78 FR 60998 - Proposed Collection: Information Collection Surrounding the Sale and Issue of Marketable Book...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-02

... Collection Surrounding the Sale and Issue of Marketable Book-Entry Securities ACTION: Notice and request for... Department of the Treasury is soliciting comments concerning the Sale and Issue of Marketable Book-Entry... Marketable Book-Entry Securities. OMB Number: 1535-0112. Abstract: The information is requested to ensure...

Perceptions of Accounting Practitioners and Educators on E-Business Curriculum and Web Security Issues

ERIC Educational Resources Information Center

Ragothaman, Srinivasan; Lavin, Angeline; Davies, Thomas

2007-01-01

This research examines, through survey administration, the perceptions of accounting practitioners and educators with respect to the multi-faceted security issues of e-commerce payment systems as well as e-business curriculum issues. Specific security issues explored include misuse/theft of personal and credit card information, spam e-mails,…

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

The Evolution of the Automated Continuous Evaluation System (ACES) for Personnel Security

DTIC Science & Technology

2013-11-12

information. It applies business rules to the data, produces a report that flags issues of potential security concern, and electronically transmits...Form 86 (SF- 86) to check these data sources, verify what has been submitted, and collect more information. It applies business rules to the data...subject information. It applies business rules to analyze the data returned, produces a report that flags issues of potential security concern, and

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

5 CFR 1312.31 - Security violations.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified Information § 1312.31 Security violations. (a) A security violation notice is issued by the United...

The Impact of Information Richness on Information Security Awareness Training Effectiveness

ERIC Educational Resources Information Center

Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

2009-01-01

In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

Security Classification Reform: The Waiting Agenda.

ERIC Educational Resources Information Center

Relyea, Harold C.

1993-01-01

Provides an overview of security classification reform for consideration by the Clinton administration and the 103rd Congress. Historical background and current issues related to the security classification of information, personnel security clearances, and industrial safeguarding of classified information are discussed. A checklist of basic…

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

75 FR 77921 - Office of Administrative Services; Mandatory Declassification Review Address

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-14

... relating to national security information in accordance with Executive Order 13526 and directives issued there-under by the Information Security Oversight Office (ISOO). OPIC does not have the authority to classify national security information. Documents that are originally classified outside of OPIC must be...

The Campus Executive's Role in Security and Liability Issues.

ERIC Educational Resources Information Center

Bromley, Max; Territo, Leonard

1986-01-01

Executives at institutions of higher education have become increasingly concerned about serious crimes being committed on their campuses. The liability issue, criminal activity information, physical security and design issues, student patrol escorts, crime prevention training, and task force development are discussed. (MLW)

75 FR 881 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-06

... development issues, international spectrum requirements and harmonization, cyber-security, and data protection... will discuss key issues of importance to U.S. communications policy interests including future... Bureau of Diplomatic Security to enhance the Department's security by tracking visitor traffic and to...

Medical image security in a HIPAA mandated PACS environment.

PubMed

Cao, F; Huang, H K; Zhou, X Q

2003-01-01

Medical image security is an important issue when digital images and their pertinent patient information are transmitted across public networks. Mandates for ensuring health data security have been issued by the federal government such as Health Insurance Portability and Accountability Act (HIPAA), where healthcare institutions are obliged to take appropriate measures to ensure that patient information is only provided to people who have a professional need. Guidelines, such as digital imaging and communication in medicine (DICOM) standards that deal with security issues, continue to be published by organizing bodies in healthcare. However, there are many differences in implementation especially for an integrated system like picture archiving and communication system (PACS), and the infrastructure to deploy these security standards is often lacking. Over the past 6 years, members in the Image Processing and Informatics Laboratory, Childrens Hospital, Los Angeles/University of Southern California, have actively researched image security issues related to PACS and teleradiology. The paper summarizes our previous work and presents an approach to further research on the digital envelope (DE) concept that provides image integrity and security assurance in addition to conventional network security protection. The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The paper outlines the systematic development, evaluation and deployment of the DE method in a PACS environment. We have also proposed a dedicated PACS security server that will act as an image authority to check and certify the image origin and integrity upon request by a user, and meanwhile act also as a secure DICOM gateway to the outside connections and a PACS operation monitor for HIPAA supporting information. Copyright 2002 Elsevier Science Ltd.

77 FR 59427 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-27

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of a Proposed Rule Change To Amend Rule G-34 on CUSIP Numbers, New Issue, and Market Information Requirements September 21... consisting of amendments to Rule G-34 on CUSIP numbers, new issue, and market information requirements. The...

Information Security in Higher Education. Professional Paper Series, #5.

ERIC Educational Resources Information Center

Elliott, Raymond; And Others

Intended to generate discussion and motivate proactive intervention in matters of information security, this paper defines and discusses some of the key issues relating to information security on college and university campuses based on in-depth interviews conducted at eight selected higher education institutions of varying size and composition in…

Security Management in a Multimedia System

ERIC Educational Resources Information Center

Rednic, Emanuil; Toma, Andrei

2009-01-01

In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

10 CFR 2.900 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-01-01

... effectively safeguard and prevent disclosure of Restricted Data and National Security Information to... Involving Restricted Data and/or National Security Information § 2.900 Purpose. This subpart is issued...

Shared Information Framework and Technology (SHIFT) Handbook

DTIC Science & Technology

2009-02-01

field. Such a patchwork of separate systems neither improves information sharing nor guarantees the safety and security of communities and personnel in...analysis. In many organizations, security may not necessarily be the expertise of people working in the field, or security and safety issues may be...the safety and security of all crisis management personnel in crisis areas. Functioning information sharing between organisations improves situational

75 FR 77588 - Foreign Futures and Options Contracts on a Non-Narrow-Based Security Index; Commission...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-13

...; information and data relating to the index, including the design, computation and maintenance thereof. In... extension is necessary to address complex or novel issues. The information that a foreign board of trade... 45 days if the foreign security index futures contract raises novel or complex issues that require...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

A Framework for the Governance of Information Security

ERIC Educational Resources Information Center

Edwards, Charles K.

2013-01-01

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

Information Systems Security Job Advertisement Analysis: Skills Review and Implications for Information Systems Curriculum

ERIC Educational Resources Information Center

Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.

2018-01-01

The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

The security concern on internet banking adoption among Malaysian banking customers.

PubMed

Sudha, Raju; Thiagarajan, A S; Seetharaman, A

2007-01-01

The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.

An Examination of Issues Surrounding Information Security in California Colleges

ERIC Educational Resources Information Center

Butler, Robert D.

2013-01-01

Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

Aerial secure display by use of polarization-processing display with retarder film and retro-reflector

NASA Astrophysics Data System (ADS)

Ito, Shusei; Uchida, Keitaro; Mizushina, Haruki; Suyama, Shiro; Yamamoto, Hirotsugu

2017-02-01

Security is one of the big issues in automated teller machine (ATM). In ATM, two types of security have to be maintained. One is to secure displayed information. The other is to secure screen contamination. This paper gives a solution for these two security issues. In order to secure information against peeping at the screen, we utilize visual cryptography for displayed information and limit the viewing zone. Furthermore, an aerial information screen with aerial imaging by retro-reflection, named AIRR enables users to avoid direct touch on the information screen. The purpose of this paper is to propose an aerial secure display technique that ensures security of displayed information as well as security against contamination problem on screen touch. We have developed a polarization-processing display that is composed of a backlight, a polarizer, a background LCD panel, a gap, a half-wave retarder, and a foreground LCD panel. Polarization angle is rotated with the LCD panels. We have constructed a polarization encryption code set. Size of displayed images are designed to limit the viewing position. Furthermore, this polarization-processing display has been introduced into our aerial imaging optics, which employs a reflective polarizer and a retro-reflector covered with a quarter-wave retarder. Polarization-modulated light forms the real image over the reflective polarizer. We have successfully formed aerial information screen that shows the secret image with a limited viewing position. This is the first realization of aerial secure display by use of polarization-processing display with retarder-film and retro-reflector.

New Frameworks for Detecting and Minimizing Information Leakage in Anonymized Network Data

DTIC Science & Technology

2011-10-01

researcher the exact extent to which a particular utility is affected by the anonymization. For instance, Karr et al.’s use of the Kullback - Leibler ...technical, legal, policy, and privacy issues limit the ability of operators to produce data sets for information security testing . In an effort to...technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing . In an effort to help

A Citizen's Guide to U.S. Foreign Policy: Election '88. Nonpartisan Briefs on 18 Key Issues.

ERIC Educational Resources Information Center

Hoepli, Nancy, Ed.; And Others

In order to make informed voting decisions citizens need background information on complex foreign policy issues facing the United States. This guide presents current issues and provides information to help citizens cast a thoughtful vote. The guide is divided into six main headings: Leadership; Security; Economic and Social Issues; Critical…

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

PubMed

Somasundaram, M; Sivakumar, R

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

A Hypertext-Based Computer Architecture for Management of the Joint Command, Control and Communications Curriculum

DTIC Science & Technology

1992-06-01

Boards) Security, Privacy, and Freedom of Speech Issues 4.1.2 Understand the relationships between information processing and collection and...to-many (Mailing and discussion Lists) ... Many-to-Many (Bulletin Boards) Security, Privacy, and Freedom of Speech Issues 69 4.1.3 Understand the...Communication one-to-one (e-mail) °o° one-to-many (Mailing and discussion Lists) ... Many-to-Many (Bulletin Boards) oo Security, Privacy, and Freedom of Speech Issues

10 CFR 824.7 - Final notice of violation.

Code of Federal Regulations, 2011 CFR

2011-01-01

... whether the person violated or is continuing to violate a classified information security requirement. (b... classified information security requirement, the Director may issue to the person a final notice of violation... DEPARTMENT OF ENERGY PROCEDURAL RULES FOR THE ASSESSMENT OF CIVIL PENALTIES FOR CLASSIFIED INFORMATION...

10 CFR 824.7 - Final notice of violation.

Code of Federal Regulations, 2010 CFR

2010-01-01

... whether the person violated or is continuing to violate a classified information security requirement. (b... classified information security requirement, the Director may issue to the person a final notice of violation... DEPARTMENT OF ENERGY PROCEDURAL RULES FOR THE ASSESSMENT OF CIVIL PENALTIES FOR CLASSIFIED INFORMATION...

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

45 CFR 601.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.1 Purpose. Pursuant to Executive Order 12958 and Information Security Oversight Office Directive No. 1, the National Science Foundation [Foundation] issues the...

45 CFR 601.1 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.1 Purpose. Pursuant to Executive Order 12958 and Information Security Oversight Office Directive No. 1, the National Science Foundation [Foundation] issues the...

45 CFR 601.1 - Purpose.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.1 Purpose. Pursuant to Executive Order 12958 and Information Security Oversight Office Directive No. 1, the National Science Foundation [Foundation] issues the...

45 CFR 601.1 - Purpose.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.1 Purpose. Pursuant to Executive Order 12958 and Information Security Oversight Office Directive No. 1, the National Science Foundation [Foundation] issues the...

45 CFR 601.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION CLASSIFICATION AND DECLASSIFICATION OF NATIONAL SECURITY INFORMATION § 601.1 Purpose. Pursuant to Executive Order 12958 and Information Security Oversight Office Directive No. 1, the National Science Foundation [Foundation] issues the...

An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: "The Day After. . . in Cyberspace II",

DTIC Science & Technology

1996-01-01

Automated Teller Machine networks malfunction in Georgia 2000 May 20 CNN off air for 12 minutes; issues special report 2000 May 20 worm...password combinations, social security and credit card numbers, account information, health status, and innumerable other sensitive information...as follows: TW/AA Issues Recommended Technical Response Possible Implementation Obstacles 1. (re Tactical Warning) • Place automated software

Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

PubMed

Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

2008-11-06

As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects.

75 FR 64643 - Reporting of Security-Based Swap Transaction Data

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-20

... information relating to pre-enactment security-based swaps to a registered security-based swap data repository... within 60 days after a registered security- based swap data repository commences operations to receive... repository,\\8\\ and security- based swap execution facility.\\9\\ The Commission has issued an advance notice of...

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

Critical theory as an approach to the ethics of information security.

PubMed

Stahl, Bernd Carsten; Doherty, Neil F; Shaw, Mark; Janicke, Helge

2014-09-01

Information security can be of high moral value. It can equally be used for immoral purposes and have undesirable consequences. In this paper we suggest that critical theory can facilitate a better understanding of possible ethical issues and can provide support when finding ways of addressing them. The paper argues that critical theory has intrinsic links to ethics and that it is possible to identify concepts frequently used in critical theory to pinpoint ethical concerns. Using the example of UK electronic medical records the paper demonstrates that a critical lens can highlight issues that traditional ethical theories tend to overlook. These are often linked to collective issues such as social and organisational structures, which philosophical ethics with its typical focus on the individual does not tend to emphasise. The paper suggests that this insight can help in developing ways of researching and innovating responsibly in the area of information security.

ERCMExpress. Volume 2, Issue 4

ERIC Educational Resources Information Center

US Department of Education, 2006

2006-01-01

This issue of ERCMExpress alerts readers of the All-Hazard NOAA weather radio (NWR) network upgrade. In 2004, The National Oceanic and Atmospheric Administration NOAA and the U.S. Department of Homeland Security (DHS) collaborated to enable DHS to disseminate homeland security-related information over the NWR network. DHS's goal was to produce an…

Third-year medical students' knowledge of privacy and security issues concerning mobile devices.

PubMed

Whipple, Elizabeth C; Allgood, Kacy L; Larue, Elizabeth M

2012-01-01

The use of mobile devices are ubiquitous in medical-care professional settings, but information on privacy and security concerns of mobile devices for medical students is scarce. To gain baseline information about third-year medical students' mobile device use and knowledge of privacy and security issues concerning mobile devices. We surveyed 67 third-year medical students at a Midwestern university on their use of mobile devices and knowledge of how to protect information available through mobile devices. Students were also presented with clinical scenarios to rate their level of concern in regards to privacy and security of information. The most used features of mobile devices were: voice-to-voice (100%), text messaging (SMS) (94%), Internet (76.9%), and email (69.3%). For locking of one's personal mobile phone, 54.1% never physically lock their phone, and 58% never electronically lock their personal PDA. Scenarios considering definitely privacy concerns include emailing patient information intact (66.7%), and posting de-identified information on YouTube (45.2%) or Facebook (42.2%). As the ease of sharing data increases with the use of mobile devices, students need more education and training on possible privacy and security risks posed with mobile devices.

Security analysis of RSA cryptosystem algorithm and it’s properties

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Chenglian; Guo, Yongning, E-mail: guoyn@163.com, E-mail: linjuanliucaihong@qq.com; Lin, Juan, E-mail: guoyn@163.com, E-mail: linjuanliucaihong@qq.com

2014-10-06

The information technology rapidly development and dramatically changed the life style people, in addition to shortening the distance of communication, but also promote the smooth exchange of information flows. However, derivatives to facilitate the relative safety of these issues, since into the digital information age, the majority of the practitioners of engineering and technical personnel and technical workers in terms of technology, information security is increasingly becoming an important issue. The RSA algorithm was published in 1978. It is a kind of very popular and widely application modem cryptosystem in the world. Even though there are lots of articles tomore » discuss about how to break the RSA, but it is still secure today. In this paper, the authors would like to introduce a variant attack to RSA.« less

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

PubMed Central

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

49 CFR 1520.15 - SSI disclosed by TSA or the Coast Guard.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.15 SSI disclosed by TSA or the Coast Guard. (a) In... allegations contained in a legal enforcement action document issued by TSA or the Coast Guard. (2) Security...

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Privacy, security and access with sensitive health information.

PubMed

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

When trust defies common security sense.

PubMed

Williams, Patricia A H

2008-09-01

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

77 FR 76146 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Approving a Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-26

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Approving a Proposed Rule Change Consisting of Amendments To Streamline New Issue Information Submission Requirements Under MSRB Rules G-32..., and market information requirements); and the Electronic Municipal Market Access (``EMMA[supreg...

Online Patron Records and Privacy: Service vs. Security.

ERIC Educational Resources Information Center

Fouty, Kathleen G.

1993-01-01

Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

17 CFR 200.2 - Statutory functions.

Code of Federal Regulations, 2011 CFR

2011-04-01

... AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management § 200.2 Statutory... such securities, it is unlawful to sell the securities in interstate commerce or through the mails... registered holding company must obtain Commission approval before it can issue and sell securities, acquire...

76 FR 36137 - National Infrastructure Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-21

... Homeland Security with advice on the security of the critical infrastructure sectors and their information systems. The NIAC will meet to address issues relevant to the protection of critical infrastructure as... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0034] National Infrastructure Advisory...

49 CFR 1572.13 - State responsibilities for issuance of hazardous materials endorsement.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Information System (CDLIS) operator of the results of the security threat assessment. (3) Revoke or deny the... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.13... security threat assessment in 49 CFR 1572.5 and issues an Initial Determination of Threat Assessment and...

A security mediator for health care information.

PubMed Central

Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

1996-01-01

The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

17 CFR 229.1107 - (Item 1107) Issuing entities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false (Item 1107) Issuing entities....1107 (Item 1107) Issuing entities. Provide the following information about the issuing entity: (a) State the issuing entity's name and describe the issuing entity's form of organization, including the...

17 CFR 229.1107 - (Item 1107) Issuing entities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false (Item 1107) Issuing entities....1107 (Item 1107) Issuing entities. Provide the following information about the issuing entity: (a) State the issuing entity's name and describe the issuing entity's form of organization, including the...

Hardware Based Function Level Mandatory Access Control for Memory Structures

DTIC Science & Technology

2008-04-01

tagging 16. SECURITY CLASSIFICATION OF: 19a. NAME OF RESPONSIBLE PERSON Lok Kwong Yan a. REPORT U b . ABSTRACT U c. THIS PAGE U 17. LIMITATION...www.phrack.org/issues.html?issue=58&id=4#article [13] Suh, G. E., Lee, J. W., Zhang, D., and Devadas , S. “Secure program execution via dynamic information

76 FR 72227 - Order Extending Temporary Conditional Exemption for Nationally Recognized Statistical Rating...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-22

... interest: issuing or maintaining a credit rating for a security or money market instrument issued by an... the issuer, sponsor, or underwriter of the security or money market instrument. 17 CFR 240.17g-5(b)(9... represents the information provided to the hired NRSRO can be accessed by other NRSROs; Provide free and...

76 FR 18062 - U.S. Securities; Sale and Issue of Marketable Book-Entry Treasury Bills, Notes, and Bonds; Book...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-01

...; Sale and Issue of Marketable Book-Entry Treasury Bills, Notes, and Bonds; Book-Entry Treasury Bonds... longer be opened and transfers of securities from other book-entry systems will no longer be [email protected] . SUPPLEMENTARY INFORMATION: Legacy Treasury Direct [supreg] is a book- entry, non...

A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

PubMed

Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

2017-11-01

A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.

75 FR 73137 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-29

... requirements of the Securities Act for limited offerings and sales of securities issued under compensatory... information on respondents, including through the use of automated collection techniques or other forms of...

Stages and Behaviors

MedlinePlus

... for Care Costs Paying for Care Insurance Social Security Disability Medicare Medicare Part D Benefits Medicaid Tax ... person with Alzheimer's is probably looking for comfort, security and familiarity when repeating information. Sleep Issues and ...

15 CFR 758.5 - Conformity of documents and unloading of items.

Code of Federal Regulations, 2010 CFR

2010-01-01

... disposition from BIS. (ii) Contact information. U.S. Department of Commerce, Bureau of Industry and Security... Trade (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION... documents. When a license is issued by BIS, the information entered on related export control documents (e.g...

Green Secure Processors: Towards Power-Efficient Secure Processor Design

NASA Astrophysics Data System (ADS)

Chhabra, Siddhartha; Solihin, Yan

With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

A model-driven approach to information security compliance

NASA Astrophysics Data System (ADS)

Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

2017-06-01

The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

Simple group password-based authenticated key agreements for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

Turning Access into a web-enabled secure information system for clinical trials.

PubMed

Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

2009-08-01

Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

15 CFR 930.122 - Necessary in the interest of national security.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Trade (Continued) NATIONAL OCEANIC AND ATMOSPHERIC ADMINISTRATION, DEPARTMENT OF COMMERCE OCEAN AND... Secretary for Review Related to the Objectives of the Act and National Security Interests § 930.122... proposed. Secretarial review of national security issues shall be aided by information submitted by the...

78 FR 20673 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-05

... additional information, and issuing decision notices and/or proofs of benefit. This notice updates this... evidence or additional information, and issuing decision notices and/or proofs of benefit. This system of... Temporary Accounts and Draft Benefit Requests), which stores draft account and case information from...

75 FR 73137 - Order Extending Temporary Conditional Exemption for Nationally Recognized Statistical Rating...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-29

...: issuing or maintaining a credit rating for a security or money market instrument issued by an asset pool... issuer, sponsor, or underwriter of the security or money market instrument. 17 CFR 240.17g-5(b)(9). \\11... information provided to the hired NRSRO can be accessed by other NRSROs; Provide free and unlimited access to...

49 CFR 1552.5 - Fees.

Code of Federal Regulations, 2014 CFR

2014-10-01

... HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight Training for Aliens and Other Designated... information required under § 1552.3 to TSA. (2) TSA will not issue any fee refunds, unless a fee was paid in...

49 CFR 1552.5 - Fees.

Code of Federal Regulations, 2011 CFR

2011-10-01

... HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight Training for Aliens and Other Designated... information required under § 1552.3 to TSA. (2) TSA will not issue any fee refunds, unless a fee was paid in...

75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...

17 CFR 200.80f - Appendix F-Records control schedule.

Code of Federal Regulations, 2010 CFR

2010-04-01

... ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Information and Requests § 200.80f Appendix F... in purchasing new issues of securities from underwriters 6 years. 821- Reports by registered small... state or federal laws in the purchase and sale of securities Until date of last reported action plus 10...

Transportation security : post-September 11th initiatives and long-term challenges : statement of Gerald L. Dillingham, Director, Physical Infrastructure Issues

DOT National Transportation Integrated Search

2003-04-01

This testimony responds to the request of the National Commission on Terrorist Attacks Upon the United States for information on GAO's work in transportation security. It addresses (1) transportation security before September 2001; (2) what the feder...

Security Controls Hurt Research, NAS Warns.

ERIC Educational Resources Information Center

Kolata, Gina

1982-01-01

A National Academy of Sciences (NAS) report found no evidence that leaks of technical information from universities or other research centers have damaged national security. However, in areas where control is warranted, decisions should be based on criteria. These criteria and issues related to security control and technological transfer are…

Using SysML to model complex systems for security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cano, Lester Arturo

2010-08-01

As security systems integrate more Information Technology the design of these systems has tended to become more complex. Some of the most difficult issues in designing Complex Security Systems (CSS) are: Capturing Requirements: Defining Hardware Interfaces: Defining Software Interfaces: Integrating Technologies: Radio Systems: Voice Over IP Systems: Situational Awareness Systems.

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Executive Guide: Information Security Management. Learning From Leading Organizations

DTIC Science & Technology

1998-05-01

data. In September 1996, we reported that audit reports and agency self - assessments issued during the previous 2 years showed that weak information...company has developed an efficient and disciplined process for ensuring that information security-related risks to business operations are considered and...protection group at the utility was required to approve all new applications to indicate that risks had been adequately considered. Providing self

Medical systems and malware.

PubMed

Kusche, Kristopher P

2004-01-01

No longer just an information technology issue, network security requires a multifaceted, multidisciplinary approach to ensuring critical equipment functionality, data security, and patient safety. This article provides insight into the threat of malware and ways to deal with it.

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

The Operational Manager - Enemy or Hero of Secure Business Practice?

NASA Astrophysics Data System (ADS)

Goucher, Wendy

This paper will investigate the role of the non-IT manager in information security. He can, for example, be the reason why sensitive work is carried out on the move and security focused spending is given a low priority in the budget. Alternatively, he can also be the driving force behind empowering the team to have a dynamic attitude to protecting data both at work and at home. Now is the time for managers to stop pushing information security issues away from their desk and into the in-tray of the IT department.

Security and privacy issues of personal health.

PubMed

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

The secure authorization model for healthcare information system.

PubMed

Hsu, Wen-Shin; Pan, Jiann-I

2013-10-01

Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

Legal issues of the electronic dental record: security and confidentiality.

PubMed

Szekely, D G; Milam, S; Khademi, J A

1996-01-01

Computer-based, electronic dental record keeping involves complex issues of patient privacy and the dental practitioner's ethical duty of confidentiality. Federal and state law is responding to the new legal issues presented by computer technology. Authenticating the electronic record in terms of ensuring its reliability and accuracy is essential in order to protect its admissibility as evidence in legal actions. Security systems must be carefully planned to limit access and provide for back-up and storage of dental records. Carefully planned security systems protect the patient from disclosure without the patient's consent and also protect the practitioner from the liability that would arise from such disclosure. Human errors account for the majority of data security problems. Personnel security is assured through pre-employment screening, employment contracts, policies, and staff education. Contracts for health information systems should include provisions for indemnification and ensure the confidentiality of the system by the vendor.

About machine-readable travel documents

NASA Astrophysics Data System (ADS)

Vaudenay, S.; Vuagnoux, M.

2007-07-01

Passports are documents that help immigration officers to identify people. In order to strongly authenticate their data and to automatically identify people, they are now equipped with RFID chips. These contain private information, biometrics, and a digital signature by issuing authorities. Although they substantially increase security at the border controls, they also come with new security and privacy issues. In this paper, we survey existing protocols and their weaknesses.

Top-Ten IT Issues: 2009

ERIC Educational Resources Information Center

Agee, Anne Scrivener; Yang, Catherine

2009-01-01

This article presents the top-ten IT-related issues in terms of strategic importance to the institution, as revealed by the tenth annual EDUCAUSE Current Issues Survey. These IT-related issues include: (1) Funding IT; (2) Administrative/ERP Information Systems; (3) Security; (4) Infrastructure/Cyberinfrastructure; (5) Teaching and Learning with…

Security, privacy, and confidentiality issues on the Internet

PubMed Central

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

Security, privacy, and confidentiality issues on the Internet.

PubMed

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

U.S. Army War College Guide to National Security Issues. Volume 2. National Security Policy and Strategy

DTIC Science & Technology

2012-06-01

1998 National War College paper entitled “U.S. National Se- curity Structure: A New Model for the 21st Century” defines the national security community ...fueled by revolu- tions in communications and information management, the emergence of a truly global market and world economy, the primacy of economic...collection of information is estimated to average 1 hour per response, including the time for reviewing instructions , searching existing data sources

Do You Ignore Information Security in Your Journal Website?

PubMed

Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

2017-08-01

Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Gridmore » Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.« less

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

76 FR 28843 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-18

... channel for regular consultation and coordination on major economic, social and legal issues and problems in international communications and information policy, especially as these issues and problems... the building. Personal data is requested pursuant to Pub. L. 99-399 (Omnibus Diplomatic Security and...

An analysis of Indonesia’s information security index: a case study in a public university

NASA Astrophysics Data System (ADS)

Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.

2018-01-01

Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.

Information Security Management - Part Of The Integrated Management System

NASA Astrophysics Data System (ADS)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

ERIC Educational Resources Information Center

Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

2003-01-01

Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

A security framework for nationwide health information exchange based on telehealth strategy.

PubMed

Zaidan, B B; Haiqi, Ahmed; Zaidan, A A; Abdulnabi, Mohamed; Kiah, M L Mat; Muzamel, Hussaen

2015-05-01

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

77 FR 70483 - Request for Comments (RFC)-Federal Cybersecurity Research and Development Strategic Plan

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-26

... received by December 19, 2012. SUMMARY: This Request For Comments (RFC) is issued by the Cyber Security and... plan was developed under the leadership of the Cyber Security and Information Assurance Research and...

75 FR 16910 - Information Reporting Program Advisory Committee (IRPAC); Nominations

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-02

... leadership to provide recommendations on a wide range of information reporting administration issues..., insurance companies, state tax administration, colleges and universities, securities, payroll, foreign...

Implantable electronics: emerging design issues and an ultra light-weight security solution.

PubMed

Narasimhan, Seetharam; Wang, Xinmu; Bhunia, Swarup

2010-01-01

Implantable systems that monitor biological signals require increasingly complex digital signal processing (DSP) electronics for real-time in-situ analysis and compression of the recorded signals. While it is well-known that such signal processing hardware needs to be implemented under tight area and power constraints, new design requirements emerge with their increasing complexity. Use of nanoscale technology shows tremendous benefits in implementing these advanced circuits due to dramatic improvement in integration density and power dissipation per operation. However, it also brings in new challenges such as reliability and large idle power (due to higher leakage current). Besides, programmability of the device as well as security of the recorded information are rapidly becoming major design considerations of such systems. In this paper, we analyze the emerging issues associated with the design of the DSP unit in an implantable system. Next, we propose a novel ultra light-weight solution to address the information security issue. Unlike the conventional information security approaches like data encryption, which come at large area and power overhead and hence are not amenable for resource-constrained implantable systems, we propose a multilevel key-based scrambling algorithm, which exploits the nature of the biological signal to effectively obfuscate it. Analysis of the proposed algorithm in the context of neural signal processing and its hardware implementation shows that we can achieve high level of security with ∼ 13X lower power and ∼ 5X lower area overhead than conventional cryptographic solutions.

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Information Assurance in Wireless Networks

NASA Astrophysics Data System (ADS)

Kabara, Joseph; Krishnamurthy, Prashant; Tipper, David

2001-09-01

Emerging wireless networks will contain a hybrid infrastructure based on fixed, mobile and ad hoc topologies and technologies. In such a dynamic architecture, we define information assurance as the provisions for both information security and information availability. The implications of this definition are that the wireless network architecture must (a) provide sufficient security measures, (b) be survivable under node or link attack or failure and (c) be designed such that sufficient capacity remains for all critical services (and preferably most other services) in the event of attack or component failure. We have begun a research project to investigate the provision of information assurance for wireless networks viz. survivability, security and availability and here discuss the issues and challenges therein.

A computer science approach to managing security in health care.

PubMed

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

The Social Side of Information Networking.

ERIC Educational Resources Information Center

Katz, James E.

1997-01-01

Explores the social issues, including manners, security, crime (fraud), and social control associated with information networking, with emphasis on the Internet. Also addresses the influence of cellular phones, the Internet and other information technologies on society. (GR)

Computer simulation of functioning of elements of security systems

NASA Astrophysics Data System (ADS)

Godovykh, A. V.; Stepanov, B. P.; Sheveleva, A. A.

2017-01-01

The article is devoted to issues of development of the informational complex for simulation of functioning of the security system elements. The complex is described from the point of view of main objectives, a design concept and an interrelation of main elements. The proposed conception of the computer simulation provides an opportunity to simulate processes of security system work for training security staff during normal and emergency operation.

Cloud Computing - A Unified Approach for Surveillance Issues

NASA Astrophysics Data System (ADS)

Rachana, C. R.; Banu, Reshma, Dr.; Ahammed, G. F. Ali, Dr.; Parameshachari, B. D., Dr.

2017-08-01

Cloud computing describes highly scalable resources provided as an external service via the Internet on a basis of pay-per-use. From the economic point of view, the main attractiveness of cloud computing is that users only use what they need, and only pay for what they actually use. Resources are available for access from the cloud at any time, and from any location through networks. Cloud computing is gradually replacing the traditional Information Technology Infrastructure. Securing data is one of the leading concerns and biggest issue for cloud computing. Privacy of information is always a crucial pointespecially when an individual’s personalinformation or sensitive information is beingstored in the organization. It is indeed true that today; cloud authorization systems are notrobust enough. This paper presents a unified approach for analyzing the various security issues and techniques to overcome the challenges in the cloud environment.

A concurrent resolution expressing the sense of Congress that a postage stamp should be issued to commemorate the War of 1812 and that the Citizens' Stamp Advisory Committee should recommend to the Postmaster General that such a stamp be issued.

THOMAS, 111th Congress

Sen. Levin, Carl [D-MI

2009-10-05

Senate - 10/19/2009 Committee on Homeland Security and Governmental Affairs referred to Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Lock It Up! Computer Security.

ERIC Educational Resources Information Center

Wodarz, Nan

1997-01-01

The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

Coordinating UAV information for executing national security-oriented collaboration

NASA Astrophysics Data System (ADS)

Isenor, Anthony W.; Allard, Yannick; Lapinski, Anna-Liesa S.; Demers, Hugues; Radulescu, Dan

2014-10-01

Unmanned Aerial Vehicles (UAVs) are being used by numerous nations for defence-related missions. In some cases, the UAV is considered a cost-effective means to acquire data such as imagery over a location or object. Considering Canada's geographic expanse, UAVs are also being suggested as a potential platform for use in surveillance of remote areas, such as northern Canada. However, such activities are typically associated with security as opposed to defence. The use of a defence platform for security activities introduces the issue of information exchange between the defence and security communities and their software applications. This paper explores the flow of information from the system used by the UAVs employed by the Royal Canadian Navy. Multiple computers are setup, each with the information system used by the UAVs, including appropriate communication between the systems. Simulated data that may be expected from a typical maritime UAV mission is then fed into the information system. The information structures common to the Canadian security community are then used to store and transfer the simulated data. The resulting data flow from the defence-oriented UAV system to the security-oriented information structure is then displayed using an open source geospatial application. Use of the information structures and applications relevant to the security community avoids the distribution restrictions often associated with defence-specific applications.

77 FR 19300 - National Infrastructure Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-30

... Homeland Security with advice on the security of the critical infrastructure sectors and their information systems. The NIAC will meet to address issues relevant to the protection of critical infrastructure as... Group regarding the scope of the next phase of the Working Group's critical infrastructure resilience...

Trust Management and Accountability for Internet Security

ERIC Educational Resources Information Center

Liu, Wayne W.

2011-01-01

Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in…

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

76 FR 17734 - 30-Day Notice of Proposed Information Collection: Form DS-1998E, Foreign Service Officer Test...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-30

..., age, Social Security Number, contact information, sex, race, national origin, disability, education and work history, and military experience. The information will be used to prepare and issue admission...

78 FR 73202 - Review and Revision of the National Critical Infrastructure Security and Resilience (NCISR...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-05

...This Request for Information (RFI) notice informs the public that the Department of Homeland Security's (DHS) Science and Technology Directorate (S&T) is currently developing a National Critical Infrastructure Security and Resilience Research and Development Plan (NCISR R&D Plan) to conform to the requirements of Presidential Policy Directive 21, Critical Infrastructure Security and Resilience. As part of a comprehensive national review process, DHS solicits public comment on issues or language in the NCISR R&D Plan that need to be included. Critical infrastructure includes both cyber and physical components, systems, and networks for the sixteen established ``critical infrastructures''.

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

Wireless physical layer security

NASA Astrophysics Data System (ADS)

Poor, H. Vincent; Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security.

PubMed

Poor, H Vincent; Schaefer, Rafael F

2017-01-03

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security

PubMed Central

Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments. PMID:28028211

Going Beyond Compliance: A Strategic Framework for Promoting Information Security in Hospitals.

PubMed

Zandona, David J; Thompson, Jon M

In the past decade, public and private organizations have experienced a significant and alarming rise in the number of data breaches. Across all sectors, there seems to be no safe haven for the protection of information. In the health care industry, the trend is even worse. Information security is at an unbelievable low point, and it is unlikely that government oversight can fix this issue. Health care organizations have ramped up their approaches to addressing the problem; however, these initiatives are often incremental rather than transformational. Hospitals need an overall organization-wide strategy to prevent breaches from occurring and to minimize effects if they do occur. This article provides an analysis of the literature related to health information security and offers a suggested strategy for hospital administrators to follow in order to create a more secure environment for patient health information.

Security and privacy issues with health care information technology.

PubMed

Meingast, Marci; Roosta, Tanya; Sastry, Shankar

2006-01-01

The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

Secure data aggregation in heterogeneous and disparate networks using stand off server architecture

NASA Astrophysics Data System (ADS)

Vimalathithan, S.; Sudarsan, S. D.; Seker, R.; Lenin, R. B.; Ramaswamy, S.

2009-04-01

The emerging global reach of technology presents myriad challenges and intricacies as Information Technology teams aim to provide anywhere, anytime and anyone access, for service providers and customers alike. The world is fraught with stifling inequalities, both from an economic as well as socio-political perspective. The net result has been large capability gaps between various organizational locations that need to work together, which has raised new challenges for information security teams. Similar issues arise, when mergers and acquisitions among and between organizations take place. While integrating remote business locations with mainstream operations, one or more of the issues including the lack of application level support, computational capabilities, communication limitations, and legal requirements cause a serious impediment thereby complicating integration while not violating the organizations' security requirements. Often resorted techniques like IPSec, tunneling, secure socket layer, etc. may not be always techno-economically feasible. This paper addresses such security issues by introducing an intermediate server between corporate central server and remote sites, called stand-off-server. We present techniques such as break-before-make connection, break connection after transfer, multiple virtual machine instances with different operating systems using the concept of a stand-off-server. Our experiments show that the proposed solution provides sufficient isolation for the central server/site from attacks arising out of weak communication and/or computing links and is simple to implement.

77 FR 44306 - Service Delivery Plan

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-27

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0048] Service Delivery Plan AGENCY: Social... publicly available. Do not include in your comments any personal information, such as Social Security... function of the Web page to find docket number SSA-2012-0048. The system will issue you a tracking number...

75 FR 81284 - National Protection and Programs Directorate; National Infrastructure Advisory Council Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-27

... Homeland Security with advice on the security of the critical infrastructure sectors and their information systems. The NIAC will meet to address issues relevant to the protection of critical infrastructure as... Directorate; National Infrastructure Advisory Council Meeting AGENCY: National Protection and Programs...

Education and the Degree of Data Security

ERIC Educational Resources Information Center

Spears, Phillip Dewitt

2013-01-01

New technology development has researchers inundated with a plethora of data security issues linked to cyber attacks and hackers' ability to transmogrify their techniques. The present research focused on the information technology managing officers' (ITMOs') level of education, size of organization, organization's industry, and effect they have on…

An Overview of Electronic Passport Security Features

NASA Astrophysics Data System (ADS)

Říha, Zdeněk

Electronic passports include contactless chip which stores personal data of the passport holder, information about the passport and the issuing institution. In its simplest form an electronic passport contains just a collection of read-only files, more advanced variants can include sophisticated cryptographic mechanisms protecting security of the document and / or privacy of the passport holder. This paper describes security features of electronic passports and discusses their efficiency.

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

NASA Astrophysics Data System (ADS)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

A Secure Framework for Location Verification in Pervasive Computing

NASA Astrophysics Data System (ADS)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Security Considerations for E-Mental Health Interventions

PubMed Central

Bennett, Anthony James; Griffiths, Kathleen Margaret

2010-01-01

Security considerations are an often overlooked and underfunded aspect of the development, delivery, and evaluation of e-mental health interventions although they are crucial to the overall success of any eHealth project. The credibility and reliability of eHealth scientific research and the service delivery of eHealth interventions rely on a high standard of data security. This paper describes some of the key methodological, technical, and procedural issues that need to be considered to ensure that eHealth research and intervention delivery meet adequate security standards. The paper concludes by summarizing broad strategies for addressing the major security risks associated with eHealth interventions. These include involving information technology (IT) developers in all stages of the intervention process including its development, evaluation, and ongoing delivery; establishing a wide-ranging discourse about relevant security issues; and familiarizing researchers and providers with the security measures that must be instituted in order to protect the integrity of eHealth interventions. PMID:21169173

Management Guide to the Protection of Information Resources.

ERIC Educational Resources Information Center

Helsing, Cheryl; And Others

This guide introduces information systems security concerns and outlines the issues that must be addressed by all agency managers in meeting their responsibilities to protect information systems within their organizations. It describes the essential components of an effective information resource protection process that applies to an individual…

75 FR 11207 - Policy Statement on Obtaining and Retaining Beneficial Ownership Information for Anti-Money...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-10

... Retaining Beneficial Ownership Information for Anti-Money Laundering Purposes AGENCY: Securities and...-money laundering purposes. DATES: Effective Date: March 5, 2010. FOR FURTHER INFORMATION CONTACT... retaining beneficial ownership information for anti-money laundering purposes. This guidance is being issued...

The Handbook for Campus Crime Reporting

ERIC Educational Resources Information Center

Ward, Diane; Lee, Janice

2005-01-01

Campus security and safety are important issues in postsecondary education today. Providing students nationwide with a safe environment in which to learn and keeping students, parents and employees well informed about campus security are goals that have been voiced by many groups. These goals were advanced by the Crime Awareness and Campus…

Learning with Security

ERIC Educational Resources Information Center

Jokela, Paivi; Karlsudd, Peter

2007-01-01

The current higher education, both distance education and traditional campus courses, relies more and more on modern information and communication technologies (ICT). The use of computer systems and networks results in a wide range of security issues that must be dealt with in order to create a safe learning environment. In this work, we study the…

77 FR 20889 - Proposed Information Collection (Request One-VA Identification Verification Card) Activity...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-06

... solicits comments on information needed to issue a Personal Identity Verification (PIV) identification card... Personnel Security and Identity Management (07C), Department of Veterans Affairs, 810 Vermont Avenue NW...

Mechanical Verification of Cryptographic Protocols

NASA Astrophysics Data System (ADS)

Cheng, Xiaochun; Ma, Xiaoqi; Huang, Scott C.-H.; Cheng, Maggie

Information security is playing an increasingly important role in modern society, driven especially by the uptake of the Internet for information transfer. Large amount of information is transmitted everyday through the Internet, which is often the target of malicious attacks. In certain areas, this issue is vital. For example, military departments of governments often transmit a great amount of top-secret data, which, if divulged, could become a huge threat to the public and to national security. Even in our daily life, it is also necessary to protect information. Consider e-commerce systems as an example. No one is willing to purchase anything over the Internet before being assured that all their personal and financial information will always be kept secure and will never be leaked to any unauthorised person or organisation.

Secrecy vs. the need for ecological information: challenges to environmental activism in Russia.

PubMed

Jandl, T

1998-01-01

This article identifies the lessons learned from the Nikitin case study in Russia. The Nikitin case involves the analysis of sources of radioactive contamination in several Russian counties and in the Russian Northern Fleet. Norway was interested in the issue due to proximity to the storage sites. The issue involved national security and environmental protection. It was learned that mixing national security issues with environmental issues offers dangerous and multiple challenges. Environmental groups must build relationships with a wide audience. International security policy must include the issues of globalization of trade and the spread of environmental problems into the global commons (oceans and atmosphere). The risk of an environmentally dangerous accident as a consequence of Cold War activities is greater than the risk of nuclear war. Secrecy in military affairs is not justified when there is inadequate storage of nuclear weapons and contaminated materials. In Russia, the concern is great due to their economic transition and shortages of funds for even the most basic needs, which excludes nuclear waste clean up. The Bellona Foundation studied the extent of nuclear pollution from military nuclear reactors in the Kola peninsula of northwest Russia, in 1994 and 1996. Russian security police arrested one of the report authors for alleged national security violations. A valuable lesson learned was that local Russian environmental groups needed international support. The military nuclear complex poses an enormous hazard. Limiting inspections is an unacceptable national security risk. The new Russian law on state secrets is too broad.

IoT security with one-time pad secure algorithm based on the double memory technique

NASA Astrophysics Data System (ADS)

Wiśniewski, Remigiusz; Grobelny, Michał; Grobelna, Iwona; Bazydło, Grzegorz

2017-11-01

Secure encryption of data in Internet of Things is especially important as many information is exchanged every day and the number of attack vectors on IoT elements still increases. In the paper a novel symmetric encryption method is proposed. The idea bases on the one-time pad technique. The proposed solution applies double memory concept to secure transmitted data. The presented algorithm is considered as a part of communication protocol and it has been initially validated against known security issues.

Common Operating Picture: UAV Security Study

NASA Technical Reports Server (NTRS)

2004-01-01

This initial communication security study is a top-level assessment of basic security issues related to the operation of Unmanned Aerial Vehicles (UAVs) in the National Airspace System (NAS). Security considerations will include information relating to the use of International Civil Aviation Organization (ICAO) Aeronautical Telecommunications Network (ATN) protocols and applications identifying their maturity, as well as the use of IPV4 and a version of mobile IPV6. The purpose of this assessment is to provide an initial analysis of the security implications of introducing UAVs into the NAS.

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

Security and privacy in molecular communication and networking: opportunities and challenges.

PubMed

Loscrí, Valeria; Marchal, César; Mitton, Nathalie; Fortino, Giancarlo; Vasilakos, Athanasios V

2014-09-01

Molecular Communication (MC) is an emerging and promising communication paradigm for several multi-disciplinary domains like bio-medical, industry and military. Differently to the traditional communication paradigm, the information is encoded on the molecules, that are then used as carriers of information. Novel approaches related to this new communication paradigm have been proposed, mainly focusing on architectural aspects and categorization of potential applications. So far, security and privacy aspects related to the molecular communication systems have not been investigated at all and represent an open question that need to be addressed. The main motivation of this paper lies on providing some first insights about security and privacy aspects of MC systems, by highlighting the open issues and challenges and above all by outlining some specific directions of potential solutions. Existing cryptographic methods and security approaches are not suitable for MC systems since do not consider the pecific issues and challenges, that need ad-hoc solutions. We will discuss directions in terms of potential solutions by trying to highlight the main advantages and potential drawbacks for each direction considered. We will try to answer to the main questions: 1) why this solution can be exploited in the MC field to safeguard the system and its reliability? 2) which are the main issues related to the specific approach?

Big data, little security: Addressing security issues in your platform

NASA Astrophysics Data System (ADS)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

An Analysis of Fraud on the Internet.

ERIC Educational Resources Information Center

Baker, C. Richard

1999-01-01

Examines the issue of fraud on the Internet and discusses three areas with significant potential for misleading and fraudulent practices: securities sales and trading; electronic commerce, including privacy and information protection; and the rapid growth of Internet companies, including advertising issues. (Author/LRW)

29 CFR 2700.5 - General requirements for pleadings and other documents; status or informational requests.

Code of Federal Regulations, 2010 CFR

2010-07-01

... withdrawal order issued under section 104, 30 U.S.C. 814; an answer to a notice of contest of an order issued... digits of social security numbers, financial account numbers, driver's license numbers, or other personal...

Pakistan’s Nuclear Weapons: Proliferation and Security Issues

DTIC Science & Technology

2009-10-15

and technical measures to prevent unauthorized or accidental use of nuclear weapons, as well as contribute to physical security of storage ...Talks On Nuclear Security,” The Boston Globe, May 5, 2009. 79 Abdul Mannan, “Preventing Nuclear Terrorism in Pakistan: Sabotage of a Spent Fuel Cask or...a Commercial Irradiation Source in Transport ,” in Pakistan’s Nuclear Future, 2008; Martellini, 2008. 80 Martellini, 2008. 81 For more information

Safeguarding patient privacy in electronic healthcare in the USA: the legal view.

PubMed

Walsh, Diana; Passerini, Katia; Varshney, Upkar; Fjermestad, Jerry

2008-01-01

The conflict between the sweeping power of technology to access and assemble personal information and the ongoing concern about our privacy and security is ever increasing. While we gradually need higher electronic access to medical information, issues relating to patient privacy and reducing vulnerability to security breaches surmount. In this paper, we take a legal perspective and examine the existing patchwork of laws and obligations governing health information in the USA. The study finds that as Electronic Medical Records (EMRs) increase in scope and dissemination, privacy protections gradually decrease due to the shortcomings in the legal system. The contributions of this paper are (1) an overview of the legal EMR issues in the USA, and (2) the identification of the unresolved legal issues and how these will escalate when health information is transmitted over wireless networks. More specifically, the paper discusses federal and state government regulations such as the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and judicial intervention. Based on the legal overview, the unresolved challenges are identified and suggestions for future research are included.

Management, Security, and Congressional Oversight. Federal Government Information Technology.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

This report considers the management, use, and congressional oversight of information technology in the Federal Government as rapid advances in technology--e.g., microcomputers, computer networking, computer modeling, videoconferencing, and electronic information exchange--are generating many new applications, opportunities, and issues which are…

A secure and robust information hiding technique for covert communication

NASA Astrophysics Data System (ADS)

Parah, S. A.; Sheikh, J. A.; Hafiz, A. M.; Bhat, G. M.

2015-08-01

The unprecedented advancement of multimedia and growth of the internet has made it possible to reproduce and distribute digital media easier and faster. This has given birth to information security issues, especially when the information pertains to national security, e-banking transactions, etc. The disguised form of encrypted data makes an adversary suspicious and increases the chance of attack. Information hiding overcomes this inherent problem of cryptographic systems and is emerging as an effective means of securing sensitive data being transmitted over insecure channels. In this paper, a secure and robust information hiding technique referred to as Intermediate Significant Bit Plane Embedding (ISBPE) is presented. The data to be embedded is scrambled and embedding is carried out using the concept of Pseudorandom Address Vector (PAV) and Complementary Address Vector (CAV) to enhance the security of the embedded data. The proposed ISBPE technique is fully immune to Least Significant Bit (LSB) removal/replacement attack. Experimental investigations reveal that the proposed technique is more robust to various image processing attacks like JPEG compression, Additive White Gaussian Noise (AWGN), low pass filtering, etc. compared to conventional LSB techniques. The various advantages offered by ISBPE technique make it a good candidate for covert communication.

77 FR 67047 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-08

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of Proposed Rule Change Consisting of Amendments to Streamline New Issue Information Submission Requirements Under MSRB Rules G-32... Organization's Statement of the Terms of Substance of the Proposed Rule Change The MSRB is filing with the...

Productivity and Job Security: Retraining to Adapt to Technological Change.

ERIC Educational Resources Information Center

National Center for Productivity and Quality of Working Life, Washington, DC.

This report, the first of a series on productivity and job security, presents five case studies to illustrate retraining to achieve worker's adjustment to technology. The first of seven chapters addresses the following issues: the availability of job training/retraining data, the desirability of informing workers in advance of technological…

After the Cold War: A New Calculus for Science and Security

ERIC Educational Resources Information Center

Wallerstein, Mitchel

2003-01-01

Just more than twenty years ago, the author had the privilege of directing a National Academy of Sciences panel that issued a report entitled "Scientific Communication and National Security," known informally as the Corson Report, after Dale Corson, the panel's chair and president emeritus of Cornell University. Thus, for him, today's discussions…

The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

NASA Technical Reports Server (NTRS)

1986-01-01

The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

Corporate Perspective: An Interview with John Sculley.

ERIC Educational Resources Information Center

Temares, M. Lewis

1989-01-01

John Sculley, the chairman of the board of Apple Computer, Inc., discusses information technology management, management strategies, network management, the Chief Information Officer, strategic planning, back-to-the-future planning, business and university joint ventures, and security issues. (MLW)

A user anonymity preserving three-factor authentication scheme for telecare medicine information systems.

PubMed

Tan, Zuowen

2014-03-01

The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.

Governance, Risk, and Compliance: Why Now?

ERIC Educational Resources Information Center

Grama, Joanna Lyn; Petersen, Rodney

2013-01-01

Governance, risk, and compliance (GRC) issues are increasingly pervading the IT space, with these concepts transcending silos such as central and distributed IT units, information security, and service management. As campus investment in information technology and campus reliance on information systems have grown, so has the need for reliable…

Fractional optical cryptographic protocol for data containers in a noise-free multiuser environment

NASA Astrophysics Data System (ADS)

Jaramillo, Alexis; Barrera, John Fredy; Zea, Alejandro Vélez; Torroba, Roberto

2018-03-01

Optical encryption systems have great potential for flexible and high-performance data protection, making them an area of rapid development. However, most approaches present two main issues, namely, the presence of speckle noise, and the degree of security they offer. Here we introduce an experimental implementation of an optical encrypting protocol that tackles these issues by taking advantage of recent developments in the field. These developments include the introduction of information containers for noise free information retrieval, the use of multiplexing to allow for a multiple user environment and an architecture based on the Joint fractional Fourier transform that allows increased degrees of freedom and simplifies the experimental requirements. Thus, data handling via QR code containers involving multiple users processed in a fractional joint transform correlator produce coded information with increased security and ease of use. In this way, we can guarantee that only the user with the correct combination of encryption key and security parameters can achieve noise free information after deciphering. We analyze the performance of the system when the order of the fractional Fourier transform is changed during decryption. We show experimental results that confirm the validity of our proposal.

75 FR 51877 - Proposed Collection: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-23

... sale and issue of Marketable Book-Entry securities. DATES: Written comments should be received on or.... Form Number: Sale and Issue of Marketable Book-Entry Treasury Bills, Notes, and Bonds. Abstract: The..., including through the use of automated collection techniques or other forms of information technology; and...

Security of Color Image Data Designed by Public-Key Cryptosystem Associated with 2D-DWT

NASA Astrophysics Data System (ADS)

Mishra, D. C.; Sharma, R. K.; Kumar, Manish; Kumar, Kuldeep

2014-08-01

In present times the security of image data is a major issue. So, we have proposed a novel technique for security of color image data by public-key cryptosystem or asymmetric cryptosystem. In this technique, we have developed security of color image data using RSA (Rivest-Shamir-Adleman) cryptosystem with two-dimensional discrete wavelet transform (2D-DWT). Earlier proposed schemes for security of color images designed on the basis of keys, but this approach provides security of color images with the help of keys and correct arrangement of RSA parameters. If the attacker knows about exact keys, but has no information of exact arrangement of RSA parameters, then the original information cannot be recovered from the encrypted data. Computer simulation based on standard example is critically examining the behavior of the proposed technique. Security analysis and a detailed comparison between earlier developed schemes for security of color images and proposed technique are also mentioned for the robustness of the cryptosystem.

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

A concurrent resolution expressing the sense of Congress that the United States Postal Service should issue a commemorative postage stamp honoring civil rights workers Andrew Goodman, James Chaney, and Michael Schwerner, and the "Freedom Summer" of 1964, and that the Citizens' Stamp Advisory Committee should recommend to the Postmaster General that such a stamp be issued.

THOMAS, 111th Congress

Sen. Schumer, Charles E. [D-NY

2010-07-12

Senate - 07/15/2010 Committee on Homeland Security and Governmental Affairs referred to Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

A privacy authentication scheme based on cloud for medical environment.

PubMed

Chen, Chin-Ling; Yang, Tsai-Tung; Chiang, Mao-Lun; Shih, Tzay-Farn

2014-11-01

With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients' privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device's characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

A Progress Report on Information Privacy and Data Security.

ERIC Educational Resources Information Center

Salton, Gerard

1980-01-01

Describes the role of information privacy in modern society, examines recent legal cases to illustrate how privacy cases are adjudicated and to identify the limits of available privacy protection, and raises issues regarding techniques for insuring data confidentiality. (FM)

Remote Sensing Information Gateway (RSIG3D) Fact Sheet

EPA Pesticide Factsheets

The Remote Sensing Information Gateway-3D (RSIG3D) is a free and downloadable application that provides easy and secure access to petabytes (millions of gigabytes) of atmospheric data that can be used to study complex air quality issues.

Critical infrastructure protection : significant challenges in developing analysis, warning, and response capabilities testimony

DOT National Transportation Integrated Search

2001-05-22

This is the statement of Robert F. Dacey, Director, Information Security Issues before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate regarding the General Accounting Office's (GAO's) rev...

Information Superhighway: An Overview of Technology Challenges. Report to the Congress.

ERIC Educational Resources Information Center

General Accounting Office, Washington, DC.

This report focuses on the pivotal technical issues associated with the National Information Infrastructure program, security and privacy, interoperability, and reliability, and presents the General Accounting Office's findings on these challenges. It is reported that while the structures and services to be offered by the information superhighway…

Chemical Safety Information, Site Security and Fuels Regulatory Relief Act: Public Distribution of Off-Site Consequence Analysis Information Fact Sheet

EPA Pesticide Factsheets

Based on assessments of increased risk of terrorist/criminal activity, EPA and DOJ have issued a rule that allows public access to OCA information in ways that are designed to minimize likelihood of chemical accidents and public harm.

The University of Minnesota's Internet Gopher System: A Tool for Accessing Network-Based Electronic Information.

ERIC Educational Resources Information Center

Wiggins, Rich

1993-01-01

Describes the Gopher system developed at the University of Minnesota for accessing information on the Internet. Highlights include the need for navigation tools; Gopher clients; FTP (File Transfer Protocol); campuswide information systems; navigational enhancements; privacy and security issues; electronic publishing; multimedia; and future…

E-Commerce and Security Governance in Developing Countries

NASA Astrophysics Data System (ADS)

Sanayei, Ali.; Rajabion, Lila

Security is very often mentioned as one of the preconditions for the faster growth of e-commerce. Without a secure and reliable internet, customer will continue to be reluctant to provide confidential information online, such as credit card number. Moreover, organizations of all types and sizes around the world rely heavily on technologies of electronic commerce (e-commerce) for conducting their day-to-day business transaction. Providing organizations with a secure e-commerce environment is a major issue and challenging one especially in Middle Eastern countries. Without secure e-commerce, it is almost impossible to take advantage of the opportunities offered by e-commerce technologies. E-commerce can create opportunities for small entrepreneurs in Middle Eastern countries. This requires removing infrastructure blockages in telecommunications and logistics alongside the governance of e-commerce with policies on consumer protection, security of transactions, privacy of records and intellectual property. In this paper, we will explore the legal implications of e-commerce security governance by establishing who is responsible for ensuring compliance with this discipline, demonstrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline. Our main focus will be on analyzing the importance and implication of e-commerce security governance in developing countries.

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Control Issues.

ERIC Educational Resources Information Center

Olsen, Florence

2003-01-01

Discusses how the potential effectiveness of Palladium, Microsoft's new approach to computer security, is worrying academics, who say it could allow publishers to dam the free flow of online information. (EV)

Community Colleges in the Highway: Major Issues for Technology Planning.

ERIC Educational Resources Information Center

Moquin, Bert; Travis, Jon E.

1999-01-01

Rates the importance of planning topics, as identified by technology personnel at Texas community colleges, related to the information superhighway (ISH). Finds, through a Delphi study, that significant issues that should be considered in strategic technology planning include training, cost, planning, security/legal, uses and innovations,…

Ethical Issues in Computer-Assisted Language Learning: Perceptions of Teachers and Learners

ERIC Educational Resources Information Center

Wang, Shudong; Heffernan, Neil

2010-01-01

Pedagogical theories and the applications of information technology for language learning have been widely researched in various dimensions. However, ethical issues, such as online privacy and security, and learners' personal data disclosure, are not receiving enough research attention. The perceptions and attitudes from those who participate in…

FuzzyFusion: an application architecture for multisource information fusion

NASA Astrophysics Data System (ADS)

Fox, Kevin L.; Henning, Ronda R.

2009-04-01

The correlation of information from disparate sources has long been an issue in data fusion research. Traditional data fusion addresses the correlation of information from sources as diverse as single-purpose sensors to all-source multi-media information. Information system vulnerability information is similar in its diversity of sources and content, and in the desire to draw a meaningful conclusion, namely, the security posture of the system under inspection. FuzzyFusionTM, A data fusion model that is being applied to the computer network operations domain is presented. This model has been successfully prototyped in an applied research environment and represents a next generation assurance tool for system and network security.

Safe and Secure Schools Assessment. Public School Information. Legislative Report, 2008

ERIC Educational Resources Information Center

Idaho State Department of Education, 2008

2008-01-01

As a result of high profile shootings and critical incidents in schools on a national level, combined with the lack of a cohesive, standardized approach to safety and security in Idaho Schools, Superintendent Tom Luna requested an appropriation to address this issue and the Legislature allocated 5150.000 in FY 2008 for the Safe and Secure…

77 FR 40668 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-10

...-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of Proposed Rule Change To Amend Rule G-34, on CUSIP Numbers, New Issue, and Market Information Requirements July 3, 2012. Pursuant.... 78s(b)(1). \\2\\ 17 CFR 240.19b-4. I. Self-Regulatory Organization's Statement of the Terms of Substance...

A concurrent resolution expressing the sense of Congress that a commemorative postage stamp should be issued to honor the life of Elijah Parish Lovejoy.

THOMAS, 111th Congress

Sen. Burris, Roland [D-IL

2010-01-26

Senate - 03/26/2010 Committee on Homeland Security and Governmental Affairs referred to Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

The Numbers Game: Phasing in Generated ID Numbers at the University of Oregon

ERIC Educational Resources Information Center

Eveland, Sue

2005-01-01

With all the recent headlines about security breaches and information loss at financial and educational institutions, the higher education community needs to address the issue of using social security numbers as ID numbers. The University of Oregon undertook a change process to assign generated ID numbers to all records in their information…

Security Issues in Cross-Organizational Peer-to-Peer Applications and Some Solutions

NASA Astrophysics Data System (ADS)

Gupta, Ankur; Awasthi, Lalit K.

Peer-to-Peer networks have been widely used for sharing millions of terabytes of content, for large-scale distributed computing and for a variety of other novel applications, due to their scalability and fault-tolerance. However, the scope of P2P networks has somehow been limited to individual computers connected to the internet. P2P networks are also notorious for blatant copyright violations and facilitating several kinds of security attacks. Businesses and large organizations have thus stayed away from deploying P2P applications citing security loopholes in P2P systems as the biggest reason for non-adoption. In theory P2P applications can help fulfill many organizational requirements such as collaboration and joint projects with other organizations, access to specialized computing infrastructure and finally accessing the specialized information/content and expert human knowledge available at other organizations. These potentially beneficial interactions necessitate that the research community attempt to alleviate the security shortcomings in P2P systems and ensure their acceptance and wide deployment. This research paper therefore examines the security issues prevalent in enabling cross-organizational P2P interactions and provides some technical insights into how some of these issues can be resolved.

Draft secure medical database standard.

PubMed

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

Security and Privacy in a DACS.

PubMed

Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep

2016-01-01

The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

Security policy speculation of user uploaded images on content sharing sites

NASA Astrophysics Data System (ADS)

Iyapparaja, M.; Tiwari, Maneesh

2017-11-01

Innovation is developing step by step tremendously. As there are numerous social locales where information likes pictures, sound, video and so forth are shared by the client to each other. In concentrate to all exercises on social locales, there is need of protection to pictures. Because of this reason, I utilized Adaptive protection strategy forecast instrument to give security to the pictures. Issue identified with pictures is the huge issue in social locales like Facebook, twitter and so on. So here the part of a social thought, security to pictures, metadata and so on is produced. To conquer this issue we produced an answer which is 2 systems which understanding to a background marked by the pictures gives appropriated answer for them. Here we give an arrangement to the specific sort of pictures by characterizing them and in addition giving protection to pictures which are transferred agreement to a calculation that we utilized. Consequently as indicated by this arrangement expectation pictures take after a similar approach on up and coming pictures and give successful security to them.

Design principles in the development of (public) health information infrastructures.

PubMed

Neame, Roderick

2012-01-01

In this article the author outlines the key issues in the development of a regional health information infrastructure suitable for public health data collections. A set of 10 basic design and development principles as used and validated in the development of the successful New Zealand National Health Information Infrastructure in 1993 are put forward as a basis for future developments. The article emphasises the importance of securing clinical input into any health data that is collected, and suggests strategies whereby this may be achieved, including creating an information economy alongside the care economy. It is suggested that the role of government in such developments is to demonstrate leadership, to work with the sector to develop data, messaging and security standards, to establish key online indexes, to develop data warehouses and to create financial incentives for adoption of the infrastructure and the services it delivers to users. However experience suggests that government should refrain from getting involved in local care services data infrastructure, technology and management issues.

Privacy vs usability: a qualitative exploration of patients' experiences with secure Internet communication with their general practitioner.

PubMed

Tjora, Aksel; Tran, Trung; Faxvaag, Arild

2005-05-31

Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve user interfaces.

Privacy vs Usability: A Qualitative Exploration of Patients' Experiences With Secure Internet Communication With Their General Practitioner

PubMed Central

Tran, Trung; Faxvaag, Arild

2005-01-01

Background Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. Objectives The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Methods Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Results Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Conclusions Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve user interfaces. PMID:15998606

19 CFR 181.95 - Oral discussion of issues.

Code of Federal Regulations, 2013 CFR

2013-04-01

... in the Customs file in the matter a written record setting forth any and all additional information... 19 Customs Duties 2 2013-04-01 2013-04-01 false Oral discussion of issues. 181.95 Section 181.95 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE...

19 CFR 181.95 - Oral discussion of issues.

Code of Federal Regulations, 2014 CFR

2014-04-01

... in the Customs file in the matter a written record setting forth any and all additional information... 19 Customs Duties 2 2014-04-01 2014-04-01 false Oral discussion of issues. 181.95 Section 181.95 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE...

19 CFR 181.95 - Oral discussion of issues.

Code of Federal Regulations, 2012 CFR

2012-04-01

... in the Customs file in the matter a written record setting forth any and all additional information... 19 Customs Duties 2 2012-04-01 2012-04-01 false Oral discussion of issues. 181.95 Section 181.95 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE...

19 CFR 181.95 - Oral discussion of issues.

Code of Federal Regulations, 2011 CFR

2011-04-01

... in the Customs file in the matter a written record setting forth any and all additional information... 19 Customs Duties 2 2011-04-01 2011-04-01 false Oral discussion of issues. 181.95 Section 181.95 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE...

Measuring Achievement of ICT Competency for Students in Korea

ERIC Educational Resources Information Center

Cha, Seung Eun; Jun, Soo Jin; Kwon, Dai Yong; Kim, Han Sung; Kim, Seung Bum; Kim, Ja Mee; Kim, Young Ae; Han, Sun Gwan; Seo, Soon Sik; Jun, Woo Cheon; Kim, Hyun Cheol; Lee, Won Gyu

2011-01-01

In the current information society, the need for securing human resources acquired with ICT competency is becoming a very important issue. In USA, England, Japan, India and Israel improving students' ICT competency has become a pedagogical issue. Accordingly, education on ICT competency is changing in many countries emphasizing the basis of…

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

A Social Infrastructure for Hometown Security: Advancing the Homeland Security Paradigm

DTIC Science & Technology

2009-05-01

administration has issued a national call to service . This call offers an opportunity to invest in a social infrastructure for homeland security that will... Services , Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should...said, “We were ready…to answer a new call for our country, but the call never came.” “Instead of a call to service , we were asked to go shopping.”12

78 FR 23637 - Identity Theft Red Flags Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-19

... Address Control Issues with Implementing Cloud Computing (May 2010), available at http://www.gao.gov/new.items/d10513.pdf (discussing information security implications of cloud computing); Department of...

77 FR 13449 - Identity Theft Red Flags Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-06

... Address Control Issues with Implementing Cloud Computing (May 2010) (available at http://www.gao.gov/new.items/d10513.pdf ) (discussing information security implications of cloud computing); Department of...

32 CFR 287.4 - Duties of the FOIA officer.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Directorate for Freedom of Information and Security Review (DFOISR) Washington Headquarters Services, reference FOIA issues. (e) Ensure the cooperation of DISA with DFOISR in fulfilling the responsibilities of...

78 FR 27452 - Credit Ratings Roundtable

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-10

... regarding issues addressed at the roundtable until June 3, 2013. FOR FURTHER INFORMATION CONTACT: Scott Davey at (212) 336-0075, Office of Credit Ratings, Securities and Exchange Commission, 3 World Financial...

U.S. National Security Strategy - The Magnitude of Second and Third-Order Effects on Smaller Nations: The Cases of Lebanon During the Cold War and Pakistan During the Global War on Terrorism

DTIC Science & Technology

2004-03-19

informal management style used during the war years was not suited to the longer-term security issues of the post-war era. As US grand strategy became...Eisenhower Doctrine in 1957. THE CASE OF LEBANON Each of the above mentioned security policies were products of American diplomacy aimed at managing the...consisting of its East and West entities, found itself a principle player in the American-led security alliance structure designed to check Soviet

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Ethics Certification of Health Information Professionals.

PubMed

Kluge, Eike-Henner; Lacroix, Paulette; Ruotsalainen, Pekka

2018-04-22

 To provide a model for ensuring the ethical acceptability of the provisions that characterize the interjurisdictional use of eHealth, telemedicine, and associated modalities of health care deliveiy that are currently in place.  Following the approach initiated in their Global Protection of Health Data project within the Security in Health Information Systems (SiHIS) working group of the International Medical Informatics Association (IMIA), the authors analyze and evaluate relevant privacy and security approaches that are intended to stem the erosion of patients' trustworthiness in the handling of their sensitive information by health care and informatics professionals in the international context.  The authors found that while the majority of guidelines and ethical codes essentially focus on the role and functioning of the institutions that use EHRs and information technologies, little if any attention has been paid to the qualifications of the health informatics professionals (HIPs) who actualize and operate information systems to deal with or address relevant ethical issues.  The apparent failure to address this matter indicates that the ethical qualification of HIPs remains an important security issue and that the Global Protection of Health Data project initiated by the SiHIS working group in 2015 should be expanded to develop into an internationally viable method of certification. An initial model to this effect is sketched and discussed. Georg Thieme Verlag KG Stuttgart.

Security and health research databases: the stakeholders and questions to be addressed.

PubMed

Stewart, Sara

2006-01-01

Health research database security issues abound. Issues include subject confidentiality, data ownership, data integrity and data accessibility. There are also various stakeholders in database security. Each of these stakeholders has a different set of concerns and responsibilities when dealing with security issues. There is an obvious need for training in security issues, so that these issues may be addressed and health research will move on without added obstacles based on misunderstanding security methods and technologies.

A Secure Scheme for Distributed Consensus Estimation against Data Falsification in Heterogeneous Wireless Sensor Networks.

PubMed

Mi, Shichao; Han, Hui; Chen, Cailian; Yan, Jian; Guan, Xinping

2016-02-19

Heterogeneous wireless sensor networks (HWSNs) can achieve more tasks and prolong the network lifetime. However, they are vulnerable to attacks from the environment or malicious nodes. This paper is concerned with the issues of a consensus secure scheme in HWSNs consisting of two types of sensor nodes. Sensor nodes (SNs) have more computation power, while relay nodes (RNs) with low power can only transmit information for sensor nodes. To address the security issues of distributed estimation in HWSNs, we apply the heterogeneity of responsibilities between the two types of sensors and then propose a parameter adjusted-based consensus scheme (PACS) to mitigate the effect of the malicious node. Finally, the convergence property is proven to be guaranteed, and the simulation results validate the effectiveness and efficiency of PACS.

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

PubMed Central

Müthing, Jannis; Jäschke, Thomas

2017-01-01

Background Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. Objective The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Methods Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Results Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. Conclusions The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable. PMID:29046271

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues.

PubMed

Müthing, Jannis; Jäschke, Thomas; Friedrich, Christoph M

2017-10-18

Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable. ©Jannis Müthing, Thomas Jäschke, Christoph M Friedrich. Originally published in JMIR Mhealth and Uhealth (http://mhealth.jmir.org), 18.10.2017.

Collaborating to optimize nursing students' agency information technology use.

PubMed

Fetter, Marilyn S

2009-01-01

As the learning laboratory for gaining actual patient care experience, clinical agencies play an essential role in nursing education. With an information technology revolution transforming healthcare, nursing programs are eager for their students to learn the latest informatics systems and technologies. However, many healthcare institutions are struggling to meet their own information technology needs and report limited resources and other as barriers to nursing student training. In addition, nursing students' information technology access and use raise security and privacy concerns. With the goal of a fully electronic health record by 2014, it is imperative that agencies and educational programs collaborate. They need to establish educationally sound, cost-effective, and secure policies and procedures for managing students' use of information technology systems. Strategies for evaluating options, selecting training methods, and ensuring data security are shared, along with strategies that may reap clinical, economic, and educational benefits. Students' information technology use raises numerous issues that the nursing profession must address to participate in healthcare's transformation into the digital age.

Hybrid cloud: bridging of private and public cloud computing

NASA Astrophysics Data System (ADS)

Aryotejo, Guruh; Kristiyanto, Daniel Y.; Mufadhol

2018-05-01

Cloud Computing is quickly emerging as a promising paradigm in the recent years especially for the business sector. In addition, through cloud service providers, cloud computing is widely used by Information Technology (IT) based startup company to grow their business. However, the level of most businesses awareness on data security issues is low, since some Cloud Service Provider (CSP) could decrypt their data. Hybrid Cloud Deployment Model (HCDM) has characteristic as open source, which is one of secure cloud computing model, thus HCDM may solve data security issues. The objective of this study is to design, deploy and evaluate a HCDM as Infrastructure as a Service (IaaS). In the implementation process, Metal as a Service (MAAS) engine was used as a base to build an actual server and node. Followed by installing the vsftpd application, which serves as FTP server. In comparison with HCDM, public cloud was adopted through public cloud interface. As a result, the design and deployment of HCDM was conducted successfully, instead of having good security, HCDM able to transfer data faster than public cloud significantly. To the best of our knowledge, Hybrid Cloud Deployment model is one of secure cloud computing model due to its characteristic as open source. Furthermore, this study will serve as a base for future studies about Hybrid Cloud Deployment model which may relevant for solving big security issues of IT-based startup companies especially in Indonesia.

The Effects of Risk and Size of Company on Business Performance in Information Technology Outsourcing

ERIC Educational Resources Information Center

Balogun, Shereef Adewale

2013-01-01

Information technology (IT) outsourcing is a practical way to transfer information technology by industries of different firms. The problem occurs when companies outsource services to domestic and international data centers as network security issues arise. This leads to competition between companies causing the size of the company to become more…

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

PubMed

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

DefenseLink Feature: Travels with Gates

Science.gov Websites

. Gates and U.S. Secretary of State Condoleezza Rice (right) discuss issues at the Kremlin in Moscow Freedom of Information Privacy & Security External Link Disclaimer Web Policy Contact Us

Culture, Structure and Leadership Impacts on Gender Inclusion in the Security Sector

DTIC Science & Technology

2017-09-01

culture were outcomes of structural reform. A guided evolution in security sector culture occurred following persistent social pressure, compliance...brought about a change in national and organizational culture to address socially complex issues. As the orchestrators of large successful corporate...challenges them (Jolly 2002). In the process, we are influenced and shaped as we interact with local, national and international information. Likewise, we

An Exploration of the Legal and Regulatory Environment of Privacy and Security through Active Research, Guided Study, Blog Creation, and Discussion

ERIC Educational Resources Information Center

Peslak, Alan R.

2010-01-01

One of the most important topics for today's information technology professional is the study of legal and regulatory issues as they relate to privacy and security of personal and business data and identification. This manuscript describes the topics and approach taken by the instructors that focuses on independent research of source documents and…

Nuclear Lessons for Cyber Security

DTIC Science & Technology

2011-01-01

major kinetic violence. In the physical world, governments have a near monopoly on large - scale use of force, the defender has an intimate knowledge of...with this transformative technology. Until now, the issue of cyber security has largely been the domain of computer experts and specialists. When the...with increasing economic returns to scale and political practices that make jurisdictional control difficult. Attacks from the informational realm

Naked on the Information Highway: The 6th Ian P. Sharp Lecture.

ERIC Educational Resources Information Center

Phillips, Bruce

1995-01-01

This lecture by the Privacy Commissioner of Canada addresses issues related to information technology and privacy, including privacy law, government role, surveillance techniques, and security measures to protect the privacy of electronic communications. The text of the question and answer period following the lecture is included. (MES)

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

PubMed

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

6 CFR 27.203 - Calculating the screening threshold quantity by security issue.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Calculating the screening threshold quantity by security issue. 27.203 Section 27.203 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... the screening threshold quantity by security issue. (a) General. In calculating whether a facility...

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Global water risks and national security: Building resilience (Invited)

NASA Astrophysics Data System (ADS)

Pulwarty, R. S.

2013-12-01

The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere, and (3) Identify preventable risks, public leadership and private innovation needed for developing adaptive water resource management institutions that take advantage of climate and hydrologic information and changes. The presentation will conclude with a preliminary framework for assessing and implementing water security measures given insecure conditions introduced by a changing climate and in the context of national security.

A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

PubMed Central

Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

2016-01-01

Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network. PMID:27314351

A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols.

PubMed

Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

2016-06-14

Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

The Media and National Security Decision-Making

DTIC Science & Technology

2004-02-29

2002. Muller, Kerstin, “The CNN effect, media and global governance,” Speech by Minister of State Kerstin Muller to Open the Forum Global Issues on...time to analyze, develop and arrive at a decision is acutely abbreviated. Many factors influence this, and the increasing public awareness on global ... issues , thanks to the abundance of information, makes this a complex task. The attention and support Americans give to an issue is in direct

Using ESB and BPEL for Evolving Healthcare Systems Towards Pervasive, Grid-Enabled SOA

NASA Astrophysics Data System (ADS)

Koufi, V.; Malamateniou, F.; Papakonstantinou, D.; Vassilacopoulos, G.

Healthcare organizations often face the challenge of integrating diverse and geographically disparate information technology systems to respond to changing requirements and to exploit the capabilities of modern technologies. Hence, systems evolution, through modification and extension of the existing information technology infrastructure, becomes a necessity. Moreover, the availability of these systems at the point of care when needed is a vital issue for the quality of healthcare provided to patients. This chapter takes a process perspective of healthcare delivery within and across organizational boundaries and presents a disciplined approach for evolving healthcare systems towards a pervasive, grid-enabled service-oriented architecture using the enterprise system bus middleware technology for resolving integration issues, the business process execution language for supporting collaboration requirements and grid middleware technology for both addressing common SOA scalability requirements and complementing existing system functionality. In such an environment, appropriate security mechanisms must ensure authorized access to integrated healthcare services and data. To this end, a security framework addressing security aspects such as authorization and access control is also presented.

Can GPs working in secure environments in England re-license using the Royal College of General Practitioners revalidation proposals?

PubMed Central

2012-01-01

Background Revalidation for UK doctors is expected to be introduced from late 2012. For general practitioners (GPs), this entails collecting supporting information to be submitted and assessed in a revalidation portfolio every five years. The aim of this study was to explore the feasibility of GPs working in secure environments to collect supporting information for the Royal College of General Practitioners’ (RCGP) proposed revalidation portfolio. Methods We invited GPs working in secure environments in England to submit items of supporting information collected during the previous 12 months using criteria and standards required for the proposed RCGP revalidation portfolio and complete a GP issues log. Initial focus groups and initial and follow-up semi-structured face-to-face and telephone interviews were held to explore GPs’ views of this process. Quantitative and qualitative data were analysed using descriptive statistics and identifying themes respectively. Results Of the 50 GPs who consented to participate in the study, 20 submitted a portfolio. Thirty-eight GPs participated in an initial interview, nine took part in a follow-up interview and 17 completed a GP issues log. GPs reported difficulty in collecting supporting information for valid patient feedback, full-cycle clinical audits and evidence for their extended practice role(s) as sessional practitioners in the high population turnover custodial environment. Peripatetic practitioners experienced more difficulty than their institution based counterparts collating this evidence. Conclusions GPs working in secure environments may experience difficulties in collecting the newer types of supporting information for the proposed RCGP revalidation portfolio primarily due to their employment status within a non-medical environment and characteristics of the detainee population. Increased support from secure environment service commissioners and employers will be a prerequisite for these practitioners to enable them to re-license using the RCGP revalidation proposals. PMID:23253694

Airport detectors and orthopaedic implants.

PubMed

van der Wal, Bart C H; Grimm, Bernd; Heyligers, Ide C

2005-08-01

As a result of the rising threats of terrorism, airport security has become a major issue. Patients with orthopaedic implants are concerned that they may activate alarms at airport security gates. A literature overview showed that the activation rate of the alarm by hand-held detectors is higher than for arch detectors (100% versus 56%). Arch detection rate has significantly increased from 0% before 1995 up to 83.3% after 1994. Reported factors which influence detection rates are implant mass, implant combinations, implant volume, transfer speed, side of implant, detector model, sensitivity settings, material and tissue masking. Detection rate has been improved by more sensitive devices and improved filter software. Doctors should be able to objectively inform patients. A form is presented which will easily inform the airport security staff.

Authenticated multi-user quantum key distribution with single particles

NASA Astrophysics Data System (ADS)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

End-to-End Verification of Information-Flow Security for C and Assembly Programs

DTIC Science & Technology

2016-04-01

seL4 security verification [18] avoids this issue in the same way. In that work, the authors frame their solution as a restriction that disallows...identical: (σ, σ′1) ∈ TM ∧ (σ, σ′2) ∈ TM =⇒ Ol(σ′1) = Ol(σ′2) The successful security verifications of both seL4 and mCertiKOS provide reasonable...evidence that this restriction on specifications is not a major hindrance for usability. Unlike the seL4 verification, however, our framework runs into a

76 FR 78267 - Medicare and Medicaid Programs; Quarterly Listing of Program Issuances-July Through September 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-16

... provisions of the Social Security Act (the Act) and Public Health Service Act. We also issue various manuals..., there is a 3-month lapse between the information available on the Web site and information covered by... notice that provided only Web links to the addenda, or provide this information on a newly- created CMS...

Geovisualization for Smart Video Surveillance

NASA Astrophysics Data System (ADS)

Oves García, R.; Valentín, L.; Serrano, S. A.; Palacios-Alonso, M. A.; Sucar, L. Enrique

2017-09-01

Nowadays with the emergence of smart cities and the creation of new sensors capable to connect to the network, it is not only possible to monitor the entire infrastructure of a city, including roads, bridges, rail/subways, airports, communications, water, power, but also to optimize its resources, plan its preventive maintenance and monitor security aspects while maximizing services for its citizens. In particular, the security aspect is one of the most important issues due to the need to ensure the safety of people. However, if we want to have a good security system, it is necessary to take into account the way that we are going to present the information. In order to show the amount of information generated by sensing devices in real time in an understandable way, several visualization techniques are proposed for both local (involves sensing devices in a separated way) and global visualization (involves sensing devices as a whole). Taking into consideration that the information is produced and transmitted from a geographic location, the integration of a Geographic Information System to manage and visualize the behavior of data becomes very relevant. With the purpose of facilitating the decision-making process in a security system, we have integrated the visualization techniques and the Geographic Information System to produce a smart security system, based on a cloud computing architecture, to show relevant information about a set of monitored areas with video cameras.

75 FR 62718 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-13

...Pursuant to Section 943 of the Dodd-Frank Wall Street Reform and Consumer Protection Act \\1\\ we are proposing rules related to representations and warranties in asset-backed securities offerings. Our proposals would require securitizers of asset-backed securities to disclose fulfilled and unfulfilled repurchase requests across all transactions. Our proposals would also require nationally recognized statistical rating organizations to include information regarding the representations, warranties and enforcement mechanisms available to investors in an asset-backed securities offering in any report accompanying a credit rating issued in connection with such offerings, including a preliminary credit rating. ---------------------------------------------------------------------------

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

DTIC Science & Technology

2005-06-01

as a computer fraud case investigated by the Secret Service. Each case was analyzed from a behavioral and a technical perspective to identify...insider threat and address the issue from an approach that draws on human resources, corporate security, and information security perspectives. The ... Secret Service National Threat Assessment Center and the CERT Coordination Center of Carnegie Mellon University’s Software Engineering Institute joined

Application of DNA Profiling in Resolving Aviation Forensic Toxicology Issues

DTIC Science & Technology

2009-10-01

National Technical Information Service, Springfield, VA 22161 19. Security Classif. (of this report) 20. Security Classif. (of this page) 21 ...J,. Schumm. JW ..Development. of. highly. polymorphic.pentanucleotide.tandem.repeat.loci. with.low.stutter ..Profiles in DNA ..1998;2:3–6 . 21 ... PowerPlex ™ 16 System, Technical Manual No. D012 ..Madison,.WI:.Promega.Cor- poration;. 2000. (Available. at:. www .cstl .nist .gov/ strbase/images

A concurrent resolution expressing the sense of Congress that a commemorative postage stamp should be issued to honor the crew of the USS Mason DE-529 who fought and served during World War II.

THOMAS, 111th Congress

Sen. Burris, Roland [D-IL

2009-07-22

Senate - 09/08/2009 Committee on Homeland Security and Governmental Affairs referred to Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

A concurrent resolution expressing the sense of Congress that a commemorative postage stamp should be issued to honor the crew of the USS Mason DE-529 who fought and served during World War II.

THOMAS, 111th Congress

Sen. Burris, Roland [D-IL

2009-07-21

Senate - 09/08/2009 Committee on Homeland Security and Governmental Affairs referred to Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Digital telephony analysis model and issues

NASA Astrophysics Data System (ADS)

Keuthan, Lynn M.

1995-09-01

Experts in the fields of digital telephony and communications security have stated the need for an analytical tool for evaluating complex issues. Some important policy issues discussed by experts recently include implementing digital wire-taps, implementation of the 'Clipper Chip', required registration of encryption/decryption keys, and export control of cryptographic equipment. Associated with the implementation of these policies are direct costs resulting from implementation, indirect cost benefits from implementation, and indirect costs resulting from the risks of implementation or factors reducing cost benefits. Presented herein is a model for analyzing digital telephony policies and systems and their associated direct costs and indirect benefit and risk factors. In order to present the structure of the model, issues of national importance and business-related issues are discussed. The various factors impacting the implementation of the associated communications systems and communications security are summarized, and various implementation tradeoffs are compared based on economic benefits/impact. The importance of the issues addressed herein, as well as other digital telephony issues, has greatly increased with the enormous increases in communication system connectivity due to the advance of the National Information Infrastructure.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Politic of Security, Privacy and Transparency in Human Learning Systems

ERIC Educational Resources Information Center

Jeghal, Adil; Oughdir, Lahcen; Tairi, Hamid

2016-01-01

The preservation of confidentiality has become a major issue for the majority of applications that process personal information, the sensitivity of this information requires creators to set rules for the sharing and use of access control policies. A great deal of research has already been conducted in educational environments. However, one aspect…

Maritime security report number 3. September 1996 [U.S. Coast Guard issues passenger vessel and terminal security inspection regulations; international perspectives on maritime security; first Inter-American course on port security

DOT National Transportation Integrated Search

1996-09-01

While most issues of the Maritime Security Report deal with the security situation in geographic area, the articles in this issue deal with publications, training courses, and policy developments which contribute to deterring opportunities for crimin...

[The concept and measurement of food security].

PubMed

Kim, Kirang; Kim, Mi Kyung; Shin, Young Jeon

2008-11-01

During the past two decades, food deprivation and hunger have been recognized to be not just the concerns of only underdeveloped or developing countries, but as problems for many affluent Western nations as well. Many countries have made numerous efforts to define and measure the extent of these problems. Based on these efforts, the theory and practice of food security studies has significantly evolved during the last decades. Thus, this study aims to provide a comprehensive review of the concept and measurement of food security. In this review, we introduce the definition and background of food security, we describe the impact of food insecurity on nutrition and health, we provide its measurements and operational instruments and we discuss its applications and implications. Some practical information for the use of the food security index in South Korea is also presented. Food security is an essential element in achieving a good nutritional and health status and it has an influence to reduce poverty. The information about the current understanding of food security can help scientists, policy makers and program practitioners conduct research and maintain outreach programs that address the issues of poverty and the promotion of food security.

What are we assessing when we measure food security? A compendium and review of current metrics.

PubMed

Jones, Andrew D; Ngure, Francis M; Pelto, Gretel; Young, Sera L

2013-09-01

The appropriate measurement of food security is critical for targeting food and economic aid; supporting early famine warning and global monitoring systems; evaluating nutrition, health, and development programs; and informing government policy across many sectors. This important work is complicated by the multiple approaches and tools for assessing food security. In response, we have prepared a compendium and review of food security assessment tools in which we review issues of terminology, measurement, and validation. We begin by describing the evolving definition of food security and use this discussion to frame a review of the current landscape of measurement tools available for assessing food security. We critically assess the purpose/s of these tools, the domains of food security assessed by each, the conceptualizations of food security that underpin each metric, as well as the approaches that have been used to validate these metrics. Specifically, we describe measurement tools that 1) provide national-level estimates of food security, 2) inform global monitoring and early warning systems, 3) assess household food access and acquisition, and 4) measure food consumption and utilization. After describing a number of outstanding measurement challenges that might be addressed in future research, we conclude by offering suggestions to guide the selection of appropriate food security metrics.

What Are We Assessing When We Measure Food Security? A Compendium and Review of Current Metrics12

PubMed Central

Jones, Andrew D.; Ngure, Francis M.; Pelto, Gretel; Young, Sera L.

2013-01-01

The appropriate measurement of food security is critical for targeting food and economic aid; supporting early famine warning and global monitoring systems; evaluating nutrition, health, and development programs; and informing government policy across many sectors. This important work is complicated by the multiple approaches and tools for assessing food security. In response, we have prepared a compendium and review of food security assessment tools in which we review issues of terminology, measurement, and validation. We begin by describing the evolving definition of food security and use this discussion to frame a review of the current landscape of measurement tools available for assessing food security. We critically assess the purpose/s of these tools, the domains of food security assessed by each, the conceptualizations of food security that underpin each metric, as well as the approaches that have been used to validate these metrics. Specifically, we describe measurement tools that 1) provide national-level estimates of food security, 2) inform global monitoring and early warning systems, 3) assess household food access and acquisition, and 4) measure food consumption and utilization. After describing a number of outstanding measurement challenges that might be addressed in future research, we conclude by offering suggestions to guide the selection of appropriate food security metrics. PMID:24038241

Application of Ethics for Providing Telemedicine Services and Information Technology.

PubMed

Langarizadeh, Mostafa; Moghbeli, Fatemeh; Aliabadi, Ali

2017-10-01

Advanced technology has increased the use of telemedicine and Information Technology (IT) in treating or rehabilitating diseases. An increased use of technology increases the importance of the ethical issues involved. The need for keeping patients' information confidential and secure, controlling a number of therapists' inefficiency as well as raising the quality of healthcare services necessitates adequate heed to ethical issues in telemedicine provision. The goal of this review is gathering all articles that are published through 5 years until now (2012-2017) for detecting ethical issues for providing telemedicine services and Information technology. The reason of this time is improvement of telemedicine and technology through these years. This article is important for clinical practice and also to world, because of knowing ethical issues in telemedicine and technology are always important factors for physician and health providers. the required data in this research were derived from published electronic sources and credible academic articles published in such databases as PubMed, Scopus and Science Direct. The following key words were searched for in separation and combination: tele-health, telemedicine, ethical issues in telemedicine. A total of 503 articles were found. After excluding the duplicates (n= 93), the titles and abstracts of 410 articles were skimmed according to the inclusion criteria. Finally, 64 articles remained. They were reviewed in full text and 36 articles were excluded. At the end, 28 articles were chosen which met our eligibility criteria and were included in this study. Ethics has been of a great significance in IT and telemedicine especially the Internet since there are more chances provided for accessing information. It is, however, accompanied by a threat to patients' personal information. Therefore, suggestions are made to investigate ethics in technology, to offer standards and guidelines to therapists. Due to the advancement in technology, access to information has become simpler than the past. This has prompted hackers to seize the opportunity. This research shows that the ethical issues in telemedicine can be investigated from several aspects like technology, doctor-patient relationship, data confidentiality and security, informed consent, patient's and family's satisfaction with telemedicine services. Following ethical issues in telemedicine is a primary aspect of high quality services. In other words, if therapists abide by ethical rules, they can provide better services for patients. Attention to ethical issues in telemedicine guarantees a safer use of the services.

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Booker, Paul M.; Maple, Scott A.

2010-06-08

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a causemore » add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.« less

Delivery Path Length and Holding Tree Minimization Method of Securities Delivery among the Registration Agencies Connected as Non-Tree

NASA Astrophysics Data System (ADS)

Shimamura, Atsushi; Moritsu, Toshiyuki; Someya, Harushi

To dematerialize the securities such as stocks or cooporate bonds, the securities were registered to account in the registration agencies which were connected as tree. This tree structure had the advantage in the management of the securities those were issued large amount and number of brands of securities were limited. But when the securities such as account receivables or advance notes are dematerialized, number of brands of the securities increases extremely. In this case, the management of securities with tree structure becomes very difficult because of the concentration of information to root of the tree. To resolve this problem, using the graph structure is assumed instead of the tree structure. When the securities are kept with tree structure, the delivery path of securities is unique, but when securities are kept with graph structure, path of delivery is not unique. In this report, we describe the requirement of the delivery path of securities, and we describe selecting method of the path.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

PubMed

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Ensuring the security and availability of a hospital wireless LAN system.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-01-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. Herein we discuss security countermeasures that must be taken and issues concerning availability that must be considered to ensure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at a university hospital. Security countermeasures differ according to their purpose, such as preventing illegal use or ensuring availability, both of which are discussed. The main focus of the availability discussion is on signal reach, electromagnetic noise elimination, and maintaining power supply to the network apparatus. It is our hope that this information will assist others in their efforts to ensure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

CSRQ: Communication-Efficient Secure Range Queries in Two-Tiered Sensor Networks

PubMed Central

Dai, Hua; Ye, Qingqun; Yang, Geng; Xu, Jia; He, Ruiliang

2016-01-01

In recent years, we have seen many applications of secure query in two-tiered wireless sensor networks. Storage nodes are responsible for storing data from nearby sensor nodes and answering queries from Sink. It is critical to protect data security from a compromised storage node. In this paper, the Communication-efficient Secure Range Query (CSRQ)—a privacy and integrity preserving range query protocol—is proposed to prevent attackers from gaining information of both data collected by sensor nodes and queries issued by Sink. To preserve privacy and integrity, in addition to employing the encoding mechanisms, a novel data structure called encrypted constraint chain is proposed, which embeds the information of integrity verification. Sink can use this encrypted constraint chain to verify the query result. The performance evaluation shows that CSRQ has lower communication cost than the current range query protocols. PMID:26907293

Network Computing Infrastructure to Share Tools and Data in Global Nuclear Energy Partnership

NASA Astrophysics Data System (ADS)

Kim, Guehee; Suzuki, Yoshio; Teshima, Naoya

CCSE/JAEA (Center for Computational Science and e-Systems/Japan Atomic Energy Agency) integrated a prototype system of a network computing infrastructure for sharing tools and data to support the U.S. and Japan collaboration in GNEP (Global Nuclear Energy Partnership). We focused on three technical issues to apply our information process infrastructure, which are accessibility, security, and usability. In designing the prototype system, we integrated and improved both network and Web technologies. For the accessibility issue, we adopted SSL-VPN (Security Socket Layer-Virtual Private Network) technology for the access beyond firewalls. For the security issue, we developed an authentication gateway based on the PKI (Public Key Infrastructure) authentication mechanism to strengthen the security. Also, we set fine access control policy to shared tools and data and used shared key based encryption method to protect tools and data against leakage to third parties. For the usability issue, we chose Web browsers as user interface and developed Web application to provide functions to support sharing tools and data. By using WebDAV (Web-based Distributed Authoring and Versioning) function, users can manipulate shared tools and data through the Windows-like folder environment. We implemented the prototype system in Grid infrastructure for atomic energy research: AEGIS (Atomic Energy Grid Infrastructure) developed by CCSE/JAEA. The prototype system was applied for the trial use in the first period of GNEP.

Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

DTIC Science & Technology

2016-12-01

at a high cost and is protected by contractual agreements between vendors and the government. Yet indiscriminate labeling of information as...federally funded research and development centers [FFRDCs], information technology [IT] support, or other contractor support). Proprietary...con- tractor originators of the information (prime contractors and subcontractors), the government, and nongovernmental entities assisting the

Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

DTIC Science & Technology

2016-12-19

at a high cost and is protected by contractual agreements between vendors and the government. Yet indiscriminate labeling of information as...federally funded research and development centers [FFRDCs], information technology [IT] support, or other contractor support). Proprietary...con- tractor originators of the information (prime contractors and subcontractors), the government, and nongovernmental entities assisting the

Global food and fibre security threatened by current inefficiencies in fungal identification.

PubMed

Crous, Pedro W; Groenewald, Johannes Z; Slippers, Bernard; Wingfield, Michael J

2016-12-05

Fungal pathogens severely impact global food and fibre crop security. Fungal species that cause plant diseases have mostly been recognized based on their morphology. In general, morphological descriptions remain disconnected from crucially important knowledge such as mating types, host specificity, life cycle stages and population structures. The majority of current fungal species descriptions lack even the most basic genetic data that could address at least some of these issues. Such information is essential for accurate fungal identifications, to link critical metadata and to understand the real and potential impact of fungal pathogens on production and natural ecosystems. Because international trade in plant products and introduction of pathogens to new areas is likely to continue, the manner in which fungal pathogens are identified should urgently be reconsidered. The technologies that would provide appropriate information for biosecurity and quarantine already exist, yet the scientific community and the regulatory authorities are slow to embrace them. International agreements are urgently needed to enforce new guidelines for describing plant pathogenic fungi (including key DNA information), to ensure availability of relevant data and to modernize the phytosanitary systems that must deal with the risks relating to trade-associated plant pathogens.This article is part of the themed issue 'Tackling emerging fungal threats to animal health, food security and ecosystem resilience'. © 2016 The Author(s).

Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider.

PubMed

McGuire, Amy L; Fisher, Rebecca; Cusenza, Paul; Hudson, Kathy; Rothstein, Mark A; McGraw, Deven; Matteson, Stephen; Glaser, John; Henley, Douglas E

2008-07-01

As clinical genetics evolves, and we embark down the path toward more personalized and effective health care, the amount, detail, and complexity of genetic/genomic test information within the electronic health record will increase. This information should be appropriately protected to secure the trust of patients and to support interoperable electronic health information exchange. This article discusses characteristics of genetic/genomic test information, including predictive capability, immutability, and uniqueness, which should be considered when developing policies about information protection. Issues related to "genetic exceptionalism"; i.e., whether genetic/genomic test information should be treated differently from other medical information for purposes of data access and permissible use, are also considered. These discussions can help guide policy that will facilitate the biological and clinical resource development to support the introduction of this information into health care.

76 FR 78327 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-16

... security and law enforcement access issues related to cloud computing, as well as recent private sector.... Visitor's full name. 3. Date of birth. 4. Citizenship. 5. Acceptable forms of identification for entry...

CD-ROM and Metering--An Overview.

ERIC Educational Resources Information Center

Shear, Victor

1992-01-01

Discusses the need for security and metering features for CD-ROM products. Topics covered include user productivity issues, pricing problems, integrated information resources, advantages of CD-ROM distribution systems, unauthorized use, content encryption, and multiple simultaneous meters. (MES)

Emerging issues in transportation information infrastructure security

DOT National Transportation Integrated Search

1996-07-31

On October 26-27, 1995, over two hundred transportation leaders and decision-makers from around the nation convened in Cambridge, Massachusetts to participate in a two day symposium on "Challenges and Opportunities for Global Transportation in the 21...

Examining the Multi-level Fit between Work and Technology in a Secure Messaging Implementation.

PubMed

Ozkaynak, Mustafa; Johnson, Sharon; Shimada, Stephanie; Petrakis, Beth Ann; Tulu, Bengisu; Archambeault, Cliona; Fix, Gemmae; Schwartz, Erin; Woods, Susan

2014-01-01

Secure messaging (SM) allows patients to communicate with their providers for non-urgent health issues. Like other health information technologies, the design and implementation of SM should account for workflow to avoid suboptimal outcomes. SM may present unique workflow challenges because patients add a layer of complexity, as they are also direct users of the system. This study explores SM implementation at two Veterans Health Administration facilities. We interviewed twenty-nine members of eight primary care teams using semi-structured interviews. Questions addressed staff opinions about the integration of SM with daily practice, and team members' attitudes and experiences with SM. We describe the clinical workflow for SM, examining complexity and variability. We identified eight workflow issues directly related to efficiency and patient satisfaction, based on an exploration of the technology fit with multilevel factors. These findings inform organizational interventions that will accommodate SM implementation and lead to more patient-centered care.

Decisional Information System for Safety (D.I.S.S.) Dedicated to the Human Space Exploration Mission

NASA Astrophysics Data System (ADS)

Grès, Stéphane; Guyonnet, Jean-François

2006-06-01

At the heart of the issue of reliable and dependable systems and networks, this paper presents the conception of a Decisional Information System for Security (D.I.S.S.) dedicated to the Human Space Exploration Mission. The objective is to conceive a decisional information system for human long duration space flight (> 1000 days) which is realised in entire autonomy in the solar system. This article describes the importance of the epistemological and ontological context for designing an open, self-learning and reliable system able for self-adapt in dangerous and unforeseen situations. We present in link with our research, the limits of the empirical analytical paradigm and several paths of research lead by the nascent paradigm of enaction. The strong presumption is that the centralised models of security could not be sufficient today to respond and challenge the security of a technical system, which will support human exploration missions.

A secure EHR system based on hybrid clouds.

PubMed

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

NASA Astrophysics Data System (ADS)

Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

Survey of Cyber Crime in Big Data

NASA Astrophysics Data System (ADS)

Rajeswari, C.; Soni, Krishna; Tandon, Rajat

2017-11-01

Big data is like performing computation operations and database operations for large amounts of data, automatically from the data possessor’s business. Since a critical strategic offer of big data access to information from numerous and various areas, security and protection will assume an imperative part in big data research and innovation. The limits of standard IT security practices are notable, with the goal that they can utilize programming sending to utilize programming designers to incorporate pernicious programming in a genuine and developing risk in applications and working frameworks, which are troublesome. The impact gets speedier than big data. In this way, one central issue is that security and protection innovation are sufficient to share controlled affirmation for countless direct get to. For powerful utilization of extensive information, it should be approved to get to the information of that space or whatever other area from a space. For a long time, dependable framework improvement has arranged a rich arrangement of demonstrated ideas of demonstrated security to bargain to a great extent with the decided adversaries, however this procedure has been to a great extent underestimated as “needless excess” and sellers In this discourse, essential talks will be examined for substantial information to exploit this develop security and protection innovation, while the rest of the exploration difficulties will be investigated.

Multiple-Feature Extracting Modules Based Leak Mining System Design

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing. PMID:24453892

Multiple-feature extracting modules based leak mining system design.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing.

Understanding food security issues in remote Western Australian Indigenous communities.

PubMed

Pollard, Christina M; Nyaradi, Anett; Lester, Matthew; Sauer, Kay

2014-08-01

Food insecurity in remote Western Australian (WA) Indigenous communities. This study explored remote community store managers' views on issues related to improving food security in order to inform health policy. A census of all remote WA Indigenous community store managers was conducted in 2010. Telephone interviews sought managers' perceptions of community food insecurity, problems with their store, and potential policy options for improving the supply, accessibility, affordability and consumption of nutritious foods. Descriptive analyses were conducted using SPSS for Windows version 17.0. Managers stated that freight costs and irregular deliveries contributed to high prices and a limited range of foods. Poor store infrastructure, compromised cold chain logistics, and commonly occurring power outages affected food quality. Half of the managers said there was hunger in their community because people did not have enough money to buy food. The role of nutritionists beyond a clinical and educational role was not understood. Food security interventions in remote communities need to take into consideration issues such as freight costs, transport and low demand for nutritious foods. Store managers provide important local knowledge regarding the development and implementation of food security interventions. SO WHAT? Agencies acting to address the issue of food insecurity in remote WA Indigenous communities should heed the advice of community store managers that high food prices, poor quality and limited availability are mainly due to transport inefficiencies and freight costs. Improving healthy food affordability in communities where high unemployment and low household income abound is fundamental to improving food security, yet presents a significant challenge.

Information Sharing from 9-1-1 Centers

DTIC Science & Technology

2014-09-01

Police Chief, 2014, http://www.policechiefmagazine.org/ magazine /index.cfm?fuseaction=display_arch&article_id=1199&issue _id=62007. 2 “9-1-1 History...Homeland Security Magazine ,51 discusses the pros and cons of using social media to 49 Jennifer E...Information Dilemmas in Biotechnology : Organizational Boundaries As Trust Production, NBER WorkingPaper No. 5199, National Bureau of Economic

Securing Valid Information for Evaluation of Job Performance of the University Faculty.

ERIC Educational Resources Information Center

Donavan, Bruce

Approaches to obtaining valid information for evaluating faculty and the issue of alcoholism and job performance are addressed. Among the complications to this undertaking is the existence of an invalid self-perception on the part of faculty that they are not employees of the institution, and a tolerance among faculty for deviance or eccentricity.…

Making Choices in the Virtual World: The New Model at United Technologies Information Network.

ERIC Educational Resources Information Center

Gulliford, Bradley

1998-01-01

Describes changes in services of the United Technologies Corporation Information Network from a traditional library system to a virtual system of World Wide Web sites, a document-delivery unit, telephone and e-mail reference, and desktop technical support to provide remote access. Staff time, security, and licensing issues are addressed.…

75 FR 65437 - Defense Federal Acquisition Regulation Supplement; Defense Cargo Riding Gang Members (DFARS Case...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... Document issued under 46 U.S.C., chapter 73, or a transportation security card issued under section 70105.... Merchant Mariner's Document issued under 46 U.S.C. chapter 73, or a transportation security card issued... Mariner's Document issued under 46 U.S.C. chapter 73, or a transportation security card issued under...

Triple symmetric key cryptosystem for data security

NASA Astrophysics Data System (ADS)

Fuzail, C. Md; Norman, Jasmine; Mangayarkarasi, R.

2017-11-01

As the technology is getting spreads in the macro seconds of speed and in which the trend changing era from human to robotics the security issue is also getting increased. By means of using machine attacks it is very easy to break the cryptosystems in very less amount of time. Cryptosystem is a process which provides the security in all sorts of processes, communications and transactions to be done securely with the help of electronical mechanisms. Data is one such thing with the expanded implication and possible scraps over the collection of data to secure predominance and achievement, Information Security is the process where the information is protected from invalid and unverified accessibilities and data from mishandling. So the idea of Information Security has risen. Symmetric key which is also known as private key.Whereas the private key is mostly used to attain the confidentiality of data. It is a dynamic topic which can be implemented over different applications like android, wireless censor networks, etc. In this paper, a new mathematical manipulation algorithm along with Tea cryptosystem has been implemented and it can be used for the purpose of cryptography. The algorithm which we proposed is straightforward and more powerful and it will authenticate in harder way and also it will be very difficult to break by someone without knowing in depth about its internal mechanisms.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

PubMed

Britton, Katherine E; Britton-Colonnese, Jennifer D

2017-03-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors

PubMed Central

Britton, Katherine E.; Britton-Colonnese, Jennifer D.

2017-01-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients’ expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients’ physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them. PMID:28264188

Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

PubMed

Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

2006-01-01

Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

Using RFID to Enhance Security in Off-Site Data Storage

PubMed Central

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638

Using RFID to enhance security in off-site data storage.

PubMed

Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.

Security challenges in integration of a PHR-S into a standards based national EHR.

PubMed

Mense, Alexander; Hoheiser Pförtner, Franz; Sauermann, Stefan

2014-01-01

Health related data provided by patients themselves is expected to play a major role in future healthcare. Data from personal health devices, vaccination records, health diaries or observations of daily living, for instance, is stored in personal health records (PHR) which are maintained by personal health record systems (PHR-S). Combining this information with medical records provided by healthcare providers in electronic health records (EHR) is one of the next steps towards "personal care". Austria currently sets up a nationwide EHR system that incorporates all healthcare providers and is technically based on international standards (IHE, HL7, OASIS, ...). Looking at the expected potential of merging PHR and EHR data it is worth to analyse integration approaches. Although knowing that an integration requires the coordination of processes, information models and technical architectures, this paper specifically focuses on security issues by evaluating general security requirements for a PHR-S (based on HL7 PHR-S FM), comparing them with the information security specifications for the Austrian's national EHR (based on ISO/IES 27000 series) and identifying the main challenges as well as possible approaches.

The security of patient identifiable information in doctors' homes.

PubMed

McLean, Iain; Anderson, C Mary

2004-08-01

Ethically and legally doctors bear a responsibility to ensure the security of patient identifiable information in their possession. Many doctors, especially those in forensic medicine, hold paper or computerised medical records at home. This survey was conducted to assess the level of security for these records and awareness of the issues. Fifty-six forensic physicians (30 male, 26 female) answered a questionnaire. Eighty-nine percent used a computer to write patient notes and reports, but only 26 of these were on the Data Protection Register, and only 24 password-protected their files. Few doctors took steps to protect data on old computers they had stopped using. Of those responding, 88% held paper records at home but only of these had lockable filing cabinets. Burglar alarms were fitted in 77% of homes, yet 36% of homes had been burgled. No participants had written instructions for disposal of records and reports after their death. Older participants were more likely to have been burgled, yet less likely to have antiviral software than their younger counterparts. Participants expressed the need for information, education and training in data security.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

PubMed Central

Lee, Tian-Fu; Wang, Zeng-Bo

2017-01-01

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions. PMID:29207509

An analysis of patient-provider secure messaging at two Veterans Health Administration medical centers: message content and resolution through secure messaging.

PubMed

Shimada, Stephanie L; Petrakis, Beth Ann; Rothendler, James A; Zirkle, Maryan; Zhao, Shibei; Feng, Hua; Fix, Gemmae M; Ozkaynak, Mustafa; Martin, Tracey; Johnson, Sharon A; Tulu, Bengisu; Gordon, Howard S; Simon, Steven R; Woods, Susan S

2017-09-01

We sought to understand how patients and primary care teams use secure messaging (SM) to communicate with one another by analyzing secure message threads from 2 Department of Veterans Affairs facilities. We coded 1000 threads of SM communication sampled from 40 primary care teams. Most threads (94.5%) were initiated by patients (90.4%) or caregivers (4.1%); only 5.5% were initiated by primary care team members proactively reaching out to patients. Medication renewals and refills (47.2%), scheduling requests (17.6%), medication issues (12.9%), and health issues (12.7%) were the most common patient-initiated requests, followed by referrals (7.0%), administrative issues (6.5%), test results (5.4%), test issues (5.2%), informing messages (4.9%), comments about the patient portal or SM (4.1%), appreciation (3.9%), self-reported data (2.8%), life issues (1.5%), and complaints (1.5%). Very few messages were clinically urgent (0.7%) or contained other potentially challenging content. Message threads were mostly short (2.7 messages), comprising an average of 1.35 discrete content types. A substantial proportion of issues (24.2%) did not show any evidence of being resolved through SM. Time to response and extent of resolution via SM varied by message content. Proactive SM use by teams varied, but was most often for test results (32.7%), medication-related issues (21.8%), medication renewals (16.4%), or scheduling issues (18.2%). The majority of messages were transactional and initiated by patients or caregivers. Not all content categories were fully addressed over SM. Further education and training for both patients and clinical teams could improve the quality and efficiency of SM communication. Published by Oxford University Press on behalf of the American Medical Informatics Association 2017. This work is written by US Government employees and is in the public domain in the United States.

17 CFR 240.3a12-10 - Exemption of certain securities issued by the Resolution Funding Corporation.

Code of Federal Regulations, 2010 CFR

2010-04-01

... securities issued by the Resolution Funding Corporation. 240.3a12-10 Section 240.3a12-10 Commodity and... Exemptions § 240.3a12-10 Exemption of certain securities issued by the Resolution Funding Corporation. Securities that are issued by the Resolution Funding Corporation pursuant to section 21B(f) of the Federal...

Privacy and Security within Biobanking: The Role of Information Technology.

PubMed

Heatherly, Raymond

2016-03-01

Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. © 2016 American Society of Law, Medicine & Ethics.

Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems.

PubMed

Yau, Wei-Chuen; Phan, Raphael C-W

2013-12-01

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

Privacy Perspectives for Online Searchers: Confidentiality with Confidence?

ERIC Educational Resources Information Center

Duberman, Josh; Beaudet, Michael

2000-01-01

Presents issues and questions involved in online privacy from the information professional's perspective. Topics include consumer concerns; query confidentiality; securing computers from intrusion; electronic mail; search engines; patents and intellectual property searches; government's role; Internet service providers; database mining; user…

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2013 CFR

2013-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2012 CFR

2012-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2014 CFR

2014-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2011 CFR

2011-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

Training and information technology issue, 2005

DOE Office of Scientific and Technical Information (OSTI.GOV)

Agnihotri, Newal

The focus of the May-June issue is on training and information technology. Major articles/reports in this issue include: Communicating effectively, by Alain Bucaille, AREVA; Reputation management, by Susan Brisset, Bruce Power; Contol room and HSI modernization guidance, by Joseph Naser, EPRI; How far are we from public acceptance, by Jennifer A. Biedscheid and Murthy Devarakonda, Washington TRU Solutions LLC; Spent fuel management options, by Brent W. Dixon and Steven J. Piet, Idaho National Laboratory; Industry Awards; A secure energy future for America, by George W. Bush, President, United States of America; Vision of the future of nuclear energy, by Annemore » Lauvergeon, AREVA; and, Plant profile: strategy for transition to digital, TXU Power.« less

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

49 CFR 1554.103 - Security Directives.

Code of Federal Regulations, 2014 CFR

2014-10-01

... necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA issues a..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT REPAIR STATION SECURITY Security Measures... each Security Directive TSA issues to the repair station within the time prescribed. Each repair...

Secure environment for real-time tele-collaboration on virtual simulation of radiation treatment planning.

PubMed

Ntasis, Efthymios; Maniatis, Theofanis A; Nikita, Konstantina S

2003-01-01

A secure framework is described for real-time tele-collaboration on Virtual Simulation procedure of Radiation Treatment Planning. An integrated approach is followed clustering the security issues faced by the system into organizational issues, security issues over the LAN and security issues over the LAN-to-LAN connection. The design and the implementation of the security services are performed according to the identified security requirements, along with the need for real time communication between the collaborating health care professionals. A detailed description of the implementation is given, presenting a solution, which can directly be tailored to other tele-collaboration services in the field of health care. The pilot study of the proposed security components proves the feasibility of the secure environment, and the consistency with the high performance demands of the application.

Problems With Deployment of Multi-Domained, Multi-Homed Mobile Networks

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2008-01-01

This document describes numerous problems associated with deployment of multi-homed mobile platforms consisting of multiple networks and traversing large geographical areas. The purpose of this document is to provide insight to real-world deployment issues and provide information to groups that are addressing many issues related to multi-homing, policy-base routing, route optimization and mobile security - particularly those groups within the Internet Engineering Task Force.

What do Canadian seniors say supports their quality of life? Findings from a national participatory research study.

PubMed

Bryant, Toba; Brown, Ivan; Cogan, Tara; Dallaire, Clemence; Laforest, Sophie; McGowan, Patrick; Raphael, Dennis; Richard, Lucie; Thompson, Loraine; Young, Joyce

2004-01-01

A national project investigated seniors' perceptions of the influences upon their quality of life. The seven participating cities were Montreal, Quebec City, Ottawa, Toronto, Regina, Vancouver and Whitehorse. The project focussed on policy decisions affecting the quality of life of seniors. It was a participatory study in which seniors controlled the direction and shape of the project in each city. Focus groups and individual interviews with seniors and stakeholders. Data analysis used qualitative methods to see the world through the eyes of participants. Each project was committed to hearing the voices of seniors and their views on which issues were affecting the quality of their lives. Across the seven cities, seniors highlighted access to information, health care, housing, income security, safety and security, social contacts and networks, and transportation as key issues that affect the quality of life of seniors in Canada. The findings affirm the value of participatory activities that involve seniors working with other sectors as a productive policy-informing approach. The Seniors' Quality of Life projects demonstrate the conceptual power of the determinants of health perspective to understand seniors' quality of life issues. While seniors considered health care to be a continuing concern, they also recognized socio-economic issues as significantly affecting the quality of their lives.

17 CFR 230.488 - Effective date of registration statements relating to securities to be issued in certain business...

Code of Federal Regulations, 2010 CFR

2010-04-01

... statements relating to securities to be issued in certain business combination transactions. 230.488 Section... REGULATIONS, SECURITIES ACT OF 1933 Investment Companies; Business Development Companies § 230.488 Effective date of registration statements relating to securities to be issued in certain business combination...

6 CFR 27.204 - Minimum concentration by security issue.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Minimum concentration by security issue. 27.204 Section 27.204 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.204 Minimum concentration by...

A Novel Texture-Quantization-Based Reversible Multiple Watermarking Scheme Applied to Health Information System.

PubMed

Turuk, Mousami; Dhande, Ashwin

2018-04-01

The recent innovations in information and communication technologies have appreciably changed the panorama of health information system (HIS). These advances provide new means to process, handle, and share medical images and also augment the medical image security issues in terms of confidentiality, reliability, and integrity. Digital watermarking has emerged as new era that offers acceptable solutions to the security issues in HIS. Texture is a significant feature to detect the embedding sites in an image, which further leads to substantial improvement in the robustness. However, considering the perspective of digital watermarking, this feature has received meager attention in the reported literature. This paper exploits the texture property of an image and presents a novel hybrid texture-quantization-based approach for reversible multiple watermarking. The watermarked image quality has been accessed by peak signal to noise ratio (PSNR), structural similarity measure (SSIM), and universal image quality index (UIQI), and the obtained results are superior to the state-of-the-art methods. The algorithm has been evaluated on a variety of medical imaging modalities (CT, MRA, MRI, US) and robustness has been verified, considering various image processing attacks including JPEG compression. The proposed scheme offers additional security using repetitive embedding of BCH encoded watermarks and ADM encrypted ECG signal. Experimental results achieved a maximum of 22,616 bits hiding capacity with PSNR of 53.64 dB.

Managing security and privacy concerns over data storage in healthcare research.

PubMed

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

6 CFR 13.6 - Prerequisites for issuing a Complaint.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Prerequisites for issuing a Complaint. 13.6 Section 13.6 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.6 Prerequisites for issuing a Complaint. (a) The Reviewing Official may issue a...

Security protection of DICOM medical images using dual-layer reversible watermarking with tamper detection capability.

PubMed

Tan, Chun Kiat; Ng, Jason Changwei; Xu, Xiaotian; Poh, Chueh Loo; Guan, Yong Liang; Sheah, Kenneth

2011-06-01

Teleradiology applications and universal availability of patient records using web-based technology are rapidly gaining importance. Consequently, digital medical image security has become an important issue when images and their pertinent patient information are transmitted across public networks, such as the Internet. Health mandates such as the Health Insurance Portability and Accountability Act require healthcare providers to adhere to security measures in order to protect sensitive patient information. This paper presents a fully reversible, dual-layer watermarking scheme with tamper detection capability for medical images. The scheme utilizes concepts of public-key cryptography and reversible data-hiding technique. The scheme was tested using medical images in DICOM format. The results show that the scheme is able to ensure image authenticity and integrity, and to locate tampered regions in the images.

Linking Research to Practice: FEWS NET and Its Use of Satellite Remote Sensing Data

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Brickley, Elizabeth B.

2011-01-01

The purpose of the Famine Early Warning Systems Network (FEWS NET) is to collaborate with international, regional and national partners to provide timely and rigorous early warning and vulnerability information on emerging and evolving food security issues

Strategic Choices for Data Communications Systems.

ERIC Educational Resources Information Center

Arns, Robert G.; Urban, Patricia A.

1984-01-01

Issues in determining how to develop a data communications system at colleges and universities are discussed including; technical requirements; cost; implications for coordination and (de)centralization of hardware/software; deciding when to create a data network; data security, information integrity, and organizational development. (Author/MLW)

Modeling and Simulation Environment for Critical Infrastructure Protection

DTIC Science & Technology

2006-06-20

address at the triennial International Symposium on Mathematical Programming, held in Copenhagen, Denmark in August 2003. Finally, in very recent work... Teleworking - The human and organizational issues of computer and information security. Paper presented at the 11th Annual Conference on Human

Application of Ethics for Providing Telemedicine Services and Information Technology

PubMed Central

Langarizadeh, Mostafa; Moghbeli, Fatemeh; Aliabadi, Ali

2017-01-01

Introduction: Advanced technology has increased the use of telemedicine and Information Technology (IT) in treating or rehabilitating diseases. An increased use of technology increases the importance of the ethical issues involved. The need for keeping patients’ information confidential and secure, controlling a number of therapists’ inefficiency as well as raising the quality of healthcare services necessitates adequate heed to ethical issues in telemedicine provision. Aim: The goal of this review is gathering all articles that are published through 5 years until now (2012-2017) for detecting ethical issues for providing telemedicine services and Information technology. The reason of this time is improvement of telemedicine and technology through these years. This article is important for clinical practice and also to world, because of knowing ethical issues in telemedicine and technology are always important factors for physician and health providers. Material and methods: the required data in this research were derived from published electronic sources and credible academic articles published in such databases as PubMed, Scopus and Science Direct. The following key words were searched for in separation and combination: tele-health, telemedicine, ethical issues in telemedicine. A total of 503 articles were found. After excluding the duplicates (n= 93), the titles and abstracts of 410 articles were skimmed according to the inclusion criteria. Finally, 64 articles remained. They were reviewed in full text and 36 articles were excluded. At the end, 28 articles were chosen which met our eligibility criteria and were included in this study. Results: Ethics has been of a great significance in IT and telemedicine especially the Internet since there are more chances provided for accessing information. It is, however, accompanied by a threat to patients’ personal information. Therefore, suggestions are made to investigate ethics in technology, to offer standards and guidelines to therapists. Due to the advancement in technology, access to information has become simpler than the past. This has prompted hackers to seize the opportunity. Discussion: This research shows that the ethical issues in telemedicine can be investigated from several aspects like technology, doctor-patient relationship, data confidentiality and security, informed consent, patient’s and family’s satisfaction with telemedicine services. Following ethical issues in telemedicine is a primary aspect of high quality services. In other words, if therapists abide by ethical rules, they can provide better services for patients. Attention to ethical issues in telemedicine guarantees a safer use of the services. PMID:29284905

Changing Homeland Security: The Year in Review - 2008

DTIC Science & Technology

2009-01-01

new opportunities for terrorist safe havens. The specter of homegrown terrorism has not abated. Naturalized citizens of Somali descent traveled to...34 • The Nature of Homeland Security: Now a Second Tier Policy Issue? • Organizing for Homeland Security: Possible Futures, Emerging Issues • The...emerging definitions of the homeland security mission space in 2009. The Nature of Homeland Security: Now a Second Tier Policy Issue? Has the bar

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

31 CFR 356.4 - What are the book-entry systems in which auctioned Treasury securities may be issued?

Code of Federal Regulations, 2010 CFR

2010-07-01

... in which auctioned Treasury securities may be issued? There are three book-entry securities systems... marketable Treasury securities. We maintain and transfer securities in these three book-entry systems at... inflation. Securities may be transferred from one system to the other, unless the securities are not...

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Information storage for health-care providers: it's not as simple as it seems.

PubMed

Hanauer, David

2004-01-01

As medical practices migrate from paper to computers for record keeping, new issues surrounding the safe storage of such data are arising. These range from choosing an electronic storage format to ensuring that any electronic information stored today will be available and readable years into the future. Privacy and security issues also continue to be important, especially since the HIPAA regulations were instituted. With the rapid advances in technology, finding the right solution may be like trying to hit a moving target, yet some basic principles, outlined in this article, should make this difficult task easier.

Optimized ECC Implementation for Secure Communication between Heterogeneous IoT Devices.

PubMed

Marin, Leandro; Pawlowski, Marcin Piotr; Jara, Antonio

2015-08-28

The Internet of Things is integrating information systems, places, users and billions of constrained devices into one global network. This network requires secure and private means of communications. The building blocks of the Internet of Things are devices manufactured by various producers and are designed to fulfil different needs. There would be no common hardware platform that could be applied in every scenario. In such a heterogeneous environment, there is a strong need for the optimization of interoperable security. We present optimized elliptic curve Cryptography algorithms that address the security issues in the heterogeneous IoT networks. We have combined cryptographic algorithms for the NXP/Jennic 5148- and MSP430-based IoT devices and used them to created novel key negotiation protocol.

The Design and Implementation of a Low Cost and High Security Smart Home System Based on Wi-Fi and SSL Technologies

NASA Astrophysics Data System (ADS)

Xu, Chong-Yao; Zheng, Xin; Xiong, Xiao-Ming

2017-02-01

With the development of Internet of Things (IoT) and the popularity of intelligent mobile terminals, smart home system has come into people’s vision. However, due to the high cost, complex installation and inconvenience, as well as network security issues, smart home system has not been popularized. In this paper, combined with Wi-Fi technology, Android system, cloud server and SSL security protocol, a new set of smart home system is designed, with low cost, easy operation, high security and stability. The system consists of Wi-Fi smart node (WSN), Android client and cloud server. In order to reduce system cost and complexity of the installation, each Wi-Fi transceiver, appliance control logic and data conversion in the WSN is setup by a single chip. In addition, all the data of the WSN can be uploaded to the server through the home router, without having to transit through the gateway. All the appliance status information and environmental information are preserved in the cloud server. Furthermore, to ensure the security of information, the Secure Sockets Layer (SSL) protocol is used in the WSN communication with the server. What’s more, to improve the comfort and simplify the operation, Android client is designed with room pattern to control home appliances more realistic, and more convenient.

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation

PubMed Central

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains. PMID:22164064

Common criteria related security design patterns for intelligent sensors--knowledge engineering-based implementation.

PubMed

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains.

77 FR 72278 - Sale and Issue of Marketable Book-Entry Treasury Bills, Notes, and Bonds

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-05

... whether it would be more important to issue a new floating rate security each month. Maturities: We intend.... SUMMARY: The Department of the Treasury (``Treasury'') intends to issue a new type of marketable security... security. We also invite other comments relevant to the issuance of this new security. DATES: Submit...

Musings on privacy issues in health research involving disaggregate geographic data about individuals.

PubMed

Boulos, Maged N Kamel; Curtis, Andrew J; Abdelmalik, Philip

2009-07-20

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

Musings on privacy issues in health research involving disaggregate geographic data about individuals

PubMed Central

Boulos, Maged N Kamel; Curtis, Andrew J; AbdelMalik, Philip

2009-01-01

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case. PMID:19619311

Afghanistan: Post-Taliban Governance, Security, and U.S. Policy

DTIC Science & Technology

2014-12-02

collection of information is estimated to average 1 hour per response, including the time for reviewing instructions , searching existing data sources...notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a ...to operate informally .9 In March 2001, Administration officials received a Taliban envoy to discuss bilateral issues. In one significant departure

Secure real-time wireless video streaming in the aeronautical telecommunications network

NASA Astrophysics Data System (ADS)

Czernik, Pawel; Olszyna, Jakub

2010-09-01

As Air Traffic Control Systems move from a voice only environment to one in which clearances are issued via data link, there is a risk that an unauthorized entity may attempt to masquerade as either the pilot or controller. In order to protect against this and related attacks, air-ground communications must be secured. The challenge is to add security in an environment in which bandwidth is limited. The Aeronautical Telecommunications Network (ATN) is an enabling digital network communications technology that addresses capacity and efficiency issues associated with current aeronautical voice communication systems. Equally important, the ATN facilitates migration to free flight, where direct computer-to-computer communication will automate air traffic management, minimize controller and pilot workload, and improve overall aircraft routing efficiency. Protecting ATN communications is critical since safety-of-flight is seriously affected if an unauthorized entity, a hacker for example, is able to penetrate an otherwise reliable communications system and accidentally or maliciously introduce erroneous information that jeopardizes the overall safety and integrity of a given airspace. However, an ATN security implementation must address the challenges associated with aircraft mobility, limited bandwidth communication channels, and uninterrupted operation across organizational and geopolitical boundaries. This paper provides a brief overview of the ATN, the ATN security concept, and begins a basic introduction to the relevant security concepts of security threats, security services and security mechanisms. Security mechanisms are further examined by presenting the fundamental building blocks of symmetric encipherment, asymmetric encipherment, and hash functions. The second part of this paper presents the project of cryptographiclly secure wireless communication between Unmanned Aerial Vehicles (UAV) and the ground station in the ATM system, based on the ARM9 processor development kid and Embedded Linux operation system.

17 CFR 250.52 - Exemption of issue and sale of certain securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... business of the subsidiary company; and (2) The interest rates and maturity dates of any debt security... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Exemption of issue and sale of certain securities. 250.52 Section 250.52 Commodity and Securities Exchanges SECURITIES AND EXCHANGE...

Notification: Follow-Up on Significant Information Technology Security Findings and Recommendations

EPA Pesticide Factsheets

Project #OA-FY14-0056, January 17, 2014. The EPA OIG plans to begin preliminary research to follow up on recommendations issued in its final reports between specific fiscal years, and reports associated with the FY 2013 OIG Management Challenges memo.

75 FR 60457 - Sunshine Act Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-30

... EXPORT-IMPORT BANK OF THE UNITED STATES Sunshine Act Meeting ACTION: Notice of a Partially Open... Avenue, NW., Washington, DC 20571. Open Agenda Item: PEFCO Secured Note Issues Resolutions. Public Participation: The meeting will be open to public participation for Item No. 1 only. Further Information: For...

75 FR 27028 - Joint CFTC-SEC Advisory Committee on Emerging Regulatory Issues

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-13

... SECURITIES AND EXCHANGE COMMISSION [Release No. 33-9123; File No. 265-26] COMMODITY FUTURES... Exchange Commission (``SEC'') and Commodity Futures Trading Commission (``CFTC'') (each, an ``Agency,'' and... submit only information that you wish to make available publicly. Commodity Futures Trading Commission...

Collective Security in Europe and Asia

DTIC Science & Technology

1992-03-02

Minister Hisashi Owada carried by Kyodo, November 18, 1991, in Foreign Broadcast Information Service, (FBIS), Daily Report-East Asia, November 18, 1991...Report-Soviet Union, December 5, 1991, p. 54. For a Japanese view, see Hiroshi Kimura , "Gorbachev’s Japan Policy: The Northern Territories Issue

75 FR 10414 - Researcher Identification Card

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... capturing administrative information on the characteristics of our users. Other forms of identification are... use bar-codes on researcher identification cards in the Washington, DC, area. The plastic cards we... plastic researcher identification cards as part of their security systems, we issue a plastic card to...

6 CFR 27.204 - Minimum concentration by security issue.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Section 27.204 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.204 Minimum concentration by security issue. (a) Release Chemicals—(1) Release-Toxic Chemicals. If a release-toxic chemical of interest...

Atomic papers: a citizen's guide to selected books and articles on the bomb, the arms race, nuclear power, the peace movement, and related issues

DOE Office of Scientific and Technical Information (OSTI.GOV)

Burns, G.

This bibliography, updated from an earlier 1947 printing, is divided into 18 separate areas. It will allow the reader to identify books and recent journal and magazine articles on the panoply of nuclear issues. It assumed that better information enables more-effective involvement in the effort to secure real peace, and not the dubious peace achieved through nuclear terror.

Federal Agency and Federal Library Reports: Library of Congress; Center for the Book; Federal Library and Information Center Committee; National Agricultural Library; National Library of Medicine; United States Government Printing Office; National Technical Information Service; National Archives and Records Administration; National Center for Education Statistics Library Statistics Program; National Commission on Libraries and Information Science; National Library of Education; Educational Resources Information Center.

ERIC Educational Resources Information Center

Fischer, Audrey; Cole, John Y.; Tarr, Susan M.; Carey, Len; Mehnert, Robert; Sherman, Andrew M.; Davis, Linda; Leahy, Debra W.; Chute, Adrienne; Willard, Robert S.; Dunn, Christina

2003-01-01

Includes annual reports from 12 federal agencies and libraries that discuss security, budgets, legislation, digital projects, preservation, government role, information management, personnel changes, collections, databases, financial issues, services, administration, Web sites, access to information, customer service, statistics, international…

A survey of visualization systems for network security.

PubMed

Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A

2012-08-01

Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.

New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

PubMed Central

Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

2009-01-01

The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

The Effect of Electronic Devices Self-Efficacy, Electronic Devices Usage and Information Security Awareness on Identity-Theft Anxiety Level

ERIC Educational Resources Information Center

Sanga, Sushma

2016-01-01

Identity-theft means stealing someone's personal information and using it without his or her permission. Each year, millions of Americans are becoming the victims of identity-theft, and this is one of the seriously growing and widespread issues in the U.S. This study examines the effect of electronic devices self-efficacy, electronic devices…

Satellite Surveillance: Domestic Issues

DTIC Science & Technology

2008-03-21

permit the gathering of accurate information on capabilities of potential enemies without entailing the risks of manned overflights or of covert agents ...local, and tribal law enforcement agencies serving as the executive agent of what it termed a new Domestic Applications Office (DAO). This recommendation...maintaining geospatial information to support homeland security. In May 2007, the DNI designated DHS as the executive agent and CRS-8 18 Department

Tort Suits Against Federal Contractors: An Overview of the Legal Issues

DTIC Science & Technology

2011-04-07

which has subsets of its own, such as negligent misrepresentation and the doctrine of “informed consent” in medical malpractice . Broadly speaking...for failure to perform). There is also a possibility that the government could assert the state secrets privilege, thereby effectively preventing the...see CRS Report R41741, The State Secrets Privilege: Preventing the Disclosure of Sensitive National Security Information During Civil Litigation

Enhancing FBI Terrorism and Homeland Security Information Sharing With State, Local and Tribal Agencies

DTIC Science & Technology

2010-09-01

the proposed NSI implementation (PM-ISE, 2008). The ISE reported, in October 2009, that the Los Angeles Police Department ( LAPD ) ISE...position of the Department of Defense or the U.S. Government. IRB Protocol number ________________. 12a. DISTRIBUTION / AVAILABILITY STATEMENT...critical, priority issue for all levels of government. The consensus of all three categories of literature was that government information sharing

Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

PubMed

Namoğlu, Nihan; Ulgen, Yekta

2013-01-01

Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

Security on Cloud Revocation Authority using Identity Based Encryption

NASA Astrophysics Data System (ADS)

Rajaprabha, M. N.

2017-11-01

As due to the era of cloud computing most of the people are saving there documents, files and other things on cloud spaces. Due to this security over the cloud is also important because all the confidential things are there on the cloud. So to overcome private key infrastructure (PKI) issues some revocable Identity Based Encryption (IBE) techniques are introduced which eliminates the demand of PKI. The technique introduced is key update cloud service provider which is having two issues in it and they are computation and communication cost is high and second one is scalability issue. So to overcome this problem we come along with the system in which the Cloud Revocation Authority (CRA) is there for the security which will only hold the secret key for each user. And the secret key was send with the help of advanced encryption standard security. The key is encrypted and send to the CRA for giving the authentication to the person who wants to share the data or files or for the communication purpose. Through that key only the other user will able to access that file and if the user apply some invalid key on the particular file than the information of that user and file is send to the administrator and administrator is having rights to block that person of black list that person to use the system services.

An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System).

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Kuwata, Shigeki; Nakano, Hirohiko; Shanmai, Ji; Qiyan, Zhang; Yufen, Chen; Kusuoka, Hideo; Matsuoka, Masaki

2004-03-31

To enhance medical cooperation between the hospitals and clinics around Osaka local area, the healthcare network system, named Osaka Community Healthcare Information System (OCHIS), was established with support of a supplementary budget from the Japanese government in fiscal year 2002. Although the system has been based on healthcare public key infrastructure (PKI), there remain security issues to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority in contract with the Japanese Medical Information Systems Organization (MEDIS) in 2003. This paper describes the experimental design and the results of the study concerning message security.

6 CFR 27.203 - Calculating the screening threshold quantity by security issue.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Calculating the screening threshold quantity by security issue. 27.203 Section 27.203 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.203 Calculating the screening threshold quantity by...

6 CFR 27.203 - Calculating the screening threshold quantity by security issue.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Calculating the screening threshold quantity by security issue. 27.203 Section 27.203 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.203 Calculating the screening threshold quantity by...

6 CFR 27.203 - Calculating the screening threshold quantity by security issue.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Calculating the screening threshold quantity by security issue. 27.203 Section 27.203 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.203 Calculating the screening threshold quantity by...

6 CFR 27.203 - Calculating the screening threshold quantity by security issue.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Calculating the screening threshold quantity by security issue. 27.203 Section 27.203 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.203 Calculating the screening threshold quantity by...

17 CFR 270.2a-7 - Money market funds.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Security) issued by a Special Purpose Entity (as defined in this paragraph), substantially all of the...) Conduit security means a security issued by a Municipal Issuer (as defined in this paragraph) involving an..., which arrangement or agreement provides for or secures repayment of the security. Municipal issuer means...

17 CFR 270.2a-7 - Money market funds.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Security) issued by a Special Purpose Entity (as defined in this paragraph), substantially all of the...) Conduit security means a security issued by a Municipal Issuer (as defined in this paragraph) involving an..., which arrangement or agreement provides for or secures repayment of the security. Municipal issuer means...

17 CFR 270.2a-7 - Money market funds.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Security) issued by a Special Purpose Entity (as defined in this paragraph), substantially all of the...) Conduit Security means a security issued by a Municipal Issuer (as defined in this paragraph) involving an..., which arrangement or agreement provides for or secures repayment of the security. Municipal Issuer means...

17 CFR 270.2a-7 - Money market funds.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Security) issued by a Special Purpose Entity (as defined in this paragraph), substantially all of the...) Conduit security means a security issued by a Municipal Issuer (as defined in this paragraph) involving an..., which arrangement or agreement provides for or secures repayment of the security. Municipal issuer means...

17 CFR 450.4 - Custodial holdings of government securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... appropriate regulatory agency that expressly govern securities lending practices. (b)(1) Except as otherwise... security (or the amount of each issue of a government security issued in book-entry form) held for the.... (d) Counts of government securities held for customers in both definitive and book-entry form shall...

Brainjacking: Implant Security Issues in Invasive Neuromodulation.

PubMed

Pycroft, Laurie; Boccard, Sandra G; Owen, Sarah L F; Stein, John F; Fitzgerald, James J; Green, Alexander L; Aziz, Tipu Z

2016-08-01

The security of medical devices is critical to good patient care, especially when the devices are implanted. In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack. The ability of attackers to exert malicious control over brain implants ("brainjacking") has unique challenges that we address in this review, with particular focus on deep brain stimulation implants. To illustrate the potential severity of this risk, we identify several mechanisms through which attackers could manipulate patients if unauthorized access to an implant can be achieved. These include blind attacks in which the attacker requires no patient-specific knowledge and targeted attacks that require patient-specific information. Blind attacks include cessation of stimulation, draining implant batteries, inducing tissue damage, and information theft. Targeted attacks include impairment of motor function, alteration of impulse control, modification of emotions or affect, induction of pain, and modulation of the reward system. We also discuss the limitations inherent in designing implants and the trade-offs that must be made to balance device security with battery life and practicality. We conclude that researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking. Copyright © 2016 Elsevier Inc. All rights reserved.

State-of-the-art in biosafety and biosecurity in European countries.

PubMed

Bielecka, Anna; Mohammadi, Ali Akbar

2014-06-01

The terms biosafety and biosecurity are widely used in different concepts and refer not only to protection of human beings and their surrounding environment against hazardous biological agent, but also to global disarmament of weapons of mass destruction. As a result, the biosafety and biosecurity issues should be considered interdisciplinary based on multilateral agreements against proliferation of biological weapons, public health and environmental protection. This publication presents information on both, international and national biosafety and biosecurity legislation. Status of national implementation of the Biological and Toxin Weapons Convention, penalization issues and measures to account for and secure production, use, storage of particularly dangerous pathogens or activities involving humans, plants and animals where infection may pose a risk have been analyzed. Safety and security measures in laboratories have been studied. Moreover, dual-use technology and measures of secure transport of biohazard materials have been also taken into account. In addition, genetic engineering regulations, biosecurity activities in laboratories and code of conducts have been investigated, as well.

Privacy Is Become with, Data Perturbation

NASA Astrophysics Data System (ADS)

Singh, Er. Niranjan; Singhai, Niky

2011-06-01

Privacy is becoming an increasingly important issue in many data mining applications that deal with health care, security, finance, behavior and other types of sensitive data. Is particularly becoming important in counterterrorism and homeland security-related applications. We touch upon several techniques of masking the data, namely random distortion, including the uniform and Gaussian noise, applied to the data in order to protect it. These perturbation schemes are equivalent to additive perturbation after the logarithmic Transformation. Due to the large volume of research in deriving private information from the additive noise perturbed data, the security of these perturbation schemes is questionable Many artificial intelligence and statistical methods exist for data analysis interpretation, Identifying and measuring the interestingness of patterns and rules discovered, or to be discovered is essential for the evaluation of the mined knowledge and the KDD process as a whole. While some concrete measurements exist, assessing the interestingness of discovered knowledge is still an important research issue. As the tool for the algorithm implementations we chose the language of choice in industrial world MATLAB.

76 FR 34658 - The Internet Assigned Numbers Authority (IANA) Functions

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... raised concerns that short-term contracts create instability in the IANA functions process and would... political sustainability of an Internet that supports the free flow of information, goods, and services... account security and stability issues. Commenters were divided on whether the IANA functions should be...

45 CFR 5.51 - Records available.

Code of Federal Regulations, 2013 CFR

2013-10-01

... of Finding issued by the Office for Civil Rights in civil rights complaints, and Social Security... 45 Public Welfare 1 2013-10-01 2013-10-01 false Records available. 5.51 Section 5.51 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION FREEDOM OF INFORMATION REGULATIONS...

45 CFR 5.51 - Records available.

Code of Federal Regulations, 2012 CFR

2012-10-01

... of Finding issued by the Office for Civil Rights in civil rights complaints, and Social Security... 45 Public Welfare 1 2012-10-01 2012-10-01 false Records available. 5.51 Section 5.51 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION FREEDOM OF INFORMATION REGULATIONS...

32 CFR 2700.22 - Classification guides.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Classification guides. 2700.22 Section 2700.22... SECURITY INFORMATION REGULATIONS Derivative Classification § 2700.22 Classification guides. OMSN shall issue classification guides pursuant to section 2-2 of E.O. 12065. These guides, which shall be used to...

32 CFR 2700.22 - Classification guides.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Classification guides. 2700.22 Section 2700.22... SECURITY INFORMATION REGULATIONS Derivative Classification § 2700.22 Classification guides. OMSN shall issue classification guides pursuant to section 2-2 of E.O. 12065. These guides, which shall be used to...

32 CFR 2700.22 - Classification guides.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Classification guides. 2700.22 Section 2700.22... SECURITY INFORMATION REGULATIONS Derivative Classification § 2700.22 Classification guides. OMSN shall issue classification guides pursuant to section 2-2 of E.O. 12065. These guides, which shall be used to...

User Authentication and Authorization Challenges in a Networked Library Environment.

ERIC Educational Resources Information Center

Machovec, George S.

1997-01-01

Discusses computer user authentication and authorization issues when libraries need to let valid users access databases and information services without making the process too difficult for either party. Common solutions are explained, including filtering, passwords, and kerberos (cryptographic authentication scheme for secure use over public…

75 FR 18246 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-09

... be issued in connection with employee benefit plans. We estimate that Form S-8 takes approximately 24... techniques or other forms of information technology. Consideration will be given to comments and suggestions... Boucher, Director/ CIO, Securities and Exchange Commission, C/O Shirley Martinson, 6432 General Green Way...

32 CFR 2700.22 - Classification guides.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Classification guides. 2700.22 Section 2700.22... SECURITY INFORMATION REGULATIONS Derivative Classification § 2700.22 Classification guides. OMSN shall issue classification guides pursuant to section 2-2 of E.O. 12065. These guides, which shall be used to...

Testing Integrity Symposium: Issues and Recommendations for Best Practice

ERIC Educational Resources Information Center

National Center for Education Statistics, 2013

2013-01-01

Educators, parents, and the public depend on accurate, valid, reliable, and timely information about student academic performance. Testing irregularities--breaches of test security or improper administration of academic testing--undermine efforts to use those data to improve student achievement. Unfortunately, there have been high-profile and…

75 FR 19952 - Proposed Agency Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-16

..., expenditures, and results, to ensure that program funds are being used appropriately, effectively and expeditiously (especially important for Recovery Act funds); (5) Annual Estimated Number of Respondents: 56; (6... Independence and Security Act (EISA), Pub. L. 110-140. Issued in Washington, DC, on April 12, 2010. Johanna...

A Secure Architecture to Provide a Medical Emergency Dataset for Patients in Germany and Abroad.

PubMed

Storck, Michael; Wohlmann, Jan; Krudwig, Sarah; Vogel, Alexander; Born, Judith; Weber, Thomas; Dugas, Martin; Juhra, Christian

2017-01-01

The ongoing fragmentation of medical care and mobility of patients severely restrains exchange of lifesaving information about patient's medical history in case of emergencies. Therefore, the objective of this work is to offer a secure technical solution to supply medical professionals with emergency-relevant information concerning the current patient via mobile accessibility. To achieve this goal, the official national emergency data set was extended by additional features to form a patient summary for emergencies, a software architecture was developed and data security and data protection issues were taken into account. The patient has sovereignty over his/her data and can therefore decide who has access to or can change his/her stored data, but the treating physician composes the validated dataset. Building upon the introduced concept, future activities are the development of user-interfaces for the software components of the different user groups as well as functioning prototypes for upcoming field tests.

DOE's Computer Incident Advisory Capability (CIAC)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schultz, E.

1990-09-01

Computer security is essential in maintaining quality in the computing environment. Computer security incidents, however, are becoming more sophisticated. The DOE Computer Incident Advisory Capability (CIAC) team was formed primarily to assist DOE sites in responding to computer security incidents. Among CIAC's other responsibilities are gathering and distributing information to DOE sites, providing training workshops, coordinating with other agencies, response teams, and vendors, creating guidelines for incident handling, and developing software tools. CIAC has already provided considerable assistance to DOE sites faced with virus infections and worm and hacker attacks, has issued over 40 information bulletins, and has developed andmore » presented a workshop on incident handling. CIAC's experience in helping sites has produced several lessons learned, including the need to follow effective procedures to avoid virus infections in small systems and the need for sound password management and system administration in networked systems. CIAC's activity and scope will expand in the future. 4 refs.« less

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

Protection of electronic health records (EHRs) in cloud.

PubMed

Alabdulatif, Abdulatif; Khalil, Ibrahim; Mai, Vu

2013-01-01

EHR technology has come into widespread use and has attracted attention in healthcare institutions as well as in research. Cloud services are used to build efficient EHR systems and obtain the greatest benefits of EHR implementation. Many issues relating to building an ideal EHR system in the cloud, especially the tradeoff between flexibility and security, have recently surfaced. The privacy of patient records in cloud platforms is still a point of contention. In this research, we are going to improve the management of access control by restricting participants' access through the use of distinct encrypted parameters for each participant in the cloud-based database. Also, we implement and improve an existing secure index search algorithm to enhance the efficiency of information control and flow through a cloud-based EHR system. At the final stage, we contribute to the design of reliable, flexible and secure access control, enabling quick access to EHR information.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

Issues in protection of human subjects in internet research.

PubMed

Im, Eun-Ok; Chee, Wonshik

2002-01-01

Despite the increasing use of the Internet among nurses, the use of the Internet in nursing research has been rarely discussed and critiqued in terms of issues in protection of human subjects. In this article, issues in protection of human subjects in Internet research are explored by analyzing an Internet study to propose directions for human protection in Internet research. Issues raised through the study include those related to (a) anonymity and confidentiality, (b) security, (c) self-determination and authenticity, (d) full disclosure, and (e) fair treatment. Based on discussion of the five issues, development of standardized guidelines, investigator triangulation, and information sharing are proposed as directions for protection of human subjects in Internet research.

17 CFR 270.12d3-1 - Exemption of acquisitions of securities issued by persons engaged in securities related businesses.

Code of Federal Regulations, 2010 CFR

2010-04-01

... securities issued by persons engaged in securities related businesses. 270.12d3-1 Section 270.12d3-1... in securities related businesses. (a) Notwithstanding section 12(d)(3) of the Act, a registered... securities related business, the determination required by paragraph (b) of this section shall be made as...

Security issues in healthcare applications using wireless medical sensor networks: a survey.

PubMed

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

PubMed Central

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs. PMID:22368458

Identification d'indicateurs de risque des populations victimes de conflits par imagerie satellitaire. Etude de cas: Le nord de l'Irak

NASA Astrophysics Data System (ADS)

Mubareka, Sarah Betoul

Remote sensing and security, terms which are not usually associated, have found a common platform this decade with the conjuring of the GMOSS network (Global Monitoring for Security and Stability), whose mandate is to discover new applications for satellite-derived imagery to security issues. This study focuses on human security, concentrating on the characterisation of vulnerable areas to conflict. A time-series of satellite imagery taken from Landsat sensors from 1987 to 2001 and the SRTM mission imagery are used for this purpose over a site in northern Iraq. Human security issues include the exposure to any type of hazard. The region of study is first characterised in order to understand which hazards are and were present in the past for the region of study. The principal hazard for the region of study is armed conflict and the relative field data was analysed to determine the links between geographical indicators and vulnerable areas. This is done through historical research and the study of open-sourced information about disease outbreaks; the movements of refugees and the internally displaced; and humanitarian aid and security issues. These open sources offer information which are not always consistent, objective, or normalized and are therefore difficult to quantify. A method for the rapid mapping and graphing and subsequent analysis of the situation in a region where limited information is available is developed. This information is coupled with population numbers to create a "risk map": A disaggregated matrix of areas most at risk during conflict situations. The results show that describing the risk factor for a population to the hazard conflict depends on three complex indicators: Population density, remoteness and economic diversity. Each of these complex indicators is then derived from Landsat and SRTM imagery and a satellite-driven model is formulated. This model based on satellite imagery is applied to the study site for a temporal study. The output are three 90 m x 90 m resolution grids which describe, at a pixel level, the risk level within the region for each of the dates studies, and the changes which occur in northern Iraq as the result of the Anfal Campaigns. Results show that satellite imagery, with a minimum of processing, can yield indicators for characterising risk in a region. Although by no means a replacement for field data, this technological source, in the absence of local knowledge, can provide users with a starting point in understanding which areas are most at risk within a region. If this data is coupled with open sourced information such as political and cultural discrimination, economy and agricultural practices, a fairly accurate risk map can be generated in the absence of field data. Keywords. SRTM, Landsat, risk indicators, Iraq, conflict, population vulnerability, segmentation, land-use, fuzzy-classification, atmospheric corrections.

Security Issues in mGovernment

NASA Astrophysics Data System (ADS)

Kumar, Manish; Hanumanthappa, M.; Reddy, Bhavanam Lakshma

E-government is one of the most rapidly evolving service domains in the contemporary information society. Many governments have already developed and provided e-government services to businesses and citizens. Nowadays actors in the government domain attempt to take the next step and exploit the latest wireless technologies in order to provide ubiquitous services for mobile users. However, this approach involves some hidden risks mainly due to the inherent insecurity of the air medium and the vulnerabilities of the wireless systems. Thus, in this paper we investigate the security gaps and considerations which should be taken into account for an m-government system. Finally, we provide a list of security guidelines and policies, which the users of the system should be aware of and follow in order to avoid security attacks.

Optimized ECC Implementation for Secure Communication between Heterogeneous IoT Devices

PubMed Central

Marin, Leandro; Piotr Pawlowski, Marcin; Jara, Antonio

2015-01-01

The Internet of Things is integrating information systems, places, users and billions of constrained devices into one global network. This network requires secure and private means of communications. The building blocks of the Internet of Things are devices manufactured by various producers and are designed to fulfil different needs. There would be no common hardware platform that could be applied in every scenario. In such a heterogeneous environment, there is a strong need for the optimization of interoperable security. We present optimized elliptic curve Cryptography algorithms that address the security issues in the heterogeneous IoT networks. We have combined cryptographic algorithms for the NXP/Jennic 5148- and MSP430-based IoT devices and used them to created novel key negotiation protocol. PMID:26343677

Web-Based Geospatial Tools to Address Hazard Mitigation, Natural Resource Management, and Other Societal Issues

USGS Publications Warehouse

Hearn,, Paul P.

2009-01-01

Federal, State, and local government agencies in the United States face a broad range of issues on a daily basis. Among these are natural hazard mitigation, homeland security, emergency response, economic and community development, water supply, and health and safety services. The U.S. Geological Survey (USGS) helps decision makers address these issues by providing natural hazard assessments, information on energy, mineral, water and biological resources, maps, and other geospatial information. Increasingly, decision makers at all levels are challenged not by the lack of information, but by the absence of effective tools to synthesize the large volume of data available, and to utilize the data to frame policy options in a straightforward and understandable manner. While geographic information system (GIS) technology has been widely applied to this end, systems with the necessary analytical power have been usable only by trained operators. The USGS is addressing the need for more accessible, manageable data tools by developing a suite of Web-based geospatial applications that will incorporate USGS and cooperating partner data into the decision making process for a variety of critical issues. Examples of Web-based geospatial tools being used to address societal issues follow.

Defense Acquisition Structures and Capabilities Review. Addendum. National Defense Authorization Act Fiscal Year 2006 Section 814 Report

DTIC Science & Technology

2007-06-01

National Security Agency ( NSA ), one significant short- fall in coordinating requirements occurs with respect to NSA and the Information Assurance...funding issues and potential performance and schedule problems. A formal review process for all NSA requirements should therefore be implemented to...issues between Service networks to permit true “joint access. j. Establish a formal review process for all NSA , or any other non-DoD requirements. 3

The 2015 National Security Strategy: Authorities, Changes, Issues for Congress

DTIC Science & Technology

2016-04-05

Strategy: Authorities, Changes, Issues for Congress Congressional Research Service 3  reverse the spread of nuclear and biological weapons and...secure nuclear materials;  advance peace, security, and opportunity in the greater Middle East;  invest in the capacity of strong and capable...and norms on issues ranging from maritime security to trade and human rights.” 6 On Russia, the document says, “... we will continue to impose

Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Obaidat, Mohammad S

2015-11-01

In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

Slovenian national health insurance card: the next step.

PubMed

Kalin, T; Kandus, G; Trcek, D; Zupan, B

1999-01-01

The Slovenian national health insurance company started a full-scale deployment of the insurance smart card that is at the present used for insurance data and identification purpose only. There is ample capacity on the cards that were selected, to contain much more data than needed for the purely administrative and charging purposes. There are plans to include some basic medical information, donor information, etc. On the other hand, there are no firm plans to use the security infrastructure and the extensive network, connecting the insurance company with the more than 200 self service terminals positioned at the medical facilities through the country to build an integrated medical information system that would be very beneficial to the patients and the medical community. This paper is proposing some possible future developments and further discusses on the security issues involved with such countrywide medical information system.

Ethics in the Information Age: After Rules and Locks, What Do We Do?

ERIC Educational Resources Information Center

Webster, Sally

1989-01-01

The 1989 computer "worm" resulted in some needed attention to computer security. Academic computing has the goal of integrating computing into the fabric of teaching, learning, and research, and must be relatively open. Ways to raise awareness of ethical and social issues are described. (MLW)

DefenseLink.mil - Special Report - Travels With Mullen

Science.gov Websites

Pakistan’s military and civilian leaders here today to discuss issues concerning Pakistan’s lack of today to discuss the situation and threats coalition and Afghan forces are facing. Story "People Information Privacy & Security External Link Disclaimer Web Policy Contact Us

76 FR 323 - Information Systems Technical Advisory Committee; Notice of Partially Closed Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-04

...), Building 33, Cloud Room, 53560 Hull Street, San Diego, California 92152. The Committee advises the Office... and Relation to Category 3 5. Godson Microprocessor Project 6. Autonomous Vehicle Project 7. Cloud Computing, Technology and Security Issues Thursday, January 27 Closed Session 8. Discussion of matters...

10 CFR 824.13 - Initial decision.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Initial decision. 824.13 Section 824.13 Energy DEPARTMENT OF ENERGY PROCEDURAL RULES FOR THE ASSESSMENT OF CIVIL PENALTIES FOR CLASSIFIED INFORMATION SECURITY VIOLATIONS § 824.13 Initial decision. (a) The Hearing Officer shall issue an initial decision as soon as...

78 FR 29134 - HIT Standards Committee; Schedule for the Assessment of HIT Policy Committee Recommendations

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-17

... quality, clinical operations, implementation, consumer technology, nationwide health information networks and privacy and security. Other groups will be convened to address specific issues as needed. HIT...) Direct the appropriate workgroup or other special group to develop a report for the HIT Standards...

78 FR 25322 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-30

... securities to be issued in connection with an employee benefit plan. We estimate that Form S-8 takes... forms of information technology. Consideration will be given to comments and suggestions submitted in... Exchange Commission, c/o Remi Pavlik-Simon, 6432 General Green Way, Alexandria, Virginia 22312; or send an...

32 CFR 552.91 - Individual permit procedures.

Code of Federal Regulations, 2014 CFR

2014-07-01

.... (2) Personal information including Social Security Number. (3) Vehicle identification and license number, if a vehicle is to be brought on post. (4) Names and ages of minor family members who will... section. (c) A permit and a vehicle pass will be issued to each person authorized area access. The permit...

32 CFR 552.91 - Individual permit procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

.... (2) Personal information including Social Security Number. (3) Vehicle identification and license number, if a vehicle is to be brought on post. (4) Names and ages of minor family members who will... section. (c) A permit and a vehicle pass will be issued to each person authorized area access. The permit...

32 CFR 552.91 - Individual permit procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

.... (2) Personal information including Social Security Number. (3) Vehicle identification and license number, if a vehicle is to be brought on post. (4) Names and ages of minor family members who will... section. (c) A permit and a vehicle pass will be issued to each person authorized area access. The permit...

32 CFR 552.91 - Individual permit procedures.

Code of Federal Regulations, 2011 CFR

2011-07-01

.... (2) Personal information including Social Security Number. (3) Vehicle identification and license number, if a vehicle is to be brought on post. (4) Names and ages of minor family members who will... section. (c) A permit and a vehicle pass will be issued to each person authorized area access. The permit...

32 CFR 552.91 - Individual permit procedures.

Code of Federal Regulations, 2010 CFR

2010-07-01

.... (2) Personal information including Social Security Number. (3) Vehicle identification and license number, if a vehicle is to be brought on post. (4) Names and ages of minor family members who will... section. (c) A permit and a vehicle pass will be issued to each person authorized area access. The permit...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

45 CFR 1385.9 - Grants administration requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Education Programs and Activities Receiving or Benefiting from Federal Financial Assistance. 45 CFR Part 91... social security number will be obtained. Only eligibility information will be obtained regarding type and level of disability of individuals being served by the P&A and the nature of the issue concerning which...

A broadcast-based key agreement scheme using set reconciliation for wireless body area networks.

PubMed

Ali, Aftab; Khan, Farrukh Aslam

2014-05-01

Information and communication technologies have thrived over the last few years. Healthcare systems have also benefited from this progression. A wireless body area network (WBAN) consists of small, low-power sensors used to monitor human physiological values remotely, which enables physicians to remotely monitor the health of patients. Communication security in WBANs is essential because it involves human physiological data. Key agreement and authentication are the primary issues in the security of WBANs. To agree upon a common key, the nodes exchange information with each other using wireless communication. This information exchange process must be secure enough or the information exchange should be minimized to a certain level so that if information leak occurs, it does not affect the overall system. Most of the existing solutions for this problem exchange too much information for the sake of key agreement; getting this information is sufficient for an attacker to reproduce the key. Set reconciliation is a technique used to reconcile two similar sets held by two different hosts with minimal communication complexity. This paper presents a broadcast-based key agreement scheme using set reconciliation for secure communication in WBANs. The proposed scheme allows the neighboring nodes to agree upon a common key with the personal server (PS), generated from the electrocardiogram (EKG) feature set of the host body. Minimal information is exchanged in a broadcast manner, and even if every node is missing a different subset, by reconciling these feature sets, the whole network will still agree upon a single common key. Because of the limited information exchange, if an attacker gets the information in any way, he/she will not be able to reproduce the key. The proposed scheme mitigates replay, selective forwarding, and denial of service attacks using a challenge-response authentication mechanism. The simulation results show that the proposed scheme has a great deal of adoptability in terms of security, communication overhead, and running time complexity, as compared to the existing EKG-based key agreement scheme.

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

17 CFR 240.19c-4 - Governing certain listing or authorization determinations by national securities exchanges and...

Code of Federal Regulations, 2014 CFR

2014-04-01

... the issuer of such security issues any class of security, or takes other corporate action, with the... issues any class of security, or takes other corporate action, with the effect of nullifying, restricting... by section 19(b) of the Act, specifying what types of securities issuances and other corporate...

17 CFR 240.19c-4 - Governing certain listing or authorization determinations by national securities exchanges and...

Code of Federal Regulations, 2011 CFR

2011-04-01

... the issuer of such security issues any class of security, or takes other corporate action, with the... issues any class of security, or takes other corporate action, with the effect of nullifying, restricting... by section 19(b) of the Act, specifying what types of securities issuances and other corporate...

17 CFR 240.19c-4 - Governing certain listing or authorization determinations by national securities exchanges and...

Code of Federal Regulations, 2013 CFR

2013-04-01

... the issuer of such security issues any class of security, or takes other corporate action, with the... issues any class of security, or takes other corporate action, with the effect of nullifying, restricting... by section 19(b) of the Act, specifying what types of securities issuances and other corporate...

17 CFR 240.19c-4 - Governing certain listing or authorization determinations by national securities exchanges and...

Code of Federal Regulations, 2012 CFR

2012-04-01

... the issuer of such security issues any class of security, or takes other corporate action, with the... issues any class of security, or takes other corporate action, with the effect of nullifying, restricting... by section 19(b) of the Act, specifying what types of securities issuances and other corporate...

17 CFR 240.19c-4 - Governing certain listing or authorization determinations by national securities exchanges and...

Code of Federal Regulations, 2010 CFR

2010-04-01

... the issuer of such security issues any class of security, or takes other corporate action, with the... issues any class of security, or takes other corporate action, with the effect of nullifying, restricting... by section 19(b) of the Act, specifying what types of securities issuances and other corporate...

17 CFR 239.34 - Form F-4, for registration of securities of foreign private issuers issued in certain business...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Form F-4, for registration of securities of foreign private issuers issued in certain business combination transactions. 239.34 Section 239.34 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION FORMS PRESCRIBED UNDER THE...

Managing information and knowledge within maternity services: Privacy and consent issues.

PubMed

Baskaran, Vikraman; Davis, Kim; Bali, Rajeev K; Naguib, Raouf N G; Wickramasinghe, Nilmini

2013-09-01

Electronic Patient Records have improved vastly the quality and efficiency of care delivered. However, the formation of single demographic database and the ease of electronic information sharing give rise to many concerns including issues of consent, by whom and how data are accessed and used. This paper examines the organizational and socio-technical issues related to privacy, confidentiality and security when employing electronic records within a maternity service hospital in England. A preliminary questionnaire was administered (n  =  52), in total, 24 responses were received. Sixteen responses were from personnel in the information technology department, 5 from health information department and 3 from midwifery managers. This was followed by a semi-structured interview with representatives from the clinical and technological side. A number of issues related to information governance (IG) have been identified, especially breaches on sharing personal information without consent from the patients have been identified as one immediate challenge that needs to be fixed. There is an immediate need for more robust, realistic, built-in accountability both locally and nationally on data sharing. A culture of ownership and strict adherence to IG principles is paramount. Focused training in the area of data, information and knowledge sharing will bring in a balance of legitimate usage against the individual's rights to confidentiality and privacy.

77 FR 63380 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Granting Approval of Proposed Rule Change...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-16

... purchase fixed income securities issued by U.S. or foreign corporations \\6\\ or financial institutions... also may purchase securities issued or guaranteed by the U.S. Government or foreign governments... (``CMOs'').\\8\\ The Fund may purchase or sell securities on a when issued, delayed delivery or forward...

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

School Violence: Physical Security.

ERIC Educational Resources Information Center

Utah State Office of Education, Salt Lake City.

This booklet provides an overview of security technology product areas that might be appropriate and affordable for school applications. Topics cover security concepts and operational issues; security issues when designing for new schools; the role of maintenance; video camera use; walk-through metal detectors; duress alarm devices; and a partial…

Theft of information in the take-grant protection model

NASA Technical Reports Server (NTRS)

Bishop, Matt

1989-01-01

Questions of information flow are in many ways more important than questions of access control, because the goal of many security policies is to thwart the unauthorized release of information, not merely the illicit obtaining of access rights to that information. The Take-Grant Protection Model is a theoretical tool for examining such issues because conditions necessary and sufficient for information to flow between two objects, and for rights to objects to be obtained or stolen, are known. These results are extended by examining the question of information flow from an object the owner of which is unwilling to release that information. Necessary and sufficient conditions for such theft of information to occur are derived, and bounds on the number of subjects that must take action for the theft to occur are presented. To emphasize the usefulness of these results, the security policies of complete isolation, transfer of rights with the cooperation of an owner, and transfer of information (but not rights) with the cooperation of the owner are presented; the last is used to model a simple reference monitor guarding a resource.

Security of electronic mental health communication and record-keeping in the digital age.

PubMed

Elhai, Jon D; Frueh, B Christopher

2016-02-01

The mental health field has seen a trend in recent years of the increased use of information technology, including mobile phones, tablets, and laptop computers, to facilitate clinical treatment delivery to individual patients and for record keeping. However, little attention has been paid to ensuring that electronic communication with patients is private and secure. This is despite potentially deleterious consequences of a data breach, which are reported in the news media very frequently in modern times. In this article, we present typical security concerns associated with using technology in clinical services or research. We also discuss enhancing the privacy and security of electronic communication with clinical patients and research participants. We offer practical, easy-to-use software application solutions for clinicians and researchers to secure patient communication and records. We discuss such issues as using encrypted wireless networks, secure e-mail, encrypted messaging and videoconferencing, privacy on social networks, and others. © Copyright 2015 Physicians Postgraduate Press, Inc.

Survey of cyber security issues in smart grids

NASA Astrophysics Data System (ADS)

Chen, Thomas M.

2010-04-01

The future smart grid will enable cost savings and lower energy use by means of smart appliances and smart meters which support dynamic load management and real-time monitoring of energy use and distribution. The introduction of two-way communications and control into power grid introduces security and privacy concerns. This talk will survey the security and privacy issues in smart grids using the NIST reference model, and relate these issues to cyber security in the Internet.

Transportation Security: Issues for the 111th Congress

DTIC Science & Technology

2009-05-15

results of covert testing of airport security checkpoints demonstrating deficiencies in detecting improvised explosives and incendiary devices...34 A key issue in the debate over aviation security immediately following September 11, 2001, was whether airport security screeners should be...intentional wrongdoing on the part of airport security screeners, whether they be federal or private. Nonetheless, while the pilot program airports

Global Security Contingency Fund: Summary and Issue Overview

DTIC Science & Technology

2014-04-04

Diplomacy and Development Review (QDDR), Washington, D.C., December 2010, p. 203; Gordon Adams and Rebecca Williams, A New Way Forward: Rebalancing ...Williams, A New Way Forward: Rebalancing Security Assistance Programs and (continued...) Global Security Contingency Fund: Summary and Issue Overview...a large security assistance portfolio . But others may point to the State Department’s creation of new programs under the Security Assistance

31 CFR 356.4 - What are the book-entry systems in which auctioned Treasury securities may be issued or maintained?

Code of Federal Regulations, 2012 CFR

2012-07-01

... government and international agencies and foreign central banks. In their accounts, depository institutions... BUREAU OF THE PUBLIC DEBT SALE AND ISSUE OF MARKETABLE BOOK-ENTRY TREASURY BILLS, NOTES, AND BONDS... Direct®—into which we issue marketable Treasury securities. We maintain and transfer securities in these...

Potential impact of HITECH security regulations on medical imaging.

PubMed

Prior, Fred; Ingeholm, Mary Lou; Levine, Betty A; Tarbox, Lawrence

2009-01-01

Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act (ARRA) of 2009 [1] include a provision commonly referred to as the "Health Information Technology for Economic and Clinical Health Act" or "HITECH Act" that is intended to promote the electronic exchange of health information to improve the quality of health care. Subtitle D of the HITECH Act includes key amendments to strengthen the privacy and security regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The HITECH act also states that "the National Coordinator" must consult with the National Institute of Standards and Technology (NIST) in determining what standards are to be applied and enforced for compliance with HIPAA. This has led to speculation that NIST will recommend that the government impose the Federal Information Security Management Act (FISMA) [2], which was created by NIST for application within the federal government, as requirements to the public Electronic Health Records (EHR) community in the USA. In this paper we will describe potential impacts of FISMA on medical image sharing strategies such as teleradiology and outline how a strict application of FISMA or FISMA-based regulations could have significant negative impacts on information sharing between care providers.

Simultaneous multiplexing and encoding of multiple images based on a double random phase encryption system

NASA Astrophysics Data System (ADS)

Alfalou, Ayman; Mansour, Ali

2009-09-01

Nowadays, protecting information is a major issue in any transmission system, as showed by an increasing number of research papers related to this topic. Optical encoding methods, such as a Double Random Phase encryption system i.e. DRP, are widely used and cited in the literature. DRP systems have very simple principle and they are easily applicable to most images (B&W, gray levels or color). Moreover, some applications require an enhanced encoding level based on multiencryption scheme and including biometric keys (as digital fingerprints). The enhancement should be done without increasing transmitted or stored information. In order to achieve that goal, a new approach for simultaneous multiplexing & encoding of several target images is developed in this manuscript. By introducing two additional security levels, our approach enhances the security level of a classic "DRP" system. Our first security level consists in using several independent image-keys (randomly and structurally) along with a new multiplexing algorithm. At this level, several target images (multiencryption) are used. This part can reduce needed information (encoding information). At the second level a standard DRP system is included. Finally, our approach can detect if any vandalism attempt has been done on transmitted encrypted images.

Common Criteria related security design patterns--validation on the intelligent sensor example designed for mine environment.

PubMed

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method.

Lessons Encountered: Learning from the Long War

DTIC Science & Technology

2015-09-01

subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number 1. REPORT DATE...system was of little help here primarily because the Intelligence Community did not see this as its mission. The need for information aggregation...Security Advisor Stephen J. Hadley notes, there needs to be a na- tional discussion on these critical issues.24 n Strategic communications was a weak point

Access control and confidentiality in radiology

NASA Astrophysics Data System (ADS)

Noumeir, Rita; Chafik, Adil

2005-04-01

A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

Web Services Security - Implementation and Evaluation Issues

NASA Astrophysics Data System (ADS)

Pimenidis, Elias; Georgiadis, Christos K.; Bako, Peter; Zorkadis, Vassilis

Web services development is a key theme in the utilization the commercial exploitation of the semantic web. Paramount to the development and offering of such services is the issue of security features and they way these are applied in instituting trust amongst participants and recipients of the service. Implementing such security features is a major challenge to developers as they need to balance these with performance and interoperability requirements. Being able to evaluate the level of security offered is a desirable feature for any prospective participant. The authors attempt to address the issues of security requirements and evaluation criteria, while they discuss the challenges of security implementation through a simple web service application case.

An Efficiency Balanced Information Criterion for Item Selection in Computerized Adaptive Testing

ERIC Educational Resources Information Center

Han, Kyung T.

2012-01-01

Successful administration of computerized adaptive testing (CAT) programs in educational settings requires that test security and item exposure control issues be taken seriously. Developing an item selection algorithm that strikes the right balance between test precision and level of item pool utilization is the key to successful implementation…

77 FR 23250 - HIT Standards Committee; Schedule for the Assessment of HIT Policy Committee Recommendations

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-18

... quality, clinical operations, implementation, and privacy and security. Other groups are convened to address specific issues as needed, such as the Nationwide Health Information Network Power Team, the... appropriate workgroup or other special group to develop a report for the HIT Standards Committee, to the...

Higher Education IT Compliance through the Prism of Risk Controls

ERIC Educational Resources Information Center

Feehan, Patrick J.

2013-01-01

In 2013, compliance issues march, unceasingly, through every aspect of higher education. Yet the intricacies of privacy, information security, data governance, and IT policy as compliance and risk areas within the IT organization can reverberate and impact every other department within the higher education institution. The primary focus is always…

Seeking a Balance: Online Safety for Our Children

ERIC Educational Resources Information Center

Endicott-Popovsky, Barbara

2009-01-01

Without specific education in online safety and security issues, putting any limitations on access could seem counter to what a librarian is trained to do. At a cybersecurity workshop sponsored by Washington Library Media Association (WLMA) last October, an informal show of hands from attending teacher-librarians uncovered a range of motivations…

78 FR 39048 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of a...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... filed with the Commission an interpretation on customer protection obligations relating to the marketing... MSRB has worked with CSPN and individual states on, among other issues, disclosure principles and best practices, in order to better inform and protect investors.\\9\\ The disclosure principles cover a variety of...

26 CFR 601.702 - Publication, public inspection, and specific requests for records.

Code of Federal Regulations, 2013 CFR

2013-04-01

...), tape, or other electronic medium using equipment currently in use by the office or offices processing...., social security number or employer identification number), subject matter, location, and years at issue... disseminating information, if not a full-time representative of the news media, as defined in paragraph (f)(3...

26 CFR 601.702 - Publication, public inspection, and specific requests for records.

Code of Federal Regulations, 2014 CFR

2014-04-01

...), tape, or other electronic medium using equipment currently in use by the office or offices processing...., social security number or employer identification number), subject matter, location, and years at issue... disseminating information, if not a full-time representative of the news media, as defined in paragraph (f)(3...

26 CFR 601.702 - Publication, public inspection, and specific requests for records.

Code of Federal Regulations, 2012 CFR

2012-04-01

...), tape, or other electronic medium using equipment currently in use by the office or offices processing...., social security number or employer identification number), subject matter, location, and years at issue... disseminating information, if not a full-time representative of the news media, as defined in paragraph (f)(3...

17 CFR 21.03 - Selected special calls-duties of foreign brokers, domestic and foreign traders, futures...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Selected special calls-duties... FUTURES TRADING COMMISSION SPECIAL CALLS § 21.03 Selected special calls-duties of foreign brokers... market, the Commission may issue a call for information from a futures commission merchant, clearing...

77 FR 31408 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-25

... finance product unless information about the transaction and the assets underlying the rated security are... structured finance ratings issued by all NRSROs in a given year would be 14,880 and that it would take 1 hour... that is used by an NRSRO to undertake credit rating surveillance on the structured finance product. The...

76 FR 22625 - Reporting of Security Issues

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-22

...) Accessing the Government Printing Office's Web page at http://www.gpoaccess.gov/fr/index.html ; or (3... violations, threat information or criminal activities, vulnerabilities and intelligence was put in place...://data.bls.gov/cgi-bin/print.pl/oes/2009/may/naics2_48-49.htm and http://www.bls.gov/cpi/cpid1012.pdf...

Identification and Access Management: An Action Research Approach to Develop a Training Strategy for Higher Education

ERIC Educational Resources Information Center

San Nicolas-Rocca, Tonia

2010-01-01

Identification and access management has been among the top security issues facing institutions of higher education. Most institutions of higher education require end users to provide usernames and passwords to gain access to personally identifiable information (PII). This leaves universities vulnerable to unauthorized access and unauthorized…

17 CFR 239.23 - Form N-14, for the registration of securities issued in business combination transactions by...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration of securities issued in business combination transactions by investment companies and business development companies. 239.23 Section 239.23 Commodity and Securities Exchanges SECURITIES AND EXCHANGE... companies and business development companies. This form shall be used by a registered investment company or...

76 FR 34920 - Exemptions for Security-Based Swaps Issued by Certain Clearing Agencies

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-15

... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 230, 240 and 260 [Release Nos. 33-9222; 34-64639; 39-2474; File No. S7-22-11] RIN 3235-AL16 Exemptions for Security-Based Swaps Issued by Certain Clearing Agencies AGENCY: Securities and Exchange Commission. ACTION: Proposed rules. SUMMARY: We are...

78 FR 42989 - Self-Regulatory Organizations; National Securities Clearing Corporation; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-18

... Important Notice of the availability of the comparison service for when-issued corporate securities.\\5\\ \\5... scheduled to be implemented for corporate when-issued securities and NSCC would submit a rule filing to the... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-69980; File No. SR-NSCC-2013-09] Self...

A rhythm-based authentication scheme for smart media devices.

PubMed

Lee, Jae Dong; Jeong, Young-Sik; Park, Jong Hyuk

2014-01-01

In recent years, ubiquitous computing has been rapidly emerged in our lives and extensive studies have been conducted in a variety of areas related to smart devices, such as tablets, smartphones, smart TVs, smart refrigerators, and smart media devices, as a measure for realizing the ubiquitous computing. In particular, smartphones have significantly evolved from the traditional feature phones. Increasingly higher-end smartphone models that can perform a range of functions are now available. Smart devices have become widely popular since they provide high efficiency and great convenience for not only private daily activities but also business endeavors. Rapid advancements have been achieved in smart device technologies to improve the end users' convenience. Consequently, many people increasingly rely on smart devices to store their valuable and important data. With this increasing dependence, an important aspect that must be addressed is security issues. Leaking of private information or sensitive business data due to loss or theft of smart devices could result in exorbitant damage. To mitigate these security threats, basic embedded locking features are provided in smart devices. However, these locking features are vulnerable. In this paper, an original security-locking scheme using a rhythm-based locking system (RLS) is proposed to overcome the existing security problems of smart devices. RLS is a user-authenticated system that addresses vulnerability issues in the existing locking features and provides secure confidentiality in addition to convenience.

A Rhythm-Based Authentication Scheme for Smart Media Devices

PubMed Central

Lee, Jae Dong; Park, Jong Hyuk

2014-01-01

In recent years, ubiquitous computing has been rapidly emerged in our lives and extensive studies have been conducted in a variety of areas related to smart devices, such as tablets, smartphones, smart TVs, smart refrigerators, and smart media devices, as a measure for realizing the ubiquitous computing. In particular, smartphones have significantly evolved from the traditional feature phones. Increasingly higher-end smartphone models that can perform a range of functions are now available. Smart devices have become widely popular since they provide high efficiency and great convenience for not only private daily activities but also business endeavors. Rapid advancements have been achieved in smart device technologies to improve the end users' convenience. Consequently, many people increasingly rely on smart devices to store their valuable and important data. With this increasing dependence, an important aspect that must be addressed is security issues. Leaking of private information or sensitive business data due to loss or theft of smart devices could result in exorbitant damage. To mitigate these security threats, basic embedded locking features are provided in smart devices. However, these locking features are vulnerable. In this paper, an original security-locking scheme using a rhythm-based locking system (RLS) is proposed to overcome the existing security problems of smart devices. RLS is a user-authenticated system that addresses vulnerability issues in the existing locking features and provides secure confidentiality in addition to convenience. PMID:25110743

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Criminal undercover agents or "bad people" doing "good things".

PubMed

Amir, Menachem

2003-08-01

Information and intelligence have always been, and will remain, the most essential components of policing and indeed all law enforcement and security work, including the variety of drug control efforts. Sources of information are varied, ranging from everyday interactions of officers of the law with the public, anonymous reports, the use of paid and unpaid informants from the criminal underworld to law enforcement's and security services' use of agents. This presentation, based on interviews with "handlers" of informants who are offenders, who supply information and evidence against other criminals, and who may have been former comrades of the criminals, explores the dilemmas that informers and their handlers face at each stage of the operation from recruitment to operation in the field, until they "finger" their targets and become state witnesses. During each stage of the operation, agents' motivations, fears, sense of betrayal (being betrayed and betraying others), being snitches, the need to protect their identities, as well as their dependency upon their handlers, are the primary issues to be considered and resolved. Handlers may have to tolerate agents' commission of crimes during operations and often may also have to "treat" the informant's spouse. Borrowed identity, which is the main meaning and dynamic of the informants' actions and of any undercover work, will also be analyzed. This presentation, designed to allow for a presentation of relevant parameters so as to permit the comparative study and classification of undercover work by criminals, will also note critical unresolved issues in this area as well as suggest future needed research.

Quality in sickness certificates in a Swedish social security system perspective.

PubMed

Sturesson, Marine; Bylund, Sonya Hörnqvist; Edlund, Curt; Falkdal, Annie Hansen; Bernspång, Birgitta

2015-12-01

In Sweden, the information in the sickness certificate is crucially important for the sick-listed person as well as for the Swedish Social Insurance Agency and the sick-listed person's employer. The certificate is used as the basis for deciding whether a person is entitled to sickness benefits. Further, it communicates information significant for the return-to-work process. The aim of the study was to evaluate the quality of sickness certificates issued in primary health care and examine if the patients' or physicians' gender influences the information in the sickness certificate. An insurance specialist at the Swedish Social Insurance Agency assessed the quality of the stated information in a sample of 323 certificates issued by 146 different general practitioners at 29 different primary health care centres in northern Sweden. Thirty-four percent of the certificates did not contain sufficient information requested. The areas of the certificates in need of supplementary information were mainly the descriptions of impairment of body function and activity limitation. More certificates issued for women than certificates issued for men lacked the required information. Full-time sick leave was more often prescribed for male patients than for female. Significant differences between certificates issued for women and certificates issued for men appeared in the group of musculoskeletal diseases. No differences in quality aspects connected to physicians' gender were found. Our study indicates a need for increased knowledge about the descriptions of functioning for sick-listed persons; more cooperation between health professionals in primary health care and a better gender awareness in health care encounters. © 2015 the Nordic Societies of Public Health.

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

A Snapshot of the Electronic Transmission and Processing of Prescriptions project in the Iranian Social Security Organization

PubMed Central

Moghaddam, Ramin; Badredine, Hala

2006-01-01

Iranian Social Security Organization(ISSO) is going to enable the sharing of health related information in a secure environment by means of reliable data in the right time to improve health of insured people throughout the country. There are around 7000 pharmacy throughout the country that ISSO contracted with them in order to deliver seamless services to 30 million insured people. The management of the huge amount of prescriptions based on a scientific basis with considering the financial issues of rising the cost of medicaments certainley needs a sophisticated business process reeingineering using ICT ; the work that is going to be completed in the ISSO in next few months. PMID:17238655

Genomics and privacy: implications of the new reality of closed data for the field.

PubMed

Greenbaum, Dov; Sboner, Andrea; Mu, Xinmeng Jasmine; Gerstein, Mark

2011-12-01

Open source and open data have been driving forces in bioinformatics in the past. However, privacy concerns may soon change the landscape, limiting future access to important data sets, including personal genomics data. Here we survey this situation in some detail, describing, in particular, how the large scale of the data from personal genomic sequencing makes it especially hard to share data, exacerbating the privacy problem. We also go over various aspects of genomic privacy: first, there is basic identifiability of subjects having their genome sequenced. However, even for individuals who have consented to be identified, there is the prospect of very detailed future characterization of their genotype, which, unanticipated at the time of their consent, may be more personal and invasive than the release of their medical records. We go over various computational strategies for dealing with the issue of genomic privacy. One can "slice" and reformat datasets to allow them to be partially shared while securing the most private variants. This is particularly applicable to functional genomics information, which can be largely processed without variant information. For handling the most private data there are a number of legal and technological approaches-for example, modifying the informed consent procedure to acknowledge that privacy cannot be guaranteed, and/or employing a secure cloud computing environment. Cloud computing in particular may allow access to the data in a more controlled fashion than the current practice of downloading and computing on large datasets. Furthermore, it may be particularly advantageous for small labs, given that the burden of many privacy issues falls disproportionately on them in comparison to large corporations and genome centers. Finally, we discuss how education of future genetics researchers will be important, with curriculums emphasizing privacy and data security. However, teaching personal genomics with identifiable subjects in the university setting will, in turn, create additional privacy issues and social conundrums. © 2011 Greenbaum et al.

Challenge theme 7: Information support for management of border security and environmental protection: Chapter 9 in United States-Mexican Borderlands: Facing tomorrow's challenges through USGS science

USGS Publications Warehouse

Parcher, Jean W.; Page, William R.

2013-01-01

Historically, international borders were located far from the major political and economic capitals of their countries and rarely received adequate planning or infrastructure development. Today, as a result of global economics and increased movement of goods between nations, border regions play a much greater role in commerce, tourism, and transportation. For example, Mexico is the second largest destination for United States exports (Woodrow Wilson Center Mexico Institute, 2009). The rapid population and economic growth along the United States–Mexican border, undocumented human border crossings, and the unique natural diversity of resources in the Borderlands present challenges for border security and environmental protection. Assessing risks and implementing sustainable growth policies to protect the environment and quality of life greatly increase in complexity when the issues cross an international border, where social services, environmental regulations, lifestyles, and cultural beliefs are unique for each country. Shared airsheds, water and biological resources, national security issues, and disaster management needs require an integrated binational approach to assess risks and develop binational management strategies.

State of the Art of Network Security Perspectives in Cloud Computing

NASA Astrophysics Data System (ADS)

Oh, Tae Hwan; Lim, Shinyoung; Choi, Young B.; Park, Kwang-Roh; Lee, Heejo; Choi, Hyunsang

Cloud computing is now regarded as one of social phenomenon that satisfy customers' needs. It is possible that the customers' needs and the primary principle of economy - gain maximum benefits from minimum investment - reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user's environment based on the customer's needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments.

Better Safe than Sorry: Panic Buttons as a Security Measure in an Academic Medical Library

ERIC Educational Resources Information Center

McMullen, Karen D.; Kane, Laura Townsend

2008-01-01

In the wake of recent tragedies, campus security has become a hot issue nationwide. Campus libraries, as traditional meeting spots for varied groups of people, are particularly vulnerable to security issues. Safety and security problems that can occur at any library generally include theft, vandalism, arson, antisocial behavior, and assaults on…

17 CFR 239.25 - Form S-4, for the registration of securities issued in business combination transactions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Form S-4, for the registration of securities issued in business combination transactions. 239.25 Section 239.25 Commodity and... business combination transactions. This form may be used for registration under the Securities Act of 1933...

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Towards guidelines for post-disaster vulnerability reduction in informal settlements.

PubMed

Doberstein, Brent; Stager, Heather

2013-01-01

Although the development community has long recognised that securing land tenure and improving housing design can benefit significantly informal settlement residents, there is little research on these issues in communities exposed to natural disasters and hazards. Informal settlements often are located on land left vacant because of inherent risks, such as floodplains, and there is a long history worldwide of disasters affecting informal settlements. This research tackles the following questions: how can informal settlement vulnerabilities be reduced in a post-disaster setting?; and what are the key issues to address in post-disaster reconstruction? The main purpose of the paper is to develop a set of initial guidelines for post-disaster risk reduction in informal settlements, stressing connections to tenure and housing/community design in the reconstruction process. The paper examines disaster and reconstruction responses in two disaster-affected regions-Jimani, Dominican Republic, and Vargas State, Venezuela-where informal settlements have been hit particularly hard. © 2013 The Author(s). Journal compilation © Overseas Development Institute, 2013.

Health-based Provisional Advisory Levels (PALs) for homeland security.

PubMed

Adeshina, Femi; Sonich-Mullin, Cynthia; Ross, Robert H; Wood, Carol S

2009-12-01

The Homeland Security Presidential Directive #8 (HSPD-8) for National Emergency Preparedness was issued to " establish policies to strengthen the preparedness of the United States to prevent and respond to threatened or actual domestic terrorist attacks, major disasters, and other emergencies by requiring a national domestic all- hazards preparedness goal. "In response to HSPD-8 and HSPD-22 (classified) on Domestic Chemical Defense, the US Environmental Protection Agency (US EPA) National Homeland Security Research Center (NHSRC) is developing health-based Provisional Advisory Levels (PALs) for priority chemicals (including chemical warfare agents, pesticides, and toxic industrial chemicals) in air and drinking water. PALs are temporary values that will neither be promulgated, nor be formally issued as regulatory guidance. They are intended to be used at the discretion of risk managers in emergency situations. The PAL Program provides advisory exposure levels for chemical agents to assist in emergency planning and response decision-making, and to aid in making informed risk management decisions for evacuation, temporary re-entry into affected areas, and resumed-use of infrastructure, such as water resources. These risk management decisions may be made at the federal, state, and local levels. Three exposure levels (PAL 1, PAL 2, and PAL 3), distinguished by severity of toxic effects, are developed for 24-hour, 30-day, 90-day, and 2-year durations for potential exposure to drinking water and ambient air by the general public. Developed PALs are evaluated both by a US EPA working group, and an external multidisciplinary panel to ensure scientific credibility and wide acceptance. In this Special Issue publication, we present background information on the PAL program, the methodology used in deriving PALs, and the technical support documents for the derivation of PALs for acrylonitrile, hydrogen sulfide, and phosgene.

A decade of plant proteomics and mass spectrometry: translation of technical advancements to food security and safety issues.

PubMed

Agrawal, Ganesh Kumar; Sarkar, Abhijit; Righetti, Pier Giorgio; Pedreschi, Romina; Carpentier, Sebastien; Wang, Tai; Barkla, Bronwyn J; Kohli, Ajay; Ndimba, Bongani Kaiser; Bykova, Natalia V; Rampitsch, Christof; Zolla, Lello; Rafudeen, Mohamed Suhail; Cramer, Rainer; Bindschedler, Laurence Veronique; Tsakirpaloglou, Nikolaos; Ndimba, Roya Janeen; Farrant, Jill M; Renaut, Jenny; Job, Dominique; Kikuchi, Shoshi; Rakwal, Randeep

2013-01-01

Tremendous progress in plant proteomics driven by mass spectrometry (MS) techniques has been made since 2000 when few proteomics reports were published and plant proteomics was in its infancy. These achievements include the refinement of existing techniques and the search for new techniques to address food security, safety, and health issues. It is projected that in 2050, the world's population will reach 9-12 billion people demanding a food production increase of 34-70% (FAO, 2009) from today's food production. Provision of food in a sustainable and environmentally committed manner for such a demand without threatening natural resources, requires that agricultural production increases significantly and that postharvest handling and food manufacturing systems become more efficient requiring lower energy expenditure, a decrease in postharvest losses, less waste generation and food with longer shelf life. There is also a need to look for alternative protein sources to animal based (i.e., plant based) to be able to fulfill the increase in protein demands by 2050. Thus, plant biology has a critical role to play as a science capable of addressing such challenges. In this review, we discuss proteomics especially MS, as a platform, being utilized in plant biology research for the past 10 years having the potential to expedite the process of understanding plant biology for human benefits. The increasing application of proteomics technologies in food security, analysis, and safety is emphasized in this review. But, we are aware that no unique approach/technology is capable to address the global food issues. Proteomics-generated information/resources must be integrated and correlated with other omics-based approaches, information, and conventional programs to ensure sufficient food and resources for human development now and in the future. © 2013 Wiley Periodicals, Inc.

Landscape ecological security assessment based on projection pursuit in Pearl River Delta.

PubMed

Gao, Yang; Wu, Zhifeng; Lou, Quansheng; Huang, Huamei; Cheng, Jiong; Chen, Zhangli

2012-04-01

Regional landscape ecological security is an important issue for ecological security, and has a great influence on national security and social sustainable development. The Pearl River Delta (PRD) in southern China has experienced rapid economic development and intensive human activities in recent years. This study, based on landscape analysis, provides a method to discover the alteration of character among different landscape types and to understand the landscape ecological security status. Based on remotely sensed products of the Landsat 5 TM images in 1990 and the Landsat 7 ETM+ images in 2005, landscape classification maps of nine cities in the PRD were compiled by implementing Remote Sensing and Geographic Information System technology. Several indices, including aggregation, crush index, landscape shape index, Shannon's diversity index, landscape fragile index, and landscape security adjacent index, were applied to analyze spatial-temporal characteristics of landscape patterns in the PRD. A landscape ecological security index based on these outcomes was calculated by projection pursuit using genetic algorithm. The landscape ecological security of nine cities in the PRD was thus evaluated. The main results of this research are listed as follows: (1) from 1990 to 2005, the aggregation index, crush index, landscape shape index, and Shannon's diversity index of nine cities changed little in the PRD, while the landscape fragile index and landscape security adjacent index changed obviously. The landscape fragile index of nine cities showed a decreasing trend; however, the landscape security adjacent index has been increasing; (2) from 1990 to 2005, landscape ecology of the cities of Zhuhai and Huizhou maintained a good security situation. However, there was a relatively low value of ecological security in the cities of Dongguan and Foshan. Except for Foshan and Guangzhou, whose landscape ecological security situation were slightly improved, the cities had reduced values in landscape ecological security, with the most decreased number 0.52 in Zhaoqing. Results of this study offer important information for regional eco-construction and natural resource exploitation.

Report of the President of the United States on the Status of Federal Critical Infrastructure Protection Activities

DTIC Science & Technology

2001-01-01

efforts, senior executives within the government are kept abreast of developing information security issues and exchange information on techniques...corporate President and Chief Operating Officer, and a senior partner of a services firm . NACD has initiated of its own volition a survey and development of...emergency. FBI Field Offices are responsible for developing a list of the assets within their respective jurisdictions, while the center maintains a

A Secure Information Framework with APRQ Properties

NASA Astrophysics Data System (ADS)

Rupa, Ch.

2017-08-01

Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

PubMed Central

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-01

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack. PMID:26751443

Design and Development of Layered Security: Future Enhancements and Directions in Transmission.

PubMed

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-06

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

NASA Astrophysics Data System (ADS)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System.more » Selected papers were processed separately for inclusion in the Energy Science and Technology Database.« less

Security Deposits

DTIC Science & Technology

1987-04-01

security deposit action is described in the regulation as follows: h. Security Deposits (DACF and DACA ). (1) Issue. PCS moves create financial hardships...General Wickham, The Army Chief of Staff, specified a philosophy toward the family in the Army Family White Paper. General Wickham’s action was in...security deposits arose. 1 The Army’s action to the issue of security deposits will be thoroughly discussed in this paper. The Army’s action comes now

Secure Genomic Computation through Site-Wise Encryption

PubMed Central

Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

2015-01-01

Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients’ genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds. PMID:26306278

Common Criteria Related Security Design Patterns—Validation on the Intelligent Sensor Example Designed for Mine Environment

PubMed Central

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method. PMID:22399888

Quantum photonic network and physical layer security

NASA Astrophysics Data System (ADS)

Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

2017-06-01

Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel. This article is part of the themed issue 'Quantum technology for the 21st century'.

Quantum photonic network and physical layer security.

PubMed

Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

2017-08-06

Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel.This article is part of the themed issue 'Quantum technology for the 21st century'. © 2017 The Author(s).

Secure Genomic Computation through Site-Wise Encryption.

PubMed

Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

2015-01-01

Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients' genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds.

Information superhighway: Issues affecting development

NASA Astrophysics Data System (ADS)

1994-09-01

Technological advances in the transmission of voice, video, and data are fostering fundamental changes in the telecommunications industry. For example, large local telephone companies plan to offer video services in competition with cable and broadcast television, while cable television companies plan to offer local telephone service over their wires in competition with the local telephone companies. The administration believes that these technological changes provide the opportunity to develop an 'Information Superhighway' that could provide every element of society with ready access to data, voice, and video communications. Concurrently, the Congress is considering sweeping changes to telecommunications regulations to keep pace with this dynamic industry. GAO prepared this report to serve as an overview of three key issues that decisionmakers may face as they deliberate telecommunications legislation; it focuses on three pivotal issues they face in formulating new telecommunications legislation: (1) managing the transition to a more competitive local telecommunications marketplace; (2) ensuring that all consumers have access to affordable telecommunications as competition develops; and (3) ensuring that the Information Superhighway provides adequate security, privacy, reliability, and interoperability.

76 FR 59241 - Foreign Futures and Options Contracts on a Non-Narrow-Based Security Index; Commission...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-26

... controls on trading; information and data relating to the index, including the design, computation and... futures contract raises novel or complex issues that require additional time for review, or if the foreign... composition, computation, or method of selection of component entities of an index referenced and defined in...

Preventing and Profiling Malicious Insider Attacks

DTIC Science & Technology

2012-04-01

malicious insiders. This research program could also be extended to look at general human factors issues surrounding information security behaviours ... behaviours . This research also draws on corresponding studies into fraud and espionage in non IT scenarios. A range of preventative measures is...This includes motivating factors, personality traits and observable behaviours that may assist organisations in the detection and profiling of

An Expanded Study of Net Generation Perceptions on Privacy and Security on Social Networking Sites (SNS)

ERIC Educational Resources Information Center

Lawler, James P.; Molluzzo, John C.; Doshi, Vijal

2012-01-01

Social networking on the Internet continues to be a frequent avenue of communication, especially among Net Generation consumers, giving benefits both personal and professional. The benefits may be eventually hindered by issues in information gathering and sharing on social networking sites. This study evaluates the perceptions of students taking a…

Tomorrow's Choices: Preparing Now for Future Legal, Financial, and Health Care Decisions.

ERIC Educational Resources Information Center

American Association of Retired Persons, Washington, DC.

This booklet, addressed to healthy, independent adults who want to plan for secure later lives, presents information about planning for difficult times. The first section discusses issues related to where an individual will live as needs and physical abilities change. It describes services available to help individuals remain in their homes or to…