?" This should not be confused with the concept of system validation, which asks the question "are we building the right system?" Much of the research in the medical informatics community has been concerned with the latter aspect (validation). However, trustworthy security requires assurances that standards are followed and specifications are met. The objective of this paper is to contribute to filling this gap. We give an introduction to fundamentals of security assurance, summarize current assurance standards, and report on experiences with using security assurance methodology applied to the EHR domain, specifically focusing on case studies in the Canadian context.

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Cloud Computing - A Unified Approach for Surveillance Issues

NASA Astrophysics Data System (ADS)

Rachana, C. R.; Banu, Reshma, Dr.; Ahammed, G. F. Ali, Dr.; Parameshachari, B. D., Dr.

2017-08-01

Cloud computing describes highly scalable resources provided as an external service via the Internet on a basis of pay-per-use. From the economic point of view, the main attractiveness of cloud computing is that users only use what they need, and only pay for what they actually use. Resources are available for access from the cloud at any time, and from any location through networks. Cloud computing is gradually replacing the traditional Information Technology Infrastructure. Securing data is one of the leading concerns and biggest issue for cloud computing. Privacy of information is always a crucial pointespecially when an individual’s personalinformation or sensitive information is beingstored in the organization. It is indeed true that today; cloud authorization systems are notrobust enough. This paper presents a unified approach for analyzing the various security issues and techniques to overcome the challenges in the cloud environment.

The EGS Data Collaboration Platform: Enabling Scientific Discovery

DOE Office of Scientific and Technical Information (OSTI.GOV)

Weers, Jonathan D; Johnston, Henry; Huggins, Jay V

Collaboration in the digital age has been stifled in recent years. Reasonable responses to legitimate security concerns have created a virtual landscape of silos and fortified castles incapable of sharing information efficiently. This trend is unfortunately opposed to the geothermal scientific community's migration toward larger, more collaborative projects. To facilitate efficient sharing of information between team members from multiple national labs, universities, and private organizations, the 'EGS Collab' team has developed a universally accessible, secure data collaboration platform and has fully integrated it with the U.S. Department of Energy's (DOE) Geothermal Data Repository (GDR) and the National Geothermal Data Systemmore » (NGDS). This paper will explore some of the challenges of collaboration in the modern digital age, highlight strategies for active data management, and discuss the integration of the EGS Collab data management platform with the GDR to enable scientific discovery through the timely dissemination of information.« less

76 FR 35062 - Apparel America, Inc. (n/k/a HSK Industries, Inc.), Decora Industries, Inc., Diversicon Holdings...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-15

... Transportation Network Group, Inc., and Premier Wealth Management, Inc. (a/k/a Premiere Wealth Management, Inc... lack of current and accurate information concerning the securities of Integrated Transportation Network Group, Inc. because it has not filed any periodic reports since the period ended September 30, 1999. It...

Export Controls and the Tensions between Academic Freedom and National Security

ERIC Educational Resources Information Center

Evans, Samuel A. W.; Valdivia, Walter D.

2012-01-01

In the U.S.A., advocates of academic freedom--the ability to pursue research unencumbered by government controls--have long found sparring partners in government officials who regulate technology trade. From concern over classified research in the 1950s, to the expansion of export controls to cover trade in information in the 1970s, to current…

VA and DOD Health Care: First Federal Health Care Center Established, but Implementation Concerns Need to Be Addressed

DTIC Science & Technology

2011-07-01

procedures for the reporting of information security incidents. However, VA and DOD did not meet designated deadlines for the three capabilities that were...addition to the contact named above, Marcia A. Mann, Assistant Director; Jill K. Center; Kaycee M. Glavich; E. Jane Whipple ; and Malissa G. Winograd

76 FR 70520 - Rovac Corp., RS Group of Companies, Inc., Rymer Foods, Inc. Stratus Services Group, Inc., Sun Cal...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-14

...., Rymer Foods, Inc. Stratus Services Group, Inc., Sun Cal Energy, Inc., Sun Motor International, Inc... current and accurate information concerning the securities of Sun Cal Energy, Inc. because it has not... Sun Motor International, Inc. because it has not filed any periodic reports since the period ended...

Information Technology and the Evolution of the Library

DTIC Science & Technology

2009-03-01

Resource Commons/ Repository/ Federated Search ILS (GLADIS/Pathfinder - Millenium)/ Catalog/ Circulation/ Acquisitions/ Digital Object Content...content management services to help centralize and distribute digi- tal content from across the institution, software to allow for seamless federated ... search - ing across multiple databases, and imaging software to allow for daily reimaging of ter- minals to reduce security concerns that otherwise

77 FR 13172 - Aduddell Industries, Inc., Capital Markets Technologies, Inc., Challenger Powerboats, Inc., and...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-05

... Technologies, Inc., Challenger Powerboats, Inc., and CLX Medical, Inc.; Order of Suspension of Trading March 1... Technologies, Inc. because it has not filed any periodic reports since the period ended September 30, 2008. It... a lack of current and accurate information concerning the securities of CLX Medical, Inc. because it...

Under Siege: Schools as the New Battleground. Strategies To Protect Students, Staff, and Facilities.

ERIC Educational Resources Information Center

Agron, Joe, Ed.

1999-01-01

This American School and University supplement theme issue provides information from experts in the security industry concerning school violence and its prevention. Articles address the lessons learned from recent school shootings that may help reduce future occurrences, the need for a greater adherence to order in schools to set the stage for a…

Teamwork and the National Security Personnel System

DTIC Science & Technology

2007-03-18

and thereby improve organizational performance. However, concern exists that only rewarding individual performance may adversely impact teamwork...collaboration, and information sharing which could ultimately impact organizational performance. This paper explores the importance of teamwork for...indicates that pay-for-performance systems can harm teamwork suggesting that NSPS could negatively impact teamwork within the DoD. Recommendations are

76 FR 12209 - Access to Aircraft Situation Display (ASDI) and National Airspace System Status Information (NASSI)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-04

..., a recent history of violent terrorist activity in the geographic area in which the transportation is...-oriented security concern'' that requires an employee to travel on a company plane for business and... history of violent terrorist activity in the geographic area in which the transportation is provided, or a...

Destruction or Loss of School Property: Analysis and Suggestions for Improvement of School Security.

ERIC Educational Resources Information Center

Nelken, Ira; Kline, Sam

In recent years the costs of school vandalism and the incidence of vandalism in the public schools have been rising. The study concerns itself with the application of production functions, Monte Carlo techniques, and Shannon's model of information theory to determine the most efficient use of preventive vandalism techniques in a large school…

What then do we do about computer security?

DOE Office of Scientific and Technical Information (OSTI.GOV)

Suppona, Roger A.; Mayo, Jackson R.; Davis, Christopher Edward

This report presents the answers that an informal and unfunded group at SNL provided for questions concerning computer security posed by Jim Gosler, Sandia Fellow (00002). The primary purpose of this report is to record our current answers; hopefully those answers will turn out to be answers indeed. The group was formed in November 2010. In November 2010 Jim Gosler, Sandia Fellow, asked several of us several pointed questions about computer security metrics. Never mind that some of the best minds in the field have been trying to crack this nut without success for decades. Jim asked Campbell to leadmore » an informal and unfunded group to answer the questions. With time Jim invited several more Sandians to join in. We met a number of times both with Jim and without him. At Jim's direction we contacted a number of people outside Sandia who Jim thought could help. For example, we interacted with IBM's T.J. Watson Research Center and held a one-day, videoconference workshop with them on the questions.« less

Healthcare public key infrastructure (HPKI) and non-profit organization (NPO): essentials for healthcare data exchange.

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Nakagawa, Katsuhiko; Teratani, Tadamasa; Qiyan, Zhang; Kusuoka, Hideo; Matsuoka, Masami

2004-01-01

To share healthcare information and to promote cooperation among healthcare providers and customers (patients) under computerized network environment, a non-profit organization (NPO), named as OCHIS, was established at Osaka, Japan in 2003. Since security and confidentiality issues on the Internet have been major concerns in the OCHIS, the system has been based on healthcare public key infrastructure (HPKI), and found that there remained problems to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority by contracting with the Ministry of Economics and Trading Industries in 2003. This paper describes the experimental design with NPO and the results of the study concerning message security and HPKI. The developed system has been operated practically in Osaka urban area.

Scientific Openness and National Security at the National Laboratories

NASA Astrophysics Data System (ADS)

McTague, John

2000-04-01

The possible loss to the People's Republic of China of important U.S. nuclear-weapons-related information has aroused concern about interactions of scientists employed by the national laboratories with foreign nationals. As a result, the National Academies assembled a committee to examine the roles of the national laboratories, the contribution of foreign interactions to the fulfillment of those roles, the risks and benefits of scientific openness in this context, and the merits and liabilities of the specific policies being implemented or proposed with respect to contacts with foreign nationals. The committee concluded that there are many aspects of the work at the laboratories that benefit from or even demand the opportunity for foreign interactions. The committee recommended five principles for guiding policy: (1) Maintain balance. Policy governing international dialogue by laboratory staff should seek to encourage international engagement in some areas, while tightly controlling it in others. (2) Educate staff. Security procedures should be clear, easy to follow, and serve an understandable purpose. (3) Streamline procedures. Good science is compatible with good security if there is intelligent line management both at the labs and in Washington, which applies effective tools for security in a sensible fashion. (4) Focus efforts. DOE should focus its efforts governing tightened security for information. The greatest attention should obviously be provided to the protection of classified information by appropriate physical and cybersecurity measures, and by personnel procedures and training. (5) Beware of prejudice against foreigners. Over the past half-century foreign-born individuals have contributed broadly and profoundly to national security through their work at the national laboratories.

32 CFR 147.14 - Guideline L-Outside activities.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Adjudication § 147.14 Guideline L—Outside activities. (a) The concern. Involvement in certain types of outside employment or activities is of security concern if it poses a conflict with an individual's security... outside employment or activity indicates that it does not pose a conflict with an individual's security...

System Requirement Analyses for Ubiquitous Environment Management System

NASA Astrophysics Data System (ADS)

Lim, Sang Boem; Gil, Kyung Jun; Choe, Ho Rim; Eo, Yang Dam

We are living in new stage of society. U-City introduces new paradigm that cannot be archived in traditional city to future city. Korea is one of the most active countries to construct U-City based on advances of IT technologies - especially based on high-speed network through out country [1]. Peoples are realizing ubiquitous service is key factor of success of U-City. Among the U-services, U-security service is one of the most important services. Nowadays we have to concern about traditional threat and also personal information. Since apartment complex is the most common residence type in Korea. We are developing security rules and system based on analyses of apartment complex and assert of apartment complex. Based on these analyses, we are developing apartment complex security using various technologies including home network system. We also will discuss basic home network security architecture.

A global assessment of wildfire risks to human and environmental water security

NASA Astrophysics Data System (ADS)

Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

2017-04-01

Extreme wildfire events extensively affect hydrosystem stability and generate an important threat to the reliability of the water supply for human and natural communities. While actively studied at the watershed scale, the development of a global vision of wildfire risk to water security has only been undertaken recently, pointing at potential water security concerns in an era of global changes. In order to address this concern, we propose a global-scale analysis of the wildfire risk to surface water supplies based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. Based on the literature, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. Each indicator was assigned a DPSIR category. Then, we collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the wildfire-water risk (WWR). For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, for analysis. Overall, our results show a distinct pattern of medium-to-high risk levels in areas where sizeable wildfire activity, water resources, and water consumption are concomitant, which mainly encompasses temperate and sub-tropical zones. A closer look at hydrobelts reveals differences in the factors driving the risk, with fire activity being the primary factor of risk in the circumboreal forest, and freshwater resource density being prevalent in tropical areas. We also identified major urban areas across the world whose source waters should be protected from extreme fire events, particularly when they are dependent on mountainous headwaters. This study offers new insights towards a better understanding of global water security issues that can inform and help guide international water governance.

SCA security verification on wireless sensor network node

NASA Astrophysics Data System (ADS)

He, Wei; Pizarro, Carlos; de la Torre, Eduardo; Portilla, Jorge; Riesgo, Teresa

2011-05-01

Side Channel Attack (SCA) differs from traditional mathematic attacks. It gets around of the exhaustive mathematic calculation and precisely pin to certain points in the cryptographic algorithm to reveal confidential information from the running crypto-devices. Since the introduction of SCA by Paul Kocher et al [1], it has been considered to be one of the most critical threats to the resource restricted but security demanding applications, such as wireless sensor networks. In this paper, we focus our work on the SCA-concerned security verification on WSN (wireless sensor network). A detailed setup of the platform and an analysis of the results of DPA (power attack) and EMA (electromagnetic attack) is presented. The setup follows the way of low-cost setup to make effective SCAs. Meanwhile, surveying the weaknesses of WSNs in resisting SCA attacks, especially for the EM attack. Finally, SCA-Prevention suggestions based on Differential Security Strategy for the FPGA hardware implementation in WSN will be given, helping to get an improved compromise between security and cost.

Interface of Science, Technology and Security: Areas of Most Concern, Now and Ahead

DTIC Science & Technology

2017-03-28

connectivity is creating new forms of security threats and exploitable instabilities. There is a need to develop secure software to reduce vulnerabilities...implications in the light of global population growth, industrialization and limited fossil fuel supplies. The continued improvement of generation, storage...national strategic concern is when the S&T-security nexus creates opportunities for misunderstanding. These opportunities assume two forms , rooted in

Balancing entrepreneurship and business practices for e-collaboration: responsible information sharing in academic research.

PubMed

Porter, Mark W; Porter, Mark William; Milley, David; Oliveti, Kristyn; Ladd, Allen; O'Hara, Ryan J; Desai, Bimal R; White, Peter S

2008-11-06

Flexible, highly accessible collaboration tools can inherently conflict with controls placed on information sharing by offices charged with privacy protection, compliance, and maintenance of the general business environment. Our implementation of a commercial enterprise wiki within the academic research environment addresses concerns of all involved through the development of a robust user training program, a suite of software customizations that enhance security elements, a robust auditing program, allowance for inter-institutional wiki collaboration, and wiki-specific governance.

Are participants concerned about privacy and security when using short message service to report product adherence in a rectal microbicide trial?

PubMed

Giguere, Rebecca; Brown, William; Balán, Ivan C; Dolezal, Curtis; Ho, Titcha; Sheinfil, Alan; Ibitoye, Mobolaji; Lama, Javier R; McGowan, Ian; Cranston, Ross D; Carballo-Diéguez, Alex

2018-04-01

During a Phase 2 rectal microbicide trial, men who have sex with men and transgender women (n = 187) in 4 countries (Peru, South Africa, Thailand, United States) reported product use daily via short message service (SMS). To prevent disclosure of study participation, the SMS system program included privacy and security features. We evaluated participants' perceptions of privacy while using the system and acceptability of privacy/security features. To protect privacy, the SMS system: (1) confirmed participant availability before sending the study questions, (2) required a password, and (3) did not reveal product name or study participation. To ensure security, the system reminded participants to lock phone/delete messages. A computer-assisted self-interview (CASI), administered at the final visit, measured burden of privacy and security features and SMS privacy concerns. A subsample of 33 participants underwent an in-depth interview (IDI). Based on CASI, 85% had no privacy concerns; only 5% were very concerned. Most were not bothered by the need for a password (73%) or instructions to delete messages (82%). Based on IDI, reasons for low privacy concerns included sending SMS in private or feeling that texting would not draw attention. A few IDI participants found the password unnecessary and more than half did not delete messages. Most participants were not concerned that the SMS system would compromise their confidentiality. SMS privacy and security features were effective and not burdensome. Short ID-related passwords, ambiguous language, and reminders to implement privacy and security-enhancing behaviors are recommended for SMS systems.

Two RFID standard-based security protocols for healthcare environments.

PubMed

Picazo-Sanchez, Pablo; Bagheri, Nasour; Peris-Lopez, Pedro; Tapiador, Juan E

2013-10-01

Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate the implementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

A Secure Scheme for Distributed Consensus Estimation against Data Falsification in Heterogeneous Wireless Sensor Networks.

PubMed

Mi, Shichao; Han, Hui; Chen, Cailian; Yan, Jian; Guan, Xinping

2016-02-19

Heterogeneous wireless sensor networks (HWSNs) can achieve more tasks and prolong the network lifetime. However, they are vulnerable to attacks from the environment or malicious nodes. This paper is concerned with the issues of a consensus secure scheme in HWSNs consisting of two types of sensor nodes. Sensor nodes (SNs) have more computation power, while relay nodes (RNs) with low power can only transmit information for sensor nodes. To address the security issues of distributed estimation in HWSNs, we apply the heterogeneity of responsibilities between the two types of sensors and then propose a parameter adjusted-based consensus scheme (PACS) to mitigate the effect of the malicious node. Finally, the convergence property is proven to be guaranteed, and the simulation results validate the effectiveness and efficiency of PACS.

76 FR 27738 - Order of Suspension of Trading; In the Matter of Diversified Investors Corp. (n/k/a Diverse...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-12

... of Diversified Investors Corp. (n/k/a Diverse Holdings Corp.), Drew Resources (n/k/a Galloway Energy, Inc.), DTI Medical Corp., DTLL, Inc. (n/k/a Solstice Resorts, Inc.), and Dunn's Supply Store, Inc. May... accurate information concerning the securities of Diversified Investors Corp. (n/k/a Diverse Holdings Corp...

Security of a single-state semi-quantum key distribution protocol

NASA Astrophysics Data System (ADS)

Zhang, Wei; Qiu, Daowen; Mateus, Paulo

2018-06-01

Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some "classical" or "semi-quantum" operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.

The Rules of Engagement: Perspectives on Secure Messaging From Experienced Ambulatory Patient Portal Users

PubMed Central

Schnierle, Jeanette; Florian, Hannah; Agarwal, Aradhna; Rundell, Kristen; McAlearney, Ann Scheck

2017-01-01

Background Patient portals have shown promise in engaging individuals in self-management of chronic conditions by allowing patients to input and track health information and exchange secure electronic messages with their providers. Past studies have identified patient barriers to portal use including usability issues, low health literacy, and concerns about loss of personal contact as well as provider concerns such as increased time spent responding to messages. However, to date, studies of both patient and provider perspectives on portal use have focused on the pre-implementation or initial implementation phases and do not consider how these issues may change as patients and providers gain greater experience with portals. Objective Our study examined the following research question: Within primary care offices with high rates of patient-portal use, what do experienced physician and patient users of the ambulatory portal perceive as the benefits and challenges of portal use in general and secure messaging in particular? Methods This qualitative study involved 42 interviews with experienced physician and patient users of an ambulatory patient portal, Epic’s MyChart. Participants were recruited from the Department of Family Medicine at a large Academic Medical Center (AMC) and included providers and their patients, who had been diagnosed with at least one chronic condition. A total of 29 patients and 13 primary care physicians participated in the interviews. All interviews were conducted by telephone and followed a semistructured interview guide. Interviews were transcribed verbatim to permit rigorous qualitative analysis. Both inductive and deductive methods were used to code and analyze the data iteratively, paying particular attention to themes involving secure messaging. Results Experienced portal users discussed several emergent themes related to a need for greater clarity on when and how to use the secure messaging feature. Patient concerns included worry about imposing on their physician’s time, the lack of provider compensation for responding to secure messages, and uncertainty about when to use secure messaging to communicate with their providers. Similarly, providers articulated a lack of clarity as to the appropriate way to communicate via MyChart and suggested that additional training for both patients and providers might be important. Patient training could include orienting patients to the “rules of engagement” at portal sign-up, either in the office or through an online tutorial. Conclusions As secure messaging through patient portals is increasingly being used as a method of physician-patient communication, both patients and providers are looking for guidance on how to appropriately engage with each other using this tool. Patients worry about whether their use is appropriate, and providers are concerned about the content of messages, which allow them to effectively manage patient questions. Our findings suggest that additional training may help address the concerns of both patients and providers, by providing “rules of engagement” for communication via patient portals. PMID:28676467

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

The Influence of Attachment Security on Preschool Children's Empathic Concern

ERIC Educational Resources Information Center

Murphy, Tia Panfile; Laible, Deborah J.

2013-01-01

The current study examined the direction of the association between children's attachment security and empathic responding. At 42 and 48 months of age, 69 children's empathic concern was observed, and mothers reported the children's attachment. Results indicated that attachment at 42 months predicted empathic concern at 48 months even after…

Attitudes regarding privacy of genomic information in personalized cancer therapy

PubMed Central

Rogith, Deevakar; Yusuf, Rafeek A; Hovick, Shelley R; Peterson, Susan K; Burton-Chase, Allison M; Li, Yisheng; Meric-Bernstam, Funda; Bernstam, Elmer V

2014-01-01

Objective To evaluate attitudes regarding privacy of genomic data in a sample of patients with breast cancer. Methods Female patients with breast cancer (n=100) completed a questionnaire assessing attitudes regarding concerns about privacy of genomic data. Results Most patients (83%) indicated that genomic data should be protected. However, only 13% had significant concerns regarding privacy of such data. Patients expressed more concern about insurance discrimination than employment discrimination (43% vs 28%, p<0.001). They expressed less concern about research institutions protecting the security of their molecular data than government agencies or drug companies (20% vs 38% vs 44%; p<0.001). Most did not express concern regarding the association of their genomic data with their name and personal identity (49% concerned), billing and insurance information (44% concerned), or clinical data (27% concerned). Significantly fewer patients were concerned about the association with clinical data than other data types (p<0.001). In the absence of direct benefit, patients were more willing to consent to sharing of deidentified than identified data with researchers not involved in their care (76% vs 60%; p<0.001). Most (85%) patients were willing to consent to DNA banking. Discussion While patients are opposed to indiscriminate release of genomic data, privacy does not appear to be their primary concern. Furthermore, we did not find any specific predictors of privacy concerns. Conclusions Patients generally expressed low levels of concern regarding privacy of genomic data, and many expressed willingness to consent to sharing their genomic data with researchers. PMID:24737606

Securing While Sampling in Wireless Body Area Networks With Application to Electrocardiography.

PubMed

Dautov, Ruslan; Tsouri, Gill R

2016-01-01

Stringent resource constraints and broadcast transmission in wireless body area network raise serious security concerns when employed in biomedical applications. Protecting data transmission where any minor alteration is potentially harmful is of significant importance in healthcare. Traditional security methods based on public or private key infrastructure require considerable memory and computational resources, and present an implementation obstacle in compact sensor nodes. This paper proposes a lightweight encryption framework augmenting compressed sensing with wireless physical layer security. Augmenting compressed sensing to secure information is based on the use of the measurement matrix as an encryption key, and allows for incorporating security in addition to compression at the time of sampling an analog signal. The proposed approach eliminates the need for a separate encryption algorithm, as well as the predeployment of a key thereby conserving sensor node's limited resources. The proposed framework is evaluated using analysis, simulation, and experimentation applied to a wireless electrocardiogram setup consisting of a sensor node, an access point, and an eavesdropper performing a proximity attack. Results show that legitimate communication is reliable and secure given that the eavesdropper is located at a reasonable distance from the sensor node and the access point.

Cyberspace modernization. An interest protocol planning advisory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keliiaa, Curtis M.; McLane, Victor N.

A common challenge across the communications and information technology (IT) sectors is Internet + modernization + complexity + risk + cost. Cyberspace modernization and cyber security risks, issues, and concerns impact service providers, their customers, and the industry at large. Public and private sectors are struggling to solve the problem. New service opportunities lie in mobile voice, video, and data, and machine-to-machine (M2M) information and communication technologies that are migrating not only to predominant Internet Protocol (IP) communications, but also concurrently integrating IP, version 4 (IPv4) and IP, version 6 (IPv6). With reference to the Second Internet and the Internetmore » of Things, next generation information services portend business survivability in the changing global market. The planning, architecture, and design information herein is intended to increase infrastructure preparedness, security, interoperability, resilience, and trust in the midst of such unprecedented change and opportunity. This document is a product of Sandia National Laboratories Tribal Cyber and IPv6 project work. It is a Cyberspace Modernization objective advisory in support of bridging the digital divide through strategic partnership and an informed path forward.« less

Borrowing to save: a critique of recent proposals to partially privatize Social Security.

PubMed

Dattalo, Patrick

2007-07-01

Concern over Social Security's forecasted long-run deficit is occurring at a time when the program has a short-term surplus. One proposed strategy to address this forecasted deficit is to allow the investment of a portion of payroll taxes into private savings accounts (PSAs). The author analyzes recent proposals for PSAs and concludes that PSAs are more likely to be a problem than a solution. Paradoxically, PSAs require the government to borrow to encourage current workers to save. The author recommends resources to help social workers remain informed about proposed program reforms and prepared to advocate for the concept of social insurance.

Seven layers of security to help protect biomedical research facilities.

PubMed

Mortell, Norman

2010-04-01

In addition to risks such as theft and fire that can confront any type of business, the biomedical research community often faces additional concerns over animal rights extremists, infiltrations, data security and intellectual property rights. Given these concerns, it is not surprising that the industry gives a high priority to security. This article identifies security threats faced by biomedical research companies and shows how these threats are ranked in importance by industry stakeholders. The author then goes on to discuss seven key 'layers' of security, from the external environment to the research facility itself, and how these layers all contribute to the creation of a successfully secured facility.

Uncovering patterns of technology use in consumer health informatics

PubMed Central

Hung, Man; Conrad, Jillian; Hon, Shirley D.; Cheng, Christine; Franklin, Jeremy D.; Tang, Philip

2014-01-01

Internet usage and accessibility has grown at a staggering rate, influencing technology use for healthcare purposes. The amount of health information technology (Health IT) available through the Internet is immeasurable and growing daily. Health IT is now seen as a fundamental aspect of patient care as it stimulates patient engagement and encourages personal health management. It is increasingly important to understand consumer health IT patterns including who is using specific technologies, how technologies are accessed, factors associated with use, and perceived benefits. To fully uncover consumer patterns it is imperative to recognize common barriers and which groups they disproportionately affect. Finally, exploring future demand and predictions will expose significant opportunities for health IT. The most frequently used health information technologies by consumers are gathering information online, mobile health (mHealth) technologies, and personal health records (PHRs). Gathering health information online is the favored pathway for healthcare consumers as it is used by more consumers and more frequently than any other technology. In regard to mHealth technologies, minority Americans, compared with White Americans utilize social media, mobile Internet, and mobile applications more frequently. Consumers believe PHRs are the most beneficial health IT. PHR usage is increasing rapidly due to PHR integration with provider health systems and health insurance plans. Key issues that have to be explicitly addressed in health IT are privacy and security concerns, health literacy, unawareness, and usability. Privacy and security concerns are rated the number one reason for the slow rate of health IT adoption. PMID:24904713

17 CFR 202.10 - Policy statement of the Securities and Exchange Commission concerning subpoenas to members of the...

Code of Federal Regulations, 2010 CFR

2010-04-01

... Securities and Exchange Commission concerning subpoenas to members of the news media. 202.10 Section 202.10... media. Freedom of the press is of vital importance to the mission of the Securities and Exchange... the issuance of subpoenas to members of the media that might impair the news gathering and reporting...

17 CFR 202.10 - Policy statement of the Securities and Exchange Commission concerning subpoenas to members of the...

Code of Federal Regulations, 2011 CFR

2011-04-01

... Securities and Exchange Commission concerning subpoenas to members of the news media. 202.10 Section 202.10... media. Freedom of the press is of vital importance to the mission of the Securities and Exchange... the issuance of subpoenas to members of the media that might impair the news gathering and reporting...

17 CFR 202.10 - Policy statement of the Securities and Exchange Commission concerning subpoenas to members of the...

Code of Federal Regulations, 2014 CFR

2014-04-01

... Securities and Exchange Commission concerning subpoenas to members of the news media. 202.10 Section 202.10... media. Freedom of the press is of vital importance to the mission of the Securities and Exchange... the issuance of subpoenas to members of the media that might impair the news gathering and reporting...

17 CFR 202.10 - Policy statement of the Securities and Exchange Commission concerning subpoenas to members of the...

Code of Federal Regulations, 2012 CFR

2012-04-01

... Securities and Exchange Commission concerning subpoenas to members of the news media. 202.10 Section 202.10... media. Freedom of the press is of vital importance to the mission of the Securities and Exchange... the issuance of subpoenas to members of the media that might impair the news gathering and reporting...

17 CFR 202.10 - Policy statement of the Securities and Exchange Commission concerning subpoenas to members of the...

Code of Federal Regulations, 2013 CFR

2013-04-01

... Securities and Exchange Commission concerning subpoenas to members of the news media. 202.10 Section 202.10... media. Freedom of the press is of vital importance to the mission of the Securities and Exchange... the issuance of subpoenas to members of the media that might impair the news gathering and reporting...

Laboratory security and emergency response guidance for laboratories working with select agents. Centers for Disease Control and Prevention.

PubMed

Richmond, Jonathan Y; Nesby-O'Dell, Shanna L

2002-12-06

In recent years, concern has increased regarding use of biologic materials as agents of terrorism, but these same agents are often necessary tools in clinical and research microbiology laboratories. Traditional biosafety guidelines for laboratories have emphasized use of optimal work practices, appropriate containment equipment, well-designed facilities, and administrative controls to minimize risk of worker injury and to ensure safeguards against laboratory contamination. The guidelines discussed in this report were first published in 1999 (U.S. Department of Health and Human Services/CDC and National Institutes of Health. Biosafety in microbiological and biomedical laboratories [BMBL]. Richmond JY, McKinney RW, eds. 4th ed. Washington, DC: US Department of Health and Human Services, 1999 [Appendix F]). In that report, physical security concerns were addressed, and efforts were focused on preventing unauthorized entry to laboratory areas and preventing unauthorized removal of dangerous biologic agents from the laboratory. Appendix F of BMBL is now being revised to include additional information regarding personnel risk assessments, and inventory controls. The guidelines contained in this report are intended for laboratories working with select agents under biosafety-level 2, 3, or 4 conditions as described in Sections II and III of BMBL. These recommendations include conducting facility risk assessments and developing comprehensive security plans to minimize the probability of misuse of select agents. Risk assessments should include systematic, site-specific reviews of 1) physical security; 2) security of data and electronic technology systems; 3) employee security; 4) access controls to laboratory and animal areas; 5) procedures for agent inventory and accountability; 6) shipping/transfer and receiving of select agents; 7) unintentional incident and injury policies; 8) emergency response plans; and 9) policies that address breaches in security. The security plan should be an integral part of daily operations. All employees should be well-trained and equipped, and the plan should be reviewed annually, at least.

Adherence to antiretroviral therapy among a conflict-affected population in Northeastern Uganda: a qualitative study.

PubMed

Olupot-Olupot, Peter; Katawera, Andrew; Cooper, Curtis; Small, Will; Anema, Aranka; Mills, Edward

2008-09-12

We aimed to determine patient and health worker concerns regarding antiretroviral adherence in a conflict-affected population using focus groups (n = 40) and semi-structured interviews (n = 11). Patient concerns include security attending clinics, food security, distance to health centers and access to health providers. During periods of famine and flooding, the lack of food security and only single daily meals makes taking multiple doses impossible. Possible facilitating strategies included mobile teams, increased security and regularity of drug stocks.

Balancing Scientific Publication and National Security Concerns: Issues for Congress

DTIC Science & Technology

2003-07-09

Zilinskas and J.B. Tucker, “Limiting the Contribution of the Open Scientific Literature to the Biological Weapons Threat,” Journal of Homeland...been used to inhibit its spread. The terrorist attacks of 2001 have increased scrutiny of nonconventional weapons , including weapons of mass destruction...Andrew Card to determine if government-owned information, especially that regarding weapons of mass destruction, was being inappropriately disclosed

Keeping Kids Safe from a Design Perspective: Ethical and Legal Guidelines for Designing a Video-Based App for Children

ERIC Educational Resources Information Center

Zydney, Janet Mannheimer; Hooper, Simon

2015-01-01

Educators can use video to gain invaluable information about their students. A concern is that collecting videos online can create an increased security risk for children. The purpose of this article is to provide ethical and legal guidelines for designing video-based apps for mobile devices and the web. By reviewing the literature, law, and code…

77 FR 27486 - Agency Information Collection Activities: Submission for the Office of Management and Budget (OMB...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-10

... security concern. 6. Who will be required or asked to report: Generators of low-level radioactive waste, or the Governor of a State on behalf of any generator or generators located in his or her State who are... generator or Governor of a State on behalf of generators seeking emergency access to an operating low-level...

Trails at LANL - Public Meeting and Forum - July 26, 2016

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pava, Daniel Seth

2016-07-26

These are the slides of a meeting about trails at Los Alamos National Laboratory. The meeting goals are the folllowing: to inform and educate citizens about LANL trails management issues that include resource protection, safety, security and trails etiquette; to explain how and why LANL trails can be closed and reopened; and to understand your concerns and ideas about LANL trails use.

Privacy and Security: A Bibliography.

ERIC Educational Resources Information Center

Computer and Business Equipment Manufacturers Association, Washington, DC.

Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

Foods: Where Innovation, Agriculture, Molecular Biosciences and Human Nutrition Meet.

PubMed

Brennan, Charles

2012-11-21

There is one commodity the world over that unites mankind-food. In 2011 the United Nations claimed that the world's population had reached the seven billion mark, a number which is set to increase dramatically in the decades to come. Food security, supply and sustainability are of paramount concern to the future economic and social progress of humanity. It is the responsibility of the food industry, together with food scientists and technologists, to shoulder the burden of ensuring an adequate supply of nutritious, safe and sensorially acceptable foods for a range of demanding consumers. In responding to this challenge, we need to understand the link between agriculture, engineering, food processing, molecular biosciences, human nutrition, commercialisation and innovation. Access to information concerning the composition and quality of foods has never been so easy for consumers and technologists alike. A plethora of research publications are made available each month to scientists and associated interested parties. The outcomes of these research manuscripts are often distilled and disseminated into messages available to everyone through bulletin boards, forums and the popular press. Newspapers and new agencies constantly report on the latest pharma-medical finding, or news regarding food safety and security concerns. We live in an age where information is so readily available to everyone that the task of finding credible and reputable data can be difficult at times. Providing sound evidenced based research is where a peer-reviewed journal can provide clarity. [...].

Priming states of mind can affect disclosure of threatening self-information: Effects of self-affirmation, mortality salience, and attachment orientations.

PubMed

Davis, Deborah; Soref, Assaf; Villalobos, J Guillermo; Mikulincer, Mario

2016-08-01

Interviewers often face respondents reluctant to disclose sensitive, embarrassing or potentially damaging information. We explored effects of priming 5 states of mind on willingness to disclose: including 2 expected to facilitate disclosure (self-affirmation, attachment security), and 3 expected to inhibit disclosure (self-disaffirmation, attachment insecurity, mortality salience). Israeli Jewish participants completed a survey including a manipulation of 1 of these states of mind, followed by questions concerning hostile thoughts and behaviors toward the Israeli Arab outgroup, past minor criminal behaviors, and socially undesirable traits and behaviors. Self-affirmation led to more disclosures of all undesirable behaviors than neutral priming, whereas self-disaffirmation led to less disclosures. Mortality salience led to fewer disclosures of socially undesirable and criminal behaviors compared to neutral priming, but more disclosures of hostile thoughts and behaviors toward Israeli Arabs. Security priming facilitated disclosure of hostile attitudes toward Israeli Arabs. However, neither security nor insecurity priming had any other significant effects. (PsycINFO Database Record (c) 2016 APA, all rights reserved).

Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings

PubMed Central

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D.

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system. PMID:15684133

A symmetrical image encryption scheme in wavelet and time domain

NASA Astrophysics Data System (ADS)

Luo, Yuling; Du, Minghui; Liu, Junxiu

2015-02-01

There has been an increasing concern for effective storages and secure transactions of multimedia information over the Internet. Then a great variety of encryption schemes have been proposed to ensure the information security while transmitting, but most of current approaches are designed to diffuse the data only in spatial domain which result in reducing storage efficiency. A lightweight image encryption strategy based on chaos is proposed in this paper. The encryption process is designed in transform domain. The original image is decomposed into approximation and detail components using integer wavelet transform (IWT); then as the more important component of the image, the approximation coefficients are diffused by secret keys generated from a spatiotemporal chaotic system followed by inverse IWT to construct the diffused image; finally a plain permutation is performed for diffusion image by the Logistic mapping in order to reduce the correlation between adjacent pixels further. Experimental results and performance analysis demonstrate the proposed scheme is an efficient, secure and robust encryption mechanism and it realizes effective coding compression to satisfy desirable storage.

Wireless technology infrastructures for authentication of patients: PKI that rings.

PubMed

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system.

Global water risks and national security: Building resilience (Invited)

NASA Astrophysics Data System (ADS)

Pulwarty, R. S.

2013-12-01

The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere, and (3) Identify preventable risks, public leadership and private innovation needed for developing adaptive water resource management institutions that take advantage of climate and hydrologic information and changes. The presentation will conclude with a preliminary framework for assessing and implementing water security measures given insecure conditions introduced by a changing climate and in the context of national security.

IMIRSEL: a secure music retrieval testing environment

NASA Astrophysics Data System (ADS)

Downie, John S.

2004-10-01

The Music Information Retrieval (MIR) and Music Digital Library (MDL) research communities have long noted the need for formal evaluation mechanisms. Issues concerning the unavailability of freely-available music materials have greatly hindered the creation of standardized test collections with which these communities could scientifically assess the strengths and weaknesses of their various music retrieval techniques. The International Music Information Retrieval Systems Evaluation Laboratory (IMIRSEL) is being developed at the University of Illinois at Urbana-Champaign (UIUC) specifically to overcome this hindrance to the scientific evaluation of MIR/MDL systems. Together with its subsidiary Human Use of Music Information Retrieval Systems (HUMIRS) project, IMIRSEL will allow MIR/MDL researchers access to the standardized large-scale collection of copyright-sensitive music materials and standardized test queries being housed at UIUC's National Center for Supercomputing Applications (NCSA). Virtual Research Labs (VRL), based upon NCSA's Data-to-Knowledge (D2K) tool set, are being developed through which MIR/MDL researchers will interact with the music materials under a "trusted code" security model.

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

Computing Game-Theoretic Solutions for Security in the Medium Term

DTIC Science & Technology

This project concerns the design of algorithms for computing game- theoretic solutions . (Game theory concerns how to act in a strategically optimal...way in environments with other agents who also seek to act optimally but have different , and possibly opposite, interests .) Such algorithms have...recently found application in a number of real-world security applications, including among others airport security, scheduling Federal Air Marshals, and

Environmental security in the Czech Republic: Status and concerns in the post Communist era

DOE Office of Scientific and Technical Information (OSTI.GOV)

Valley, P.J.

1998-10-01

The Czech Republic has made great strides toward reconciling its political and economic development with environmental protection and security issues since its recent democratization. Although new technological and legislative efforts continue to work at reducing emissions from automobiles, industries, power plants and coal mining, the Republic is committed to continuing its battle against air and water pollution, poor waste management, and needless destruction of nature. Shifting the structure of primary energy sources to qualitatively better fuels, along with the introduction of less energy-consuming technologies and the activation of new nuclear reactors, would eventually replace most of the output of coalmore » burning power plants. However, the use of nuclear power has been opposed by several political and environmental activists groups. At the international level, Austria`s opposition to the Temelin Nuclear Power plant is of great concern since Austria, as a non-nuclear state, propagates negative information about nuclear power to its citizens and other countries.« less

Secure steganography designed for mobile platforms

NASA Astrophysics Data System (ADS)

Agaian, Sos S.; Cherukuri, Ravindranath; Sifuentes, Ronnie R.

2006-05-01

Adaptive steganography, an intelligent approach to message hiding, integrated with matrix encoding and pn-sequences serves as a promising resolution to recent security assurance concerns. Incorporating the above data hiding concepts with established cryptographic protocols in wireless communication would greatly increase the security and privacy of transmitting sensitive information. We present an algorithm which will address the following problems: 1) low embedding capacity in mobile devices due to fixed image dimensions and memory constraints, 2) compatibility between mobile and land based desktop computers, and 3) detection of stego images by widely available steganalysis software [1-3]. Consistent with the smaller available memory, processor capabilities, and limited resolution associated with mobile devices, we propose a more magnified approach to steganography by focusing adaptive efforts at the pixel level. This deeper method, in comparison to the block processing techniques commonly found in existing adaptive methods, allows an increase in capacity while still offering a desired level of security. Based on computer simulations using high resolution, natural imagery and mobile device captured images, comparisons show that the proposed method securely allows an increased amount of embedding capacity but still avoids detection by varying steganalysis techniques.

Information accountability and usability: are there any connections?

PubMed

Sahama, Tony; Kushniruk, Andre; Kuwata, Shigeki

2013-01-01

Availability of health information is rapidly increasing and the expansion and proliferation of health information is inevitable. The Electronic Healthcare Record, Electronic Medical Record and Personal Health Record are at the core of this trend and are required for appropriate and practicable exchange and sharing of health information. However, it is becoming increasingly recognized that it is essential to preserve patient privacy and information security when utilising sensitive information for clinical, management and administrative processes. Furthermore, the usability of emerging healthcare applications is also becoming a growing concern. This paper proposes a novel approach for integrating consideration of information accountability with a perspective from usability engineering that can be applied when developing healthcare information technology applications. A social networking user case in the healthcare information exchange will be presented in the context of our approach.

78 FR 40131 - Proposed Subsequent Arrangement

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-03

... Concerning Peaceful Uses of Nuclear Energy and the Agreement Between the Government of the United States of America and Australia Concerning Peaceful Uses of Nuclear Energy. DATES: This subsequent arrangement will... Nonproliferation and International Security, National Nuclear Security Administration, Department of Energy...

Detection of total hip prostheses at airport security checkpoints: how has heightened security affected patients?

PubMed

Johnson, Aaron J; Naziri, Qais; Hooper, Hasan A; Mont, Michael A

2012-04-04

The sensitivity of airport security screening measures has increased substantially during the past decade, but few reports have examined how this affects patients who have undergone hip arthroplasty. The purpose of this study was to determine the experiences of patients who had hip prostheses and who passed through airport security screenings. A consecutive series of 250 patients who presented to the office of a high-volume surgeon were asked whether they had had a hip prosthesis for at least one year and, if so, whether they had flown on a commercial airline within the past year. Patients who responded affirmatively to both questions were asked to complete a written survey that included questions about which joint(s) had been replaced, the number of encounters with airport security, the frequency and location of metal detector activation, any additional screening procedures that were utilized, whether security officials requested documentation regarding the prosthesis, the degree of inconvenience, and other relevant information. Of the 143 patients with hip replacements who traveled by air, 120 (84%) reported triggering the alarm and required wanding with a handheld detector. Twenty-five of these patients reported subsequently having to undergo further inspection, including additional wanding, being patted down, and in two cases having to undress in a private room to show the incision. Ninety-nine (69%) of the 143 patients reported that the prosthetic joint caused an inconvenience while traveling. This study provides interesting and critical information that allows physicians to understand the real-world implications of implanted orthopaedic devices for patients who are traveling where there has been heightened security since September 11, 2001. Patients should be counseled that they should expect delays and be prepared for such inconveniences, but that these are often only momentary. This information could relieve some anxiety and concerns that patients may have prior to traveling.

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

PubMed

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

Public and physician's expectations and ethical concerns about electronic health record: Benefits outweigh risks except for information security.

PubMed

Entzeridou, Eleni; Markopoulou, Evgenia; Mollaki, Vasiliki

2018-02-01

Electronic Health Record systems (EHRs) offer numerous benefits in health care but also pose certain risks. As we progress toward the implementation of EHRs, a more in-depth understanding of attitudes that influence overall levels of EHR support is required. To record public and physicians' awareness, expectations for, and ethical concerns about the use of EHRs. A convenience sample was surveyed for both the public and physicians. The Public's Questionnaire was distributed to the public in a printed and an online version. The Physicians' Questionnaire was distributed to physicians in an online version. The questionnaires requested demographic characteristics followed by close-ended questions enquiring about awareness, perceived impact, perceived risks, and ethical issues raised by EHR use. In total, 46% of the public and 91% of physicians were aware of EHRs. Physicians' and public opinions were comparable concerning the positive impact of EHRs on better, more effective, and faster decisions on the patients' health, on better coordination between hospitals/clinics and on quality and reduced cost of health care. However, physicians were concerned that an EHR system would be a burden for their finances, for their time concerning training on the system, for their everyday workload and workflow. The majority of the public generally agreed that they would worry about the possibility that a non-authorized, third party might gain access to their personal health information (48.8%), and that they would worry about future discriminations due to possible disclosure of their health information (48.8%). Most physicians disagreed that EHRs will disrupt the doctor-patient relationship (58.1%) but they would worry about the safety of their patients' information (53.1%). Overall, both the public and physicians were in favor of the implementation of an EHR system, evaluating that possible benefits are more important than possible risks. The majority of the public believed that physicians should have full access to an EHR (90.9%), whereas nursing staff, pharmacists, laboratory staff, and other healthcare professional should have partial access. The factors identified in the present study present actionable insights that may increase awareness about EHRs. The survey illustrates that both the public and physicians acknowledge the benefits and support EHRs on the condition that sufficient guarantees are provided about privacy and security. Copyright © 2017 Elsevier B.V. All rights reserved.

A review and a framework of handheld computer adoption in healthcare.

PubMed

Lu, Yen-Chiao; Xiao, Yan; Sears, Andrew; Jacko, Julie A

2005-06-01

Wide adoption of mobile computing technology can potentially improve information access, enhance workflow, and promote evidence-based practice to make informed and effective decisions at the point of care. Handheld computers or personal digital assistants (PDAs) offer portable and unobtrusive access to clinical data and relevant information at the point of care. This article reviews the literature on issues related to adoption of PDAs in health care and barriers to PDA adoption. Studies showed that PDAs were used widely in health care providers' practice, and the level of use is expected to rise rapidly. Most care providers found PDAs to be functional and useful in areas of documentation, medical reference, and access to patient data. Major barriers to adoption were identified as usability, security concerns, and lack of technical and organizational support. PDAs offer health care practitioners advantages to enhance their clinical practice. However, better designed PDA hardware and software applications, more institutional support, seamless integration of PDA technology with hospital information systems, and satisfactory security measures are necessary to increase acceptance and wide use of PDAs in healthcare.

Safeguarding patient privacy in electronic healthcare in the USA: the legal view.

PubMed

Walsh, Diana; Passerini, Katia; Varshney, Upkar; Fjermestad, Jerry

2008-01-01

The conflict between the sweeping power of technology to access and assemble personal information and the ongoing concern about our privacy and security is ever increasing. While we gradually need higher electronic access to medical information, issues relating to patient privacy and reducing vulnerability to security breaches surmount. In this paper, we take a legal perspective and examine the existing patchwork of laws and obligations governing health information in the USA. The study finds that as Electronic Medical Records (EMRs) increase in scope and dissemination, privacy protections gradually decrease due to the shortcomings in the legal system. The contributions of this paper are (1) an overview of the legal EMR issues in the USA, and (2) the identification of the unresolved legal issues and how these will escalate when health information is transmitted over wireless networks. More specifically, the paper discusses federal and state government regulations such as the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and judicial intervention. Based on the legal overview, the unresolved challenges are identified and suggestions for future research are included.

Effectiveness of the Civil Aviation Security Program.

DTIC Science & Technology

1980-05-22

SECURITY. - CONTINUED TRAINING OF LAW ENFORCEMENT OFFICERS SUPPORTING AIRPORT SECURITY ACTIVITIES. - SECURITY PROGRAMS IMPLEMENTED BY AIR FREIGHT...cooperation by all concerned. (See Exhibit 14) Airport Security - Ongoing activities which contributed significantly to airport security included full...implementation of the revised Federal Aviation Regulations (FAR) Part 107 governing airport security , training of law enforcement officers supporting

[The comparative evaluation of level of security culture in medical organizations].

PubMed

Roitberg, G E; Kondratova, N V; Galanina, E V

2016-01-01

The study was carried out on the basis of clinic “Medicine” in 2014-2015 concerning security culture. The sampling included 465 filled HSPSC questionnaires. The comparative analysis of received was implemented. The “Zubovskaia district hospital” Having no accreditation according security standards and group of clinics from USA functioning for many years in the system of patient security support were selected as objects for comparison. The evaluation was implemented concerning dynamics of security culture in organization at implementation of strategies of security of patients during 5 years and comparison of obtained results with USA clinics was made. The study results demonstrated that in conditions of absence of implemented standards of security in medical organization total evaluation of security remains extremely low. The study of security culture using HSPSC questionnaire is an effective tool for evaluating implementation of various strategies of security ofpatient. The functioning in the system of international standards of quality, primarily JCI standards, permits during several years to achieve high indices of security culture.

Cyber-Security Issues in Healthcare Information Technology.

PubMed

Langer, Steve G

2017-02-01

In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

The Challenges of Seeking Security While Respecting Privacy

NASA Astrophysics Data System (ADS)

Kantor, Paul B.; Lesk, Michael E.

Security is a concern for persons, organizations, and nations. For the individual members of organizations and nations, personal privacy is also a concern. The technologies for monitoring electronic communication are at the same time tools to protect security and threats to personal privacy. Participants in this workshop address the interrelation of personal privacy and national or societal security, from social, technical and legal perspectives. The participants represented industry, the academy and the United States Government. The issues addressed have become, if anything, even more pressing today than they were when the conference was held.

Comparative Assessment of Physical and Social Determinants of Water Quantity and Water Quality Concerns

NASA Astrophysics Data System (ADS)

Gunda, T.; Hornberger, G. M.

2017-12-01

Concerns over water resources have evolved over time, from physical availability to economic access and recently, to a more comprehensive study of "water security," which is inherently interdisciplinary because a secure water system is influenced by and affects both physical and social components. The concept of water security carries connotations of both an adequate supply of water as well as water that meets certain quality standards. Although the term "water security" has many interpretations in the literature, the research field has not yet developed a synthetic analysis of water security as both a quantity (availability) and quality (contamination) issue. Using qualitative comparative and multi-regression analyses, we evaluate the primary physical and social factors influencing U.S. states' water security from a quantity perspective and from a quality perspective. Water system characteristics are collated from academic and government sources and include access/use, governance, and sociodemographic, and ecosystem metrics. Our analysis indicates differences in variables driving availability and contamination concerns; for example, climate is a more significant determinant in water quantity-based security analyses than in water quality-based security analyses. We will also discuss coevolution of system traits and the merits of constructing a robust water security index based on the relative importance of metrics from our analyses. These insights will improve understanding of the complex interactions between quantity and quality aspects and thus, overall security of water systems.

Bridging the Cyberspace Gap: Washington and Silicon Valley

DTIC Science & Technology

2017-12-21

distant concern, if not an outright impediment. Still, the two sides worked together to advocate for free speech and open access online, reduce...worked to control the destabilizing influence of the internet and the free flow of information through domestic laws and the deployment of filtering...renegotiating the North American Free Trade Agreement does include provisions to “secure commitments not to impose customs duties on digital products

Health Information System Role-Based Access Control Current Security Trends and Challenges.

PubMed

de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

2018-01-01

This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

Extended outlook: description, utilization, and daily applications of cloud technology in radiology.

PubMed

Gerard, Perry; Kapadia, Neil; Chang, Patricia T; Acharya, Jay; Seiler, Michael; Lefkovitz, Zvi

2013-12-01

The purpose of this article is to discuss the concept of cloud technology, its role in medical applications and radiology, the role of the radiologist in using and accessing these vast resources of information, and privacy concerns and HIPAA compliance strategies. Cloud computing is the delivery of shared resources, software, and information to computers and other devices as a metered service. This technology has a promising role in the sharing of patient medical information and appears to be particularly suited for application in radiology, given the field's inherent need for storage and access to large amounts of data. The radiology cloud has significant strengths, such as providing centralized storage and access, reducing unnecessary repeat radiologic studies, and potentially allowing radiologic second opinions more easily. There are significant cost advantages to cloud computing because of a decreased need for infrastructure and equipment by the institution. Private clouds may be used to ensure secure storage of data and compliance with HIPAA. In choosing a cloud service, there are important aspects, such as disaster recovery plans, uptime, and security audits, that must be considered. Given that the field of radiology has become almost exclusively digital in recent years, the future of secure storage and easy access to imaging studies lies within cloud computing technology.

Integrating information technologies as tools for surgical research.

PubMed

Schell, Scott R

2005-10-01

Surgical research is dependent upon information technologies. Selection of the computer, operating system, and software tool that best support the surgical investigator's needs requires careful planning before research commences. This manuscript presents a brief tutorial on how surgical investigators can best select these information technologies, with comparisons and recommendations between existing systems, software, and solutions. Privacy concerns, based upon HIPAA and other regulations, now require careful proactive attention to avoid legal penalties, civil litigation, and financial loss. Security issues are included as part of the discussions related to selection and application of information technology. This material was derived from a segment of the Association for Academic Surgery's Fundamentals of Surgical Research course.

An analysis of the management and leadership roles of nurses relative to the health insurance portability and accountability act.

PubMed

Kiel, Joan M

2015-01-01

Nurses have a great deal of interaction with patients. Given this, nurses play a vital role in conveying to patients knowledge of their privacy, security, and confidentiality of patient health information rights under the Health Insurance Portability and Accountability Act (HIPAA). Nurses also can be "at the head of the table" in their own organization and professional organizations in regard to facilitating the implementation of the HIPAA and making access to patient information more "consumer friendly." This article discusses the role that nurses can develop into concerning HIPAA implementation in an ever-burgeoning arena of consumer advocacy and consumer information.

An investigative analysis of information assurance issues associated with the GIG's P&P architecture

NASA Astrophysics Data System (ADS)

Farroha, B. S.; Cole, R. G.; Farroha, D. L.; DeSimone, A.

2007-04-01

The Global Information Grid (GIG) is a collection of systems, programs and initiatives aimed at building a secure network and set of information capabilities modeled after the Internet. The GIG is expected to facilitate DoD's transformation by allowing warfighters, policy makers and support personnel to engage in rapid decision making. The roadmap is designed to take advantage of converged services of voice, data, video, and imagery over common data links. The vision is to have commanders identify threats more effectively, make informed decisions, and respond with greater precision and lethality. The information advantage gained through the GIG and network-centric warfare (NCW) allows a warfighting force to achieve dramatically improved information positions, in the form of common operational pictures that provide the basis for shared situational awareness and knowledge, and a resulting increase in combat power. The GIG Precedence and Preemption (P&P) requirements stem from the need to utilize scarce resources at critical times in the most effective way in support of national security, the intelligence community and the war-fighter. Information Assurance (IA) enables all information and data to be available end-to-end to support any mission without delay in accordance to the sensitivity of the task. Together, P&P and IA ensure data availability integrity, authentication, confidentiality, and non-repudiation. This study addresses and analyzes the QoS and P & P requirements and architecture for the GIG. Threat scenarios are presented and used to evaluate the reference architectures. The goal of the study is to assess the Information Assurance concerns associated with implementing Precedence and Preemption within the GIG and to guarantee an acceptable minimum level of security and protection for DoD networks.

Security Package for the VAX

NASA Technical Reports Server (NTRS)

Marks, V. J.; Benigue, C. E.

1983-01-01

Four programs deal with intruders and resource managment. Package available from COSMIC provides DEC VAX-11/780 with certain "deterent" security features. Although packages is not comprehensive security system, of interest for any VAX installation where security is concern.

77 FR 26023 - President's National Security Telecommunications Advisory Committee; Correction

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0016] President's National Security Telecommunications Advisory Committee; Correction AGENCY: National Protection and Programs Directorate, DHS. [[Page... April 25, 2012, concerning the President's National Security Telecommunications Advisory Committee...

Applications of multispectral imagery to water resources development planning in the lower Mekong Basin (Khmer Republic, Laos, Thailand and Viet-Nam)

NASA Technical Reports Server (NTRS)

Vankiere, W. J.

1973-01-01

The use of ERTS imagery for water resources planning in the lower Mekong Basin relates to three major issues: (1) it complements data from areas, which have been inaccessible in the past because of security; this concerns mainly forest cover of the watersheds, and geological features, (2) it refines ground surveys; this concerns mainly land forms, and soils of existing and planned irrigation perimeters, and (3) it provides new information, which would be almost or entirely impossible to detect with ground surveys or conventional photography; this concerns the mechanism of flooding and drainage of the delta; siltation of the Great Lake and mapping of acidity, possibly also of salinity, in the lower delta; sedimentation and fisheries in the Mekong Delta estuarine areas.

Optimal security investments and extreme risk.

PubMed

Mohtadi, Hamid; Agiwal, Swati

2012-08-01

In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

Materialism and food security.

PubMed

Allen, M W; Wilson, M

2005-12-01

The present studies examined if materialists have an elevated concern about food availability, presumably stemming from a general survival security motivation. Study 1 found that materialists set a greater life goal of food security, and reported more food insecurity during their childhood. Materialists reported less present-day food insecurity. Study 2 revealed that materialists stored/hoarded more food at home, and that obese persons endorsed materialism more than low/normal weight persons. Study 3 found that experimentally decreasing participants' feelings of survival security (via a mortality salience manipulation) led to greater endorsement of materialism, food security as goal, and using food for emotional comfort. The results imply that materialists overcame the food insecurity of their childhood by making food security a top life goal, but that materialists' current concerns about food security may not wholly stem from genuine threats to their food supply.

On the Privacy Protection of Biometric Traits: Palmprint, Face, and Signature

NASA Astrophysics Data System (ADS)

Panigrahy, Saroj Kumar; Jena, Debasish; Korra, Sathya Babu; Jena, Sanjay Kumar

Biometrics are expected to add a new level of security to applications, as a person attempting access must prove who he or she really is by presenting a biometric to the system. The recent developments in the biometrics area have lead to smaller, faster and cheaper systems, which in turn has increased the number of possible application areas for biometric identity verification. The biometric data, being derived from human bodies (and especially when used to identify or verify those bodies) is considered personally identifiable information (PII). The collection, use and disclosure of biometric data — image or template, invokes rights on the part of an individual and obligations on the part of an organization. As biometric uses and databases grow, so do concerns that the personal data collected will not be used in reasonable and accountable ways. Privacy concerns arise when biometric data are used for secondary purposes, invoking function creep, data matching, aggregation, surveillance and profiling. Biometric data transmitted across networks and stored in various databases by others can also be stolen, copied, or otherwise misused in ways that can materially affect the individual involved. As Biometric systems are vulnerable to replay, database and brute-force attacks, such potential attacks must be analysed before they are massively deployed in security systems. Along with security, also the privacy of the users is an important factor as the constructions of lines in palmprints contain personal characteristics, from face images a person can be recognised, and fake signatures can be practised by carefully watching the signature images available in the database. We propose a cryptographic approach to encrypt the images of palmprints, faces, and signatures by an advanced Hill cipher technique for hiding the information in the images. It also provides security to these images from being attacked by above mentioned attacks. So, during the feature extraction, the encrypted images are first decrypted, then the features are extracted, and used for identification or verification.

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study.

PubMed

Papoutsi, Chrysanthi; Reed, Julie E; Marston, Cicely; Lewis, Ruth; Majeed, Azeem; Bell, Derek

2015-10-14

Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Patient and public worries about the security risks associated with integrated EHRs highlight the need for intensive public awareness and engagement initiatives, together with the establishment of trustworthy security and privacy mechanisms for health information sharing.